From 9f554725c4e9c66f2cfb2c045d65fee9423f0d5a Mon Sep 17 00:00:00 2001 From: Fabian Koller Date: Mon, 13 Apr 2026 10:16:07 +0200 Subject: [PATCH 1/2] fix: separate Argo child apps from leaf resources Keep the root cluster application limited to namespaces and child Applications so CRD-backed resources are synced only by the applications that install their prerequisites. --- argo/apps/gatus.yaml | 32 +--------- argo/apps/gatus/cluster.yaml | 28 ++++++++ argo/bootstrap/apps/argo-cd.yaml | 27 ++++++++ argo/bootstrap/apps/cert-manager.yaml | 32 ++++++++++ argo/bootstrap/apps/cloudnative-pg.yaml | 22 +++++++ argo/bootstrap/apps/envoy-gateway-crds.yaml | 38 +++++++++++ argo/bootstrap/apps/envoy-gateway.yaml | 29 +++++++++ argo/bootstrap/apps/external-dns.yaml | 35 ++++++++++ argo/bootstrap/apps/gatus.yaml | 59 +++++++++++++++++ argo/bootstrap/apps/oracle-ccm.yaml | 64 +++++++++++++++++++ argo/bootstrap/apps/reloader.yaml | 26 ++++++++ argo/bootstrap/apps/secrets.yaml | 20 ++++++ .../apps/system-upgrade-controller.yaml | 23 +++++++ argo/bootstrap/kustomization.yaml | 19 ++++++ argo/bootstrap/namespaces/cattle-system.yaml | 6 ++ argo/bootstrap/namespaces/cert-manager.yaml | 6 ++ argo/bootstrap/namespaces/cloudnative-pg.yaml | 6 ++ .../namespaces/envoy-gateway-system.yaml | 6 ++ argo/bootstrap/namespaces/external-dns.yaml | 6 ++ argo/cluster.yaml | 7 +- argo/system/cert-manager.yaml | 24 +------ argo/system/cert-manager/cluster-issuer.yaml | 20 ++++++ argo/system/envoy-gateway.yaml | 17 +++-- .../resources.yaml} | 0 argo/system/system-upgrade-controller.yaml | 24 +------ .../system-upgrade-controller/plan.yaml | 22 +++++++ 26 files changed, 514 insertions(+), 84 deletions(-) create mode 100644 argo/apps/gatus/cluster.yaml create mode 100644 argo/bootstrap/apps/argo-cd.yaml create mode 100644 argo/bootstrap/apps/cert-manager.yaml create mode 100644 argo/bootstrap/apps/cloudnative-pg.yaml create mode 100644 argo/bootstrap/apps/envoy-gateway-crds.yaml create mode 100644 argo/bootstrap/apps/envoy-gateway.yaml create mode 100644 argo/bootstrap/apps/external-dns.yaml create mode 100644 argo/bootstrap/apps/gatus.yaml create mode 100644 argo/bootstrap/apps/oracle-ccm.yaml create mode 100644 argo/bootstrap/apps/reloader.yaml create mode 100644 argo/bootstrap/apps/secrets.yaml create mode 100644 argo/bootstrap/apps/system-upgrade-controller.yaml create mode 100644 argo/bootstrap/kustomization.yaml create mode 100644 argo/bootstrap/namespaces/cattle-system.yaml create mode 100644 argo/bootstrap/namespaces/cert-manager.yaml create mode 100644 argo/bootstrap/namespaces/cloudnative-pg.yaml create mode 100644 argo/bootstrap/namespaces/envoy-gateway-system.yaml create mode 100644 argo/bootstrap/namespaces/external-dns.yaml create mode 100644 argo/system/cert-manager/cluster-issuer.yaml rename argo/system/{envoy-gateway-config.yaml => envoy-gateway/resources.yaml} (100%) create mode 100644 argo/system/system-upgrade-controller/plan.yaml diff --git a/argo/apps/gatus.yaml b/argo/apps/gatus.yaml index d523197..fae501d 100644 --- a/argo/apps/gatus.yaml +++ b/argo/apps/gatus.yaml @@ -1,32 +1,3 @@ -apiVersion: postgresql.cnpg.io/v1 -kind: Cluster -metadata: - name: gatus-postgresql - namespace: default - annotations: - argocd.argoproj.io/sync-wave: "4" -spec: - imageName: ghcr.io/cloudnative-pg/postgresql:17.2-32@sha256:b17d21f8ec36add9b3c0ea3fb354d05f62a8fddf8ba65ae94e63ba77bc42202e - instances: 3 - enablePDB: true - # Keep one instance per node; without spare nodes, a lost node leaves Gatus degraded. - affinity: - enablePodAntiAffinity: true - podAntiAffinityType: required - topologyKey: kubernetes.io/hostname - managed: - services: - disabledDefaultServices: ["ro", "r"] - bootstrap: - initdb: - database: gatus - owner: gatus - secret: - name: gatus-postgres-user - storage: - storageClass: local-path - size: 15Gi ---- apiVersion: argoproj.io/v1alpha1 kind: Application metadata: @@ -37,6 +8,9 @@ metadata: spec: project: default sources: + - repoURL: https://github.com/anokfireball/cloud-as-code + targetRevision: main + path: argo/apps/gatus - repoURL: https://twin.github.io/helm-charts chart: gatus targetRevision: 1.5.0 diff --git a/argo/apps/gatus/cluster.yaml b/argo/apps/gatus/cluster.yaml new file mode 100644 index 0000000..f41df99 --- /dev/null +++ b/argo/apps/gatus/cluster.yaml @@ -0,0 +1,28 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: gatus-postgresql + namespace: default + annotations: + argocd.argoproj.io/sync-wave: "-1" +spec: + imageName: ghcr.io/cloudnative-pg/postgresql:17.2-32@sha256:b17d21f8ec36add9b3c0ea3fb354d05f62a8fddf8ba65ae94e63ba77bc42202e + instances: 3 + enablePDB: true + # Keep one instance per node; without spare nodes, a lost node leaves Gatus degraded. + affinity: + enablePodAntiAffinity: true + podAntiAffinityType: required + topologyKey: kubernetes.io/hostname + managed: + services: + disabledDefaultServices: ["ro", "r"] + bootstrap: + initdb: + database: gatus + owner: gatus + secret: + name: gatus-postgres-user + storage: + storageClass: local-path + size: 15Gi diff --git a/argo/bootstrap/apps/argo-cd.yaml b/argo/bootstrap/apps/argo-cd.yaml new file mode 100644 index 0000000..3c42aaa --- /dev/null +++ b/argo/bootstrap/apps/argo-cd.yaml @@ -0,0 +1,27 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: argo-cd + namespace: argocd-system + annotations: + argocd.argoproj.io/sync-wave: "2" +spec: + project: default + sources: + - repoURL: https://argoproj.github.io/argo-helm + chart: argo-cd + targetRevision: 9.5.0 + helm: + skipCrds: true + valueFiles: + - $values/argo/system/argo-cd/values.yaml + - repoURL: https://github.com/anokfireball/cloud-as-code + targetRevision: main + ref: values + destination: + name: in-cluster + namespace: argocd-system + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/argo/bootstrap/apps/cert-manager.yaml b/argo/bootstrap/apps/cert-manager.yaml new file mode 100644 index 0000000..7330bed --- /dev/null +++ b/argo/bootstrap/apps/cert-manager.yaml @@ -0,0 +1,32 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: cert-manager + namespace: argocd-system + annotations: + argocd.argoproj.io/sync-wave: "4" +spec: + project: default + sources: + - repoURL: https://charts.jetstack.io + chart: cert-manager + targetRevision: v1.20.1 + helm: + valuesObject: + config: + enableGatewayAPI: true + global: + rbac: + disableHTTPChallengesRole: true + crds: + enabled: true + - repoURL: https://github.com/anokfireball/cloud-as-code + targetRevision: main + path: argo/system/cert-manager + destination: + name: in-cluster + namespace: cert-manager-system + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/argo/bootstrap/apps/cloudnative-pg.yaml b/argo/bootstrap/apps/cloudnative-pg.yaml new file mode 100644 index 0000000..37f776a --- /dev/null +++ b/argo/bootstrap/apps/cloudnative-pg.yaml @@ -0,0 +1,22 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: cloudnative-pg + namespace: argocd-system + annotations: + argocd.argoproj.io/sync-wave: "3" +spec: + project: default + sources: + - repoURL: https://cloudnative-pg.github.io/charts + chart: cloudnative-pg + targetRevision: 0.28.0 + destination: + name: in-cluster + namespace: cloudnative-pg-system + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - ServerSideApply=true diff --git a/argo/bootstrap/apps/envoy-gateway-crds.yaml b/argo/bootstrap/apps/envoy-gateway-crds.yaml new file mode 100644 index 0000000..0d4995d --- /dev/null +++ b/argo/bootstrap/apps/envoy-gateway-crds.yaml @@ -0,0 +1,38 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: envoy-gateway-crds + namespace: argocd-system + annotations: + argocd.argoproj.io/sync-wave: "3" +spec: + project: default + source: + repoURL: docker.io/envoyproxy + targetRevision: 1.7.1 + chart: gateway-crds-helm + helm: + valuesObject: + crds: + gatewayAPI: + enabled: true + channel: experimental + envoyGateway: + enabled: true + destination: + name: in-cluster + namespace: argocd-system + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - ServerSideApply=true + - RespectIgnoreDifferences=true + ignoreDifferences: + - group: apiextensions.k8s.io + kind: CustomResourceDefinition + jsonPointers: + - /metadata/annotations/argocd.argoproj.io~1sync-options + - /metadata/annotations/argocd.argoproj.io~1sync-wave + - /metadata/annotations/kubectl.kubernetes.io~1last-applied-configuration diff --git a/argo/bootstrap/apps/envoy-gateway.yaml b/argo/bootstrap/apps/envoy-gateway.yaml new file mode 100644 index 0000000..a36d373 --- /dev/null +++ b/argo/bootstrap/apps/envoy-gateway.yaml @@ -0,0 +1,29 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: envoy-gateway + namespace: argocd-system + annotations: + argocd.argoproj.io/sync-wave: "4" +spec: + project: default + sources: + - repoURL: docker.io/envoyproxy + targetRevision: 1.7.1 + chart: gateway-helm + helm: + valuesObject: {} + skipCrds: true + - repoURL: https://github.com/anokfireball/cloud-as-code + targetRevision: main + path: argo/system/envoy-gateway + destination: + name: in-cluster + namespace: envoy-gateway-system + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + - ServerSideApply=true diff --git a/argo/bootstrap/apps/external-dns.yaml b/argo/bootstrap/apps/external-dns.yaml new file mode 100644 index 0000000..e9b07dc --- /dev/null +++ b/argo/bootstrap/apps/external-dns.yaml @@ -0,0 +1,35 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: external-dns + namespace: argocd-system + annotations: + argocd.argoproj.io/sync-wave: "4" +spec: + project: default + sources: + - repoURL: https://kubernetes-sigs.github.io/external-dns/ + chart: external-dns + targetRevision: 1.20.0 + helm: + valuesObject: + sources: + - service + - gateway-httproute + policy: upsert-only + registry: noop + provider: + name: cloudflare + env: + - name: CF_API_TOKEN + valueFrom: + secretKeyRef: + name: cloudflare-api-token + key: api-token + destination: + name: in-cluster + namespace: external-dns-system + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/argo/bootstrap/apps/gatus.yaml b/argo/bootstrap/apps/gatus.yaml new file mode 100644 index 0000000..fae501d --- /dev/null +++ b/argo/bootstrap/apps/gatus.yaml @@ -0,0 +1,59 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: gatus + namespace: argocd-system + annotations: + argocd.argoproj.io/sync-wave: "6" +spec: + project: default + sources: + - repoURL: https://github.com/anokfireball/cloud-as-code + targetRevision: main + path: argo/apps/gatus + - repoURL: https://twin.github.io/helm-charts + chart: gatus + targetRevision: 1.5.0 + helm: + valuesObject: + image: + repository: ghcr.io/twin/gatus + # renovate: datasource=docker depName=ghcr.io/twin/gatus + tag: "v5.34.0" + annotations: + reloader.stakater.com/auto: "true" + ingress: + enabled: false + gateway: + route: + enabled: true + parentRefs: + - name: envoy + namespace: default + hosts: + - gatus.kthxbye.cyou + path: / + env: + SERVICE_DOMAIN: + valueFrom: + secretKeyRef: + name: gatus-secrets + key: SERVICE_DOMAIN + POSTGRES_USER: + valueFrom: + secretKeyRef: + name: gatus-postgres-user + key: username + POSTGRES_PASSWORD: + valueFrom: + secretKeyRef: + name: gatus-postgres-user + key: password + externalConfigMap: gatus + destination: + name: in-cluster + namespace: default + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/argo/bootstrap/apps/oracle-ccm.yaml b/argo/bootstrap/apps/oracle-ccm.yaml new file mode 100644 index 0000000..c9c3eaf --- /dev/null +++ b/argo/bootstrap/apps/oracle-ccm.yaml @@ -0,0 +1,64 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: oracle-ccm + namespace: argocd-system + annotations: + argocd.argoproj.io/sync-wave: "2" +spec: + project: default + source: + repoURL: https://github.com/oracle/oci-cloud-controller-manager.git + targetRevision: v1.34.0 + path: manifests/cloud-controller-manager + directory: + recurse: true + destination: + name: in-cluster + namespace: kube-system + syncPolicy: + automated: + prune: true + selfHeal: true +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: oracle-csi + namespace: argocd-system + annotations: + argocd.argoproj.io/sync-wave: "2" +spec: + project: default + source: + repoURL: https://github.com/oracle/oci-cloud-controller-manager.git + targetRevision: v1.34.0 + path: manifests/container-storage-interface + directory: + recurse: true + destination: + name: in-cluster + namespace: kube-system + syncPolicy: + automated: + prune: true + selfHeal: true +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: oracle-csi-snapshotter + namespace: argocd-system +spec: + project: default + source: + repoURL: https://github.com/kubernetes-csi/external-snapshotter.git + targetRevision: v8.5.0 + path: client/config/crd + destination: + name: in-cluster + namespace: kube-system + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/argo/bootstrap/apps/reloader.yaml b/argo/bootstrap/apps/reloader.yaml new file mode 100644 index 0000000..cf2de69 --- /dev/null +++ b/argo/bootstrap/apps/reloader.yaml @@ -0,0 +1,26 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: reloader + namespace: argocd-system + annotations: + argocd.argoproj.io/sync-wave: "3" +spec: + project: default + sources: + - repoURL: https://stakater.github.io/stakater-charts + chart: reloader + targetRevision: 2.2.9 + helm: + valuesObject: + reloader: + reloadOnCreate: true + syncAfterRestart: true + reloadStrategy: annotations + destination: + name: in-cluster + namespace: kube-system + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/argo/bootstrap/apps/secrets.yaml b/argo/bootstrap/apps/secrets.yaml new file mode 100644 index 0000000..260ff99 --- /dev/null +++ b/argo/bootstrap/apps/secrets.yaml @@ -0,0 +1,20 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: secrets + namespace: argocd-system + annotations: + argocd.argoproj.io/sync-wave: "1" +spec: + destination: + name: in-cluster + namespace: argocd-system + project: default + source: + path: argo/secrets + repoURL: https://github.com/anokfireball/cloud-as-code + targetRevision: main + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/argo/bootstrap/apps/system-upgrade-controller.yaml b/argo/bootstrap/apps/system-upgrade-controller.yaml new file mode 100644 index 0000000..133de0b --- /dev/null +++ b/argo/bootstrap/apps/system-upgrade-controller.yaml @@ -0,0 +1,23 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: system-upgrade-controller + namespace: argocd-system + annotations: + argocd.argoproj.io/sync-wave: "2" +spec: + project: default + sources: + - repoURL: http://charts.rancher.io + chart: system-upgrade-controller + targetRevision: 109.0.0 + - repoURL: https://github.com/anokfireball/cloud-as-code + targetRevision: main + path: argo/system/system-upgrade-controller + destination: + name: in-cluster + namespace: cattle-system + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/argo/bootstrap/kustomization.yaml b/argo/bootstrap/kustomization.yaml new file mode 100644 index 0000000..60306ce --- /dev/null +++ b/argo/bootstrap/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - namespaces/cattle-system.yaml + - namespaces/cert-manager.yaml + - namespaces/cloudnative-pg.yaml + - namespaces/envoy-gateway-system.yaml + - namespaces/external-dns.yaml + - apps/secrets.yaml + - apps/argo-cd.yaml + - apps/oracle-ccm.yaml + - apps/system-upgrade-controller.yaml + - apps/cloudnative-pg.yaml + - apps/envoy-gateway-crds.yaml + - apps/reloader.yaml + - apps/cert-manager.yaml + - apps/envoy-gateway.yaml + - apps/external-dns.yaml + - apps/gatus.yaml diff --git a/argo/bootstrap/namespaces/cattle-system.yaml b/argo/bootstrap/namespaces/cattle-system.yaml new file mode 100644 index 0000000..fc72d68 --- /dev/null +++ b/argo/bootstrap/namespaces/cattle-system.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cattle-system + annotations: + argocd.argoproj.io/sync-wave: "1" diff --git a/argo/bootstrap/namespaces/cert-manager.yaml b/argo/bootstrap/namespaces/cert-manager.yaml new file mode 100644 index 0000000..7004e71 --- /dev/null +++ b/argo/bootstrap/namespaces/cert-manager.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cert-manager-system + annotations: + argocd.argoproj.io/sync-wave: "1" diff --git a/argo/bootstrap/namespaces/cloudnative-pg.yaml b/argo/bootstrap/namespaces/cloudnative-pg.yaml new file mode 100644 index 0000000..1faf6bc --- /dev/null +++ b/argo/bootstrap/namespaces/cloudnative-pg.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cloudnative-pg-system + annotations: + argocd.argoproj.io/sync-wave: "1" diff --git a/argo/bootstrap/namespaces/envoy-gateway-system.yaml b/argo/bootstrap/namespaces/envoy-gateway-system.yaml new file mode 100644 index 0000000..193ad2b --- /dev/null +++ b/argo/bootstrap/namespaces/envoy-gateway-system.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: envoy-gateway-system + annotations: + argocd.argoproj.io/sync-wave: "1" diff --git a/argo/bootstrap/namespaces/external-dns.yaml b/argo/bootstrap/namespaces/external-dns.yaml new file mode 100644 index 0000000..0c4862a --- /dev/null +++ b/argo/bootstrap/namespaces/external-dns.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: external-dns-system + annotations: + argocd.argoproj.io/sync-wave: "1" diff --git a/argo/cluster.yaml b/argo/cluster.yaml index 2e0e62b..7b80f37 100644 --- a/argo/cluster.yaml +++ b/argo/cluster.yaml @@ -11,14 +11,9 @@ spec: namespace: argocd-system project: default source: - path: argo + path: argo/bootstrap repoURL: https://github.com/anokfireball/cloud-as-code targetRevision: main - directory: - recurse: true - include: "{*.yml,*.yaml}" - # no idea why, but 'recurse' does not properly apply the kustomization - exclude: "secrets/*" syncPolicy: automated: prune: true diff --git a/argo/system/cert-manager.yaml b/argo/system/cert-manager.yaml index a88478f..7330bed 100644 --- a/argo/system/cert-manager.yaml +++ b/argo/system/cert-manager.yaml @@ -20,6 +20,9 @@ spec: disableHTTPChallengesRole: true crds: enabled: true + - repoURL: https://github.com/anokfireball/cloud-as-code + targetRevision: main + path: argo/system/cert-manager destination: name: in-cluster namespace: cert-manager-system @@ -27,24 +30,3 @@ spec: automated: prune: true selfHeal: true ---- -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: letsencrypt - namespace: cert-manager-system - annotations: - argocd.argoproj.io/sync-wave: "4" -spec: - acme: - server: https://acme-v02.api.letsencrypt.org/directory - email: letsencrypt@kthxbye.cyou - privateKeySecretRef: - name: letsencrypt - solvers: - - dns01: - cloudflare: - email: cloudflare@kthxbye.cyou - apiTokenSecretRef: - name: cloudflare-api-token - key: api-token diff --git a/argo/system/cert-manager/cluster-issuer.yaml b/argo/system/cert-manager/cluster-issuer.yaml new file mode 100644 index 0000000..0200cd3 --- /dev/null +++ b/argo/system/cert-manager/cluster-issuer.yaml @@ -0,0 +1,20 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt + namespace: cert-manager-system + annotations: + argocd.argoproj.io/sync-wave: "1" +spec: + acme: + server: https://acme-v02.api.letsencrypt.org/directory + email: letsencrypt@kthxbye.cyou + privateKeySecretRef: + name: letsencrypt + solvers: + - dns01: + cloudflare: + email: cloudflare@kthxbye.cyou + apiTokenSecretRef: + name: cloudflare-api-token + key: api-token diff --git a/argo/system/envoy-gateway.yaml b/argo/system/envoy-gateway.yaml index 7c20b9f..a36d373 100644 --- a/argo/system/envoy-gateway.yaml +++ b/argo/system/envoy-gateway.yaml @@ -7,13 +7,16 @@ metadata: argocd.argoproj.io/sync-wave: "4" spec: project: default - source: - repoURL: docker.io/envoyproxy - targetRevision: 1.7.1 - chart: gateway-helm - helm: - valuesObject: {} - skipCrds: true + sources: + - repoURL: docker.io/envoyproxy + targetRevision: 1.7.1 + chart: gateway-helm + helm: + valuesObject: {} + skipCrds: true + - repoURL: https://github.com/anokfireball/cloud-as-code + targetRevision: main + path: argo/system/envoy-gateway destination: name: in-cluster namespace: envoy-gateway-system diff --git a/argo/system/envoy-gateway-config.yaml b/argo/system/envoy-gateway/resources.yaml similarity index 100% rename from argo/system/envoy-gateway-config.yaml rename to argo/system/envoy-gateway/resources.yaml diff --git a/argo/system/system-upgrade-controller.yaml b/argo/system/system-upgrade-controller.yaml index 4e8d797..133de0b 100644 --- a/argo/system/system-upgrade-controller.yaml +++ b/argo/system/system-upgrade-controller.yaml @@ -11,6 +11,9 @@ spec: - repoURL: http://charts.rancher.io chart: system-upgrade-controller targetRevision: 109.0.0 + - repoURL: https://github.com/anokfireball/cloud-as-code + targetRevision: main + path: argo/system/system-upgrade-controller destination: name: in-cluster namespace: cattle-system @@ -18,24 +21,3 @@ spec: automated: prune: true selfHeal: true ---- -apiVersion: upgrade.cattle.io/v1 -kind: Plan -metadata: - name: k3s - namespace: cattle-system - labels: - k3s-upgrade: server -spec: - concurrency: 1 - # renovate: datasource=github-releases depName=k3s-io/k3s - version: "v1.35.0+k3s3" - nodeSelector: - matchExpressions: - - {key: node-role.kubernetes.io/control-plane, operator: Exists} - serviceAccountName: system-upgrade-controller - drain: - force: true - skipWaitForDeleteTimeout: 60 - upgrade: - image: rancher/k3s-upgrade diff --git a/argo/system/system-upgrade-controller/plan.yaml b/argo/system/system-upgrade-controller/plan.yaml new file mode 100644 index 0000000..f73f7f7 --- /dev/null +++ b/argo/system/system-upgrade-controller/plan.yaml @@ -0,0 +1,22 @@ +apiVersion: upgrade.cattle.io/v1 +kind: Plan +metadata: + name: k3s + namespace: cattle-system + annotations: + argocd.argoproj.io/sync-wave: "1" + labels: + k3s-upgrade: server +spec: + concurrency: 1 + # renovate: datasource=github-releases depName=k3s-io/k3s + version: "v1.35.0+k3s3" + nodeSelector: + matchExpressions: + - {key: node-role.kubernetes.io/control-plane, operator: Exists} + serviceAccountName: system-upgrade-controller + drain: + force: true + skipWaitForDeleteTimeout: 60 + upgrade: + image: rancher/k3s-upgrade From f9cc0352bdb5276b751fdd6faf119ed5a7ee711a Mon Sep 17 00:00:00 2001 From: "dependencysherpa[bot]" <207194774+dependencysherpa[bot]@users.noreply.github.com> Date: Mon, 13 Apr 2026 12:53:23 +0000 Subject: [PATCH 2/2] chore(deps): update ghcr.io/twin/gatus docker tag to v5.35.0 --- argo/apps/gatus.yaml | 2 +- argo/bootstrap/apps/gatus.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/argo/apps/gatus.yaml b/argo/apps/gatus.yaml index fae501d..c9e49b8 100644 --- a/argo/apps/gatus.yaml +++ b/argo/apps/gatus.yaml @@ -19,7 +19,7 @@ spec: image: repository: ghcr.io/twin/gatus # renovate: datasource=docker depName=ghcr.io/twin/gatus - tag: "v5.34.0" + tag: "v5.35.0" annotations: reloader.stakater.com/auto: "true" ingress: diff --git a/argo/bootstrap/apps/gatus.yaml b/argo/bootstrap/apps/gatus.yaml index fae501d..c9e49b8 100644 --- a/argo/bootstrap/apps/gatus.yaml +++ b/argo/bootstrap/apps/gatus.yaml @@ -19,7 +19,7 @@ spec: image: repository: ghcr.io/twin/gatus # renovate: datasource=docker depName=ghcr.io/twin/gatus - tag: "v5.34.0" + tag: "v5.35.0" annotations: reloader.stakater.com/auto: "true" ingress: