Adding Tailscale and Kargo

manifests/workloads/applicationset.yaml

@@ -51,6 +51,9 @@ spec:
       - appName: tailscale
         namespace: networking
         targetRev: main
+      - appName: kargo
+        namespace: kargo
+        targetRev: main
   template:
     metadata:
       name: '{{appName}}'

manifests/workloads/kargo/application.yaml

@@ -0,0 +1,32 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: kargo
+  namespace: argocd
+spec:
+  destination:
+    namespace: kargo
+    server: https://kubernetes.default.svc
+  project: default
+  sources:
+  # Git Repo Deployment
+  - path: manifests/workloads/kargo
+    repoURL: https://github.com/danmanners/homelab-kube-cluster.git
+    targetRevision: main
+  # Helm Repo Ref
+  - repoURL: https://github.com/danmanners/homelab-kube-cluster.git
+    targetRevision: main
+    ref: values
+    # Helm Chart Deployment
+  - chart: kargo
+    repoURL: oci://ghcr.io/akuity/kargo-charts
+    targetRevision: "0.1.0"
+    helm:
+      valueFiles:
+      - $values/manifests/workloads/kargo/values.yaml
+  syncPolicy:
+    automated:
+      prune: true
+    syncOptions:
+    - CreateNamespace=true
+    - ServerSideApply=true

manifests/workloads/kargo/kustomization.yaml

@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kargo
+resources:
+# renovate: datasource=github-releases depName=akuity/kargo
+- https://raw.githubusercontent.com/akuity/kargo/v0.1.0/charts/kargo/crds/kargo.akuity.io_promotionpolicies.yaml
+# renovate: datasource=github-releases depName=akuity/kargo
+- https://raw.githubusercontent.com/akuity/kargo/v0.1.0/charts/kargo/crds/kargo.akuity.io_promotions.yaml
+# renovate: datasource=github-releases depName=akuity/kargo
+- https://raw.githubusercontent.com/akuity/kargo/v0.1.0/charts/kargo/crds/kargo.akuity.io_stages.yaml

manifests/workloads/kargo/namespace.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    name: memegen
+  name: memegen

manifests/workloads/kargo/values.yaml

@@ -0,0 +1,10 @@
+api:
+  host: kargo.homelab.danmanners.com
+  ingress:
+    enabled: true
+    annotations:
+      cert-manager.io/cluster-issuer: acme-prod
+    ingressClassName: nginx
+    tls:
+      enabled: true
+      selfSignedCert: true

manifests/workloads/tailscale/deployment.yaml

@@ -60,5 +60,39 @@ spec:
         - name: oauth
           mountPath: /oauth
           readOnly: true
+      - name: not-operator
+        securityContext: {}
+        resources: {}
+        image: tailscale:replaceme
+        imagePullPolicy: IfNotPresent
+        env:
+        - name: OPERATOR_HOSTNAME
+          value: tailscale-sidecar
+        - name: OPERATOR_SECRET
+          value: operator
+        - name: OPERATOR_LOGGING
+          value: info # warning, info, debug
+        - name: OPERATOR_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: CLIENT_ID_FILE
+          value: /oauth/client_id
+        - name: CLIENT_SECRET_FILE
+          value: /oauth/client_secret
+        - name: PROXY_IMAGE
+          value: core.harbor.homelab.danmanners.com/docker.io/tailscale/tailscale:unstable-v1.53
+        - name: PROXY_TAGS
+          value: tag:k8s
+        - name: APISERVER_PROXY
+          value: "true"
+        - name: PROXY_FIREWALL_MODE
+          value: auto # Leave this for now
+        - name: TS_ROUTES
+          value: 10.3.0.0/24,10.4.0.0/23
+        volumeMounts:
+        - name: oauth
+          mountPath: /oauth
+          readOnly: true
       nodeSelector:
         kubernetes.io/os: linux

manifests/workloads/tailscale/kustomization.yaml

@@ -13,3 +13,6 @@ images:
 - name: k8s-operator:replaceme
   newName: core.harbor.homelab.danmanners.com/docker.io/tailscale/k8s-operator
   newTag: unstable-v1.53
+- name: tailscale:replaceme
+  newName: core.harbor.homelab.danmanners.com/docker.io/tailscale/tailscale
+  newTag: unstable-v1.53