updated bootstrapping procedure with more sane defaults

README.md

@@ -1,7 +1,7 @@
 # Kluster setup and IaaC using argoCD
 
 
-### Initial setup
+### Description
 #### Requirements:
 - A running k3s instance
 - `sealedsecrets` deployed
@@ -27,20 +27,21 @@ The app-of-apps will bootstrap a fully featured cluster with the following compo
     - immich
     - ...
 
-#### Recap
+## Setup instructions
-- install sealedsecrets see [README](./infrastructure/sealedsecrets/README.md)
+1. install sealedsecrets see [README](./infrastructure/sealedsecrets/README.md)
     ```bash
     kubectl apply -k infrastructure/sealedsecrets
     kubectl apply -f infrastructure/sealedsecrets/main.key
     kubectl delete pod -n kube-system -l name=sealed-secrets-controller
     ```
-- install argocd
+1. install argocd and the app-of-apps bundled with it
     ```bash
     kubectl apply -k infrastructure/argocd
     ```
-- wait...
 
 
+> NOTE: The argocd kustomization already mentions some CRDs available only after the full bootstrapping (traefik). You might have to apply the last step twice
+
 ### Adding an application
 todo
 

infrastructure/metallb-system/ipaddresspool.yaml

@@ -2,7 +2,6 @@ apiVersion: metallb.io/v1beta1
 kind: IPAddressPool
 metadata:
   name: default
-  namespace: metallb-system
 spec:
   addresses:
     - 192.168.3.0/24
@@ -10,5 +9,8 @@ spec:
 apiVersion: metallb.io/v1beta1
 kind: L2Advertisement
 metadata:
-  name: empty
+  name: default
-  namespace: metallb-system
+# selector is left empty on purpose to match all IPAddressPools
+# spec:
+#   ipAddressPools:
+#   - default

infrastructure/metallb-system/kustomization.yaml

@@ -1,15 +1,12 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-resources: 
-  - namespace.yaml
-  - ipaddresspool.yaml
 
 namespace: metallb-system
 
+resources:
+  # - namespace.yaml
+  # namespace is already included in the remote kustomization
+  # - github.com/metallb/metallb/config/native?ref=v0.15.2
+  - github.com/metallb/metallb/config/frr?ref=v0.15.2
+  - ipaddresspool.yaml
 
-helmCharts:
-  - name: metallb
-    repo: https://metallb.github.io/metallb
-    version: 0.15.2
-    releaseName: metallb
-    valuesFile: values.yaml

infrastructure/metallb-system/namespace.yaml

@@ -1,6 +1,6 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: placeholder
+  name: metallb-system
-  labels:
+  # labels:
-    pod-security.kubernetes.io/enforce: privileged 
+    # pod-security.kubernetes.io/enforce: privileged

infrastructure/traefik-system/configmap.yaml

@@ -71,7 +71,7 @@ data:
         address = ":9100"
 
       [entryPoints.traefik]
-        address = ":9000"
+        address = ":8080"
 
       [entryPoints.dnsovertls]
         address = ":8853"

infrastructure/traefik-system/values.yaml

@@ -23,8 +23,7 @@ ingressClass:
   # true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12
   enabled: true
   isDefaultClass: true
-  # Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1"
+
-  fallbackApiVersion: ""
 
 # Activate Pilot integration
 pilot:
@@ -67,7 +66,8 @@ providers:
   kubernetesIngress:
     enabled: true
     allowExternalNameServices: true
-    ingressClass: traefik
+    # Ingresses missing the annotation, having an empty value, or the value traefik are processed by default.
+    # ingressClass: traefik
     # labelSelector: environment=production,method=traefik