A collection of Argo CD templates for deploying helm apps or directories of Kubernetes (k8s) manifests as Argo CD apps. We're still working on full stability, but please feel free to ask questions or make suggestions 🧡
smallhack-argocd-apps.mov
These Argo CD apps were originally designed to be compatible with smol-k8s-lab
, but they can be used anywhere :)
Here's some quick guidelines, but you if you'd like to contribute, please read the full contributing guidelines here 😃!
-
Follow a base schema for all our files and directories so that we can easily make more of them faster.
-
Make secure as we go to avoid the dreaded all-at-once security pass (but we may have missed something, in which case, please let us know).
-
Be kind and if something doesn't work as it should, try to fix the upstream repo before introducing a good-enough fix here.
-
NEVER FORGET THE BACKUPS. DO YOU REMEMBER WHAT HAPPENED LAST TIME WE DIDN'T HAVE THIS RULE? 😭
- Continuous Deployment
- Database
- File Storage and Backups
- Identity Providers and SSO
- Ingress
- Monitoring
- Networking
- Other
- Security
- Secrets Management
- Social Media and chat
- Virtual Machines
- Troubleshooting Tips
- Art
App Directory | Description |
---|---|
argocd | The one, the only, Argo CD is used for declarative continuous delivery to Kubernetes with a fully-loaded UI. This actually deploys all the other apps and manages itself too :3 |
App Directory | Description |
---|---|
cloud-native-postgres-operator | PostgreSQL database management operator to spin up postgres instances, collect metrics, and create backups |
postgres | Just a bitnami PostgreSQL database helm chart on k8s, in case you need that for something |
App Directory | Description |
---|---|
k8up | K8up is a k8s native backups done via restic, so you can sync your persistent volumes to external s3 compliant storage |
nextcloud | Nextcloud is a self hosted file storage cloud solution. Replaces something like google drive/photos/notes/meets/calendar - mostly stable |
minio | MinIO is a secure self hosted S3 compatible Object Store. |
seaweedfs | SeaweedFS is a secure and very fast self hosted S3 compatible Object Store specialized for either many files or large files |
App Directory | Description |
---|---|
garage | Garage is a self hosted S3 compatible Object Store |
Harbor | Container Registry and OCI artifact store with built-in vulernability scanning via Trivy |
Longhorn | Longhorn is a lightweight, reliable and easy-to-use distributed block storage system for Kubernetes. (not currently actively in development) |
App Directory | Description |
---|---|
vouch-proxy | helm chart for Vouch, an OAuth2 proxy that allows you to use ingress-nginx annotations to connect to a third party identity provider, giving you proper auth on websites that don't have auth. Currently works with the zitadel provider in this template, but also known to work with keycloak, google, and github |
zitadel | helm chart for Zitadel, an Identity Access Management tool with built in OpenIDConnect for authenticating to self hosted apps. Recommended over keycloak. |
App Directory | Description |
---|---|
keycloak | helm chart for Keycloak, an Identity Access Management tool with built in OpenIDConnect for authenticating to self hosted apps |
oauth2-proxy | Oauth2 proxy that works with Google, however we're testing a keycloak provider right now |
App Directory | Description |
---|---|
cert-manager | helm chart for cert-manager, for providing TLS certificates based on nginx ingress annotations |
ingress-nginx | helm chart for ingress-nginx, an nginx ingress controller to allow external traffic to the cluster |
The main thing we deploy is the Kube Prometheus Stack which includes:
- prometheus
- alertmanager
- grafana
- loki
App Directory | Description |
---|---|
kube-prometheus-stack | prometheus, alertmanager, grafana for collecting metrics for monitoring/alerting, and dashboards/charts |
loki-stack | loki and promtail for collecting logs in prometheus |
prometheus-push-gateway | Installs the Prometheus Push Gateway which enables pushing metrics from jobs that would be difficult or impossible to scrape |
App Directory | Description |
---|---|
kepler | helm chart for Kepler, (Kubernetes-based Efficient Power Level Exporter), which uses eBPF to probe performance counters and other system stats, use ML models to estimate workload energy consumption based on these stats, and exports them as Prometheus metrics. |
App Directory | Description |
---|---|
metallb | A helm chart for metallb which will let you manager your own ip address pool for use with ingress |
App Directory | Description |
---|---|
cilium | A helm chart for cilium, for transparently securing network connectivity/loadbalancing b/w app workloads such as app containers or processes |
headscale | VPN, there isn't an official helm chart, so we're still working on this |
netmaker | VPN utilizing wiregaurd on the backend |
wireguard | A helm chart for wg-access-server which uses Wireguard®️ for a VPN |
Other useful tools that don't fit neatly into any one category.
App Directory | Description |
---|---|
k8tz | A helm chart for k8tz, to inject timezone info into cronjob pods |
LibreTranslate | A helm chart for LibreTranslate, to self host a translation tool |
App Directory | Description |
---|---|
kyverno | Kubernetes-native policy management |
App Directory | Description |
---|---|
external-secrets-operator | ESO (External Secrets Operator) used for sourcing k8s secrets from an external provider |
bitwarden-external-secrets | ESO Bitwarden SecretStore, for using secrets directly from bitwarden items |
App Directory | Description |
---|---|
infisical | Infisical is an open source secrets management solution and it has a k8s secrets operator. |
OpenBao | OpenBao is an open source secrets management solution forked from Vault and supported by the Linux Foundation. |
vault | Vault is an open source secrets management solution by Hashicorp. |
App Directory | Description |
---|---|
coturn | TURN/STUN server for connecting VoIP peers |
mastodon | Selfhosted social media site, includes postgresql, elastic search (for full text searching), and valkey (in memory caching) |
matrix | Selfhosted chat server that plugs into a bunch of other chat apps |
App Directory | Description |
---|---|
kubevirt | KubeVirt is a virtual machine management add-on for Kubernetes. |
App Directory | Description |
---|---|
Nvidia GPU Operator | The GPU Operator allows administrators of Kubernetes clusters to manage GPU nodes |
-
Namespace stuck in terminating state
kubectl get namespace "<NAMESPACE>" -o json | tr -d "\n" | sed "s/\"finalizers\": \[[^]]\+\]/\"finalizers\": []/" | kubectl replace --raw /api/v1/<NAMESPACE>/cdi/finalize -f -
-
Find all items in a namespace
kubectl api-resources --verbs=list --namespaced -o name | xargs -n 1 kubectl get --show-kind --ignore-not-found -n <NAMESPACE>
-
be sure to check for and remove
Mutatingwebhookconfiguration
andValidatingwebhookconfiguration
-
Patching a resource you found via the Xargs search
kubectl patch <CLASS>/<NAME>-p '{"metadata":{"finalizers":[]}}' --type=merge -n <NAMESPACE>
This part is just here for fun :) If you have open source fan art, consider submitting it to the project itself and/or us, and we'll display it with credit 💙
By @jessebot