feat(ci): add GitOps pipeline with Gitea Actions and ArgoCD
- Add Gitea Actions workflow for building and pushing Docker images - Configure ArgoCD Application for auto-sync deployment - Update Helm values to use Gitea container registry - Add setup documentation for GitOps configuration Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Thomas Richter
104
argocd/SETUP.md
Normal file
104
argocd/SETUP.md
Normal file
@@ -0,0 +1,104 @@
|
||||
# ArgoCD GitOps Setup for TaskPlaner
|
||||
|
||||
This guide sets up automatic deployment of TaskPlaner using GitOps with ArgoCD and Gitea.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- Kubernetes cluster access
|
||||
- Gitea instance with Packages (Container Registry) enabled
|
||||
- Gitea Actions runner configured
|
||||
|
||||
## 1. Install ArgoCD
|
||||
|
||||
```bash
|
||||
kubectl create namespace argocd
|
||||
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
|
||||
```
|
||||
|
||||
Wait for ArgoCD to be ready:
|
||||
```bash
|
||||
kubectl wait --for=condition=available deployment/argocd-server -n argocd --timeout=300s
|
||||
```
|
||||
|
||||
## 2. Configure Gitea Registry Secrets
|
||||
|
||||
### For Gitea Actions (push access)
|
||||
|
||||
In Gitea repository settings, add these secrets:
|
||||
- `REGISTRY_USERNAME`: Your Gitea username
|
||||
- `REGISTRY_PASSWORD`: A Gitea access token with `write:package` scope
|
||||
|
||||
### For Kubernetes (pull access)
|
||||
|
||||
Create an image pull secret:
|
||||
```bash
|
||||
kubectl create secret docker-registry gitea-registry-secret \
|
||||
--docker-server=git.kube2.tricnet.de \
|
||||
--docker-username=YOUR_USERNAME \
|
||||
--docker-password=YOUR_ACCESS_TOKEN \
|
||||
-n default
|
||||
```
|
||||
|
||||
## 3. Configure ArgoCD Repository Access
|
||||
|
||||
Add the Gitea repository to ArgoCD:
|
||||
```bash
|
||||
# Get ArgoCD admin password
|
||||
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo
|
||||
|
||||
# Port forward to access ArgoCD UI
|
||||
kubectl port-forward svc/argocd-server -n argocd 8080:443
|
||||
|
||||
# Or use CLI
|
||||
argocd login localhost:8080 --insecure
|
||||
argocd repo add https://git.kube2.tricnet.de/tho/taskplaner.git \
|
||||
--username YOUR_USERNAME \
|
||||
--password YOUR_ACCESS_TOKEN
|
||||
```
|
||||
|
||||
## 4. Deploy the ArgoCD Application
|
||||
|
||||
```bash
|
||||
kubectl apply -f argocd/application.yaml
|
||||
```
|
||||
|
||||
Note: Edit `application.yaml` first to remove the example Secret or replace `REPLACE_WITH_BASE64_ENCODED_USERNAME_COLON_PASSWORD` with actual credentials.
|
||||
|
||||
## 5. Verify Deployment
|
||||
|
||||
```bash
|
||||
# Check ArgoCD application status
|
||||
kubectl get applications -n argocd
|
||||
|
||||
# Watch sync status
|
||||
argocd app get taskplaner
|
||||
|
||||
# Check pods
|
||||
kubectl get pods -l app.kubernetes.io/name=taskplaner
|
||||
```
|
||||
|
||||
## Workflow
|
||||
|
||||
1. Push code to `master` branch
|
||||
2. Gitea Actions builds Docker image and pushes to registry
|
||||
3. Workflow updates `helm/taskplaner/values.yaml` with new image tag
|
||||
4. ArgoCD detects change and auto-syncs deployment
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
### Image Pull Errors
|
||||
```bash
|
||||
kubectl describe pod -l app.kubernetes.io/name=taskplaner
|
||||
```
|
||||
Check if the image pull secret is correctly configured.
|
||||
|
||||
### ArgoCD Sync Issues
|
||||
```bash
|
||||
argocd app sync taskplaner --force
|
||||
argocd app logs taskplaner
|
||||
```
|
||||
|
||||
### Actions Runner Issues
|
||||
```bash
|
||||
kubectl logs -n gitea -l app=act-runner -c runner
|
||||
```
|
||||
61
argocd/application.yaml
Normal file
61
argocd/application.yaml
Normal file
@@ -0,0 +1,61 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: taskplaner
|
||||
namespace: argocd
|
||||
spec:
|
||||
project: default
|
||||
source:
|
||||
repoURL: https://git.kube2.tricnet.de/tho/taskplaner.git
|
||||
targetRevision: HEAD
|
||||
path: helm/taskplaner
|
||||
helm:
|
||||
valueFiles:
|
||||
- values.yaml
|
||||
parameters:
|
||||
- name: image.repository
|
||||
value: git.kube2.tricnet.de/tho/taskplaner
|
||||
- name: ingress.enabled
|
||||
value: "true"
|
||||
- name: ingress.className
|
||||
value: traefik
|
||||
- name: ingress.hosts[0].host
|
||||
value: task.kube2.tricnet.de
|
||||
- name: ingress.hosts[0].paths[0].path
|
||||
value: /
|
||||
- name: ingress.hosts[0].paths[0].pathType
|
||||
value: Prefix
|
||||
- name: ingress.tls[0].secretName
|
||||
value: taskplaner-tls
|
||||
- name: ingress.tls[0].hosts[0]
|
||||
value: task.kube2.tricnet.de
|
||||
- name: ingress.annotations.cert-manager\.io/cluster-issuer
|
||||
value: letsencrypt-prod
|
||||
- name: config.origin
|
||||
value: https://task.kube2.tricnet.de
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: default
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
---
|
||||
# Secret for Gitea Container Registry access
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: gitea-registry-secret
|
||||
namespace: default
|
||||
type: kubernetes.io/dockerconfigjson
|
||||
stringData:
|
||||
.dockerconfigjson: |
|
||||
{
|
||||
"auths": {
|
||||
"git.kube2.tricnet.de": {
|
||||
"auth": "REPLACE_WITH_BASE64_ENCODED_USERNAME_COLON_PASSWORD"
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user