Define cert-manager

.drone.yml

@@ -18,6 +18,8 @@ steps:
     environment:
           GITEA_PASSWORD:
             from_secret: gitea_password
+          ARGO_TOKEN:
+            from_secret: argo_token
 
 image_pull_secrets:
   - dockerconfigjson

README.md

@@ -19,7 +19,18 @@ $ helm repo add --username <username> --password <password> <repo-alias> https:/
 $ helm install <release-name> <repo-alias>/<name>
 ```
 
+and/or
+
+```bash
+$ kubectl apply -f application-manifests.yaml
+```
+
+TODO: [App-of-apps](https://argo-cd.readthedocs.io/en/stable/operator-manual/cluster-bootstrapping/#app-of-apps-pattern) to manage whole-cluster configuration.
+
 ## Other links
 
 * [General documentation on repositories](https://helm.sh/docs/topics/chart_repository/)
 * [Gitea's own documentation](https://docs.gitea.com/next/usage/packages/helm)
+* [Helm charts via Argo](https://argo-cd.readthedocs.io/en/stable/user-guide/helm/), [broader application syntax](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/)
+  * Don't be caught out by Argo's behaviour of only accepting Applications in its own namespace!
+  * See [here](https://gitea.scubbo.org/scubbo/blogcontent/src/branch/main/.drone.yml#L77) for examples of how to call the Argo UI

application-manifests.yaml

@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: cert-manager
+  namespace: argo
+spec:
+  project: default
+
+  source:
+    chart: cert-manager
+    repoURL: https://charts.jetstack.io
+    targetRevision: 1.11.0
+    helm:
+      values: |
+        installCRDs: true
+
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: security
+
+  syncPolicy:
+    automated:
+      prune: true
+    syncOptions:
+    - CreateNamespace=true

build-tools/upload-new-versions.sh

@@ -35,3 +35,20 @@ done
 # All packages have been checked, no version conflicts - upload them all!
 find bundles -type f -exec curl -s --user "scubbo:$GITEA_PASSWORD" -X POST --upload-file '{}' https://gitea.scubbo.org/api/packages/scubbo/helm/api/charts \;
 rm -rf bundles;
+
+# Call Argo UI to create/sync the Argo application.
+#
+# Prefer this over declarative GitOps - "upload a file like [here](https://argo-cd.readthedocs.io/en/stable/user-guide/helm/)
+# stating which version should be used" - because that would require two changes for one version (one to declare and
+# upload the new version, another to depend on it). Since we _own_ the chart definitions, there's no reason not to
+# deploy the latest one immediately!
+#
+# An alternative approach (that would only have required a single update) would be for the Argo Application to track a
+# Git Repo (at HEAD) rather than a Helm repo. In this case, merely pushing a new instance to HEAD would be sufficient to
+# update the Argo App. However, I wanted to learn how to operate a Helm repo :)
+for changed_chart in $changed_charts
+do
+  app_name=$(basename $changed_chart)
+  # TODO - create app if it doesn't already exist
+  curl -s -X POST "argo-cd-argocd-server.argo.svc.cluster.local/api/v1/applications/$app_name/sync" -H "Authorization: Bearer ${ARGO_TOKEN}" -H "Content-Type: application/json"
+done