fix: WIP ArgoCD deployment fix.

ansible/roles/k3s/first_server_argocd/tasks/main.yml

@@ -57,7 +57,7 @@
         - ./../../../../tenants
 
     # might fail if manifests are applied too quickly before argo CRDs are available in cluster, so retry.
-    # If this fails, it is very likely because of an error in the k8s config yaml, not ansible. Check your yaml builds with k kustomize build....
+    # If this fails, it is very likely because of an error in the k8s config yaml, not ansible. Check your yaml builds with k kustomize ....
     # Argo must be bootstrapped into dev with a local git repo to pull from, prior to upgrading to prod, which requires secrets, which requires the cluster to be up.
     - name: Apply manifests
       ansible.builtin.command:
@@ -68,9 +68,9 @@
       until: result.rc == 0
       changed_when: false  # was true
 
-    - name: Wait for all pods to be ready
-      ansible.builtin.shell: kubectl wait --kubeconfig /home/{{ ansible_user }}/.kube/config -A --for=condition=Ready pod --all --timeout=600s # noqa: command-instead-of-shell
-      changed_when: false      
+    - name: Wait for all kube-system pods to become ready  # we want kube-vip to be ready
+      ansible.builtin.shell: kubectl --kubeconfig /home/{{ ansible_user }}/.kube/config wait --namespace=kube-system --for=condition=Ready pod --all --timeout=600s  # noqa: command-instead-of-shell
+      changed_when: true
 
     - name: Change server to API endpoint instead of localhost
       ansible.builtin.command: >-

ansible/roles/k3s/other_server/tasks/main.yml

@@ -21,9 +21,11 @@
         daemon_reload: true
         state: started
         enabled: true
+      retries: 3
+      delay: 30
 
     - name: Verify that all server nodes joined
-      when: (groups['server'] | length) > 1
+      when: ansible_hostname === groups['server'][1]  # only need to check from one of the other servers
       ansible.builtin.command:
         cmd: >
           k3s kubectl get nodes -l "node-role.kubernetes.io/control-plane=true" -o=jsonpath="{.items[*].metadata.name}"

ansible/roles/metallb_template/tasks/main.yml

@@ -2,20 +2,22 @@
 # adapted from techno-tim.
 - name: Create metallb templates on Ansible Controller.
   run_once: true
+  # Handle both hostname OR ip address being supplied in inventory
+  when: ansible_hostname == groups['server'][0] or groups['server'][0] in ansible_facts['all_ipv4_addresses']
   block:
     - name: Copy metallb kustomization.yaml template to gitops repo on ansible controller
       ansible.builtin.template:
         src: "kustomization.yaml.j2"
         dest: "{{ lookup('env', 'PWD') }}/infrastructure/metallb/base/kustomization.yaml"
-        #owner: "{{ lookup('env', 'USER') }}"
-        #group: "{{ lookup('env', 'USER') }}"
+        owner: "{{ lookup('env', 'USER') }}"
+        group: "{{ lookup('env', 'USER') }}"
         mode: 0644
       delegate_to: localhost
     - name: Copy metallb custom resource spec template to gitops repo on ansible controller
       ansible.builtin.template:
         src: "pool_advertisement.yaml.j2"
         dest: "{{ lookup('env', 'PWD') }}/infrastructure/metallb/base/pool_advertisement.yaml"
-        #owner: "{{ lookup('env', 'USER') }}"
-        #group: "{{ lookup('env', 'USER') }}"
+        owner: "{{ lookup('env', 'USER') }}"
+        group: "{{ lookup('env', 'USER') }}"
         mode: 0644
       delegate_to: localhost

ansible/roles/prereq/tasks/main.yml

@@ -17,7 +17,7 @@
     # - awk  # longhorn. ubuntu uses mawk by default.
     - nfs-common  # longhorn
     - jq  # longhorn
-    update_cache: true
+    #update_cache: true
 
 - name: Enable open-iscsi for longhorn
   ansible.builtin.systemd:

ansible/roles/vip_template/tasks/main.yml

@@ -2,23 +2,23 @@
 # adapted from techno-tim.
 - name: Create KubeVIP templates on Ansible Controller.
   run_once: true
+  when: ansible_hostname == groups['server'][0] or groups['server'][0] in ansible_facts['all_ipv4_addresses']
   block:
     # https://stackoverflow.com/a/26399105
     # https://devops.stackexchange.com/a/3772
     - name: Download vip rbac manifest to gitops repo on ansible controller
       ansible.builtin.get_url:
-        #url: "https://raw.githubusercontent.com/kube-vip/kube-vip/{{ kube_vip_version }}/docs/manifests/rbac.yaml"
         url: "https://kube-vip.io/manifests/rbac.yaml"
         dest: "{{ lookup('env', 'PWD') }}/infrastructure/kubevip/base/rbac-vip.yaml"
-        #owner: "{{ lookup('env', 'USER') }}"
-        #group: "{{ lookup('env', 'USER') }}"
+        owner: "{{ lookup('env', 'USER') }}"
+        group: "{{ lookup('env', 'USER') }}"
         mode: 0644
       delegate_to: localhost
     - name: Copy VIP manifest template to gitops repo on ansible controller
       ansible.builtin.template:
         src: "vip-ds.yaml.j2"
         dest: "{{ lookup('env', 'PWD') }}/infrastructure/kubevip/base/ds-vip.yaml"
-        #owner: "{{ lookup('env', 'USER') }}"
-        #group: "{{ lookup('env', 'USER') }}"
+        owner: "{{ lookup('env', 'USER') }}"
+        group: "{{ lookup('env', 'USER') }}"
         mode: 0644
       delegate_to: localhost

bootstrap/base/kustomization.yaml

@@ -5,9 +5,11 @@ kind: Kustomization
 namespace: argocd
 
 resources:
-  - ns-argocd.yaml
 #  - https://raw.githubusercontent.com/argoproj/argo-cd/master/manifests/install.yaml
-  - https://raw.githubusercontent.com/argoproj/argo-cd/master/manifests/ha/install.yaml
+#  - https://raw.githubusercontent.com/argoproj/argo-cd/master/manifests/ha/install.yaml
+  - https://raw.githubusercontent.com/argoproj/argo-cd/v2.10.1/manifests/install.yaml
+  - ns-argocd.yaml
+  - ingress-argo.yaml
 
 patches:
   - path: patch-argocd-cm-enableHelm.yaml

bootstrap/envs/dev/kustomization.yaml

@@ -7,3 +7,6 @@ namespace: argocd
 resources:
   - ../../base
   - ../../../components/envs/dev
+
+patches:
+  - path: patch-local-git-repo.yaml

components/base/appproj-dev1.yaml

@@ -9,7 +9,7 @@ metadata:
 spec:
   description: Developer-specified tenant applications
   sourceRepos:
-  - git@github.com:USERNAME/REPONAME  # patched in overlays
+    - git@github.com:USERNAME/REPONAME  # patched in overlays
   destinations:
   - namespace: '!kube-system'
     server: '*'

components/base/appset-infrastructure.yaml

@@ -9,7 +9,7 @@ spec:
   generators:
     - git:  # patched in overlays
         repoURL: git@github.com:USERNAME/REPONAME
-        revision: HEAD
+        revision: main
         files:
           - path: "infrastructure/**/config.json"
   template:
@@ -35,7 +35,7 @@ spec:
         - RespectIgnoreDifferences=true
       source:
         repoURL: file:///tmp/argo-gitops.git  # patched in overlays
-        targetRevision: HEAD  # patched in overlays
+        targetRevision: main  # patched in overlays
         path: "{{path}}"
       destination:
         server: https://kubernetes.default.svc

components/base/kustomization.yaml

@@ -7,4 +7,3 @@ resources:
   - appproj-dev1.yaml
   - appset-infrastructure.yaml
   - appset-tenants.yaml
-  - ingress-argo.yaml

components/envs/dev/kustomization.yaml

@@ -11,4 +11,3 @@ patches:
   - path: patch-appset-infrastructure-source.yaml
   - path: patch-appset-tenants-generators.yaml
   - path: patch-appset-tenants-source.yaml
-  - path: patch-argocd-repo-server-local-git.yaml

components/envs/dev/patch-appset-infrastructure-source.yaml

@@ -10,5 +10,4 @@ spec:
       source:
         repoURL: file:///tmp/argo-gitops.git
         targetRevision: main
-# WARNING: MIGHT HAVE ERRORS IF /path IS NOT RETAINED FROM BASE
-      # path: "{{path}}"
+        path: "{{path}}"

components/envs/dev/patch-appset-tenants-source.yaml

@@ -10,5 +10,4 @@ spec:
       source:
         repoURL: file:///tmp/argo-gitops.git
         targetRevision: main
-# WARNING: MIGHT HAVE ERRORS IF /path IS NOT RETAINED FROM BASE
-      # path: "{{path}}"
+        path: "{{path}}"

components/envs/prod/patch-appset-infrastructure-source.yaml

@@ -10,5 +10,4 @@ spec:
       source:
         repoURL: git@github.com:USERNAME/YOUR-PRIVATE-FORK-OF-THIS-REPO.git
         targetRevision: main
-# WARNING: MIGHT HAVE ERRORS IF /path IS NOT RETAINED FROM BASE
-      # path: "{{path}}"
+        path: "{{path}}"

components/envs/prod/patch-appset-tenants-generators.yaml

@@ -10,4 +10,4 @@ spec:
         repoURL: git@github.com:USERNAME/YOUR-PRIVATE-FORK-OF-THIS-REPO.git
         revision: main
         files:
-          - path: "tenants/**/config.json"  # was tenants/*/envs/*/config.json
+          - path: "tenants/**/config.json"

components/envs/prod/patch-appset-tenants-source.yaml

@@ -10,5 +10,4 @@ spec:
       source:
         repoURL: git@github.com:USERNAME/YOUR-PRIVATE-FORK-OF-THIS-REPO.git
         targetRevision: main
-# WARNING: MIGHT HAVE ERRORS IF /path IS NOT RETAINED FROM BASE
-      # path: "{{path}}"
+        path: "{{path}}"

docs/howtos/argocd-local-repo.md

@@ -0,0 +1,9 @@
+# How-To: Notes on using local git repos with ArgoCD
+
+## Dubious authors
+
+Try using a clean clone of a remote repo into the local copy on the host node, instead of pushing to the local copy on the host node.
+
+## `targetRevision`
+
+This probably normally defaults to `HEAD`, but it can also be a branch name (this is undocumented in the argo docs). 

mkdocs.yml

@@ -99,6 +99,7 @@ nav:
     - howtos/add-new-node.md
     - howtos/dynamic-environments.md
     - howtos/patching-argocd-cd.md
+    - howtos/argocd-local-repo.md
   - Explanations:
     - explanations/index.md
     - Cluster organisation: explanations/cluster-organisation.md

samples/all-sample.yml

@@ -1,23 +1,24 @@
 ---
 ### PIN VERSIONS ###
 
-k3s_version: v1.26.9+k3s1
-kube_vip_version: v0.6.3  # Latest stable, as of 11 November 2023.
-metal_lb_speaker_version: v0.13.12  # Latest stable, as of 11 November 2023.
-metal_lb_controller_version: v0.13.12  # Latest stable, as of 11 November 2023.
+k3s_version: "v1.29.3+k3s1"
+kube_vip_version: "v0.7.2"  # Latest stable, as of 30 march 2024. last working
+metal_lb_version: "v0.14.4"  # Latest stable, as of 30 march 2024. not sure this is even used??
 
 ### OS ###
 
 # Set your timezone
-system_timezone: Europe/Berlin
+system_timezone: Europe/London
 
 ### NETWORKING ###
 
 # apiserver_endpoint is virtual ip-address which will be configured on each master.
 # It should be the same for all server nodes. This should be the Virtual IP provided by kubevip.
 # This is not the same IP address as the host machine, it should not come from the pool assigned
 # to MetalLB and must not be in the range assigned to DHCP on the local network.
-apiserver_endpoint: 192.168.0.100
+# If you are not installing KubeVIP to the cluster, then set this to the IP address of the master
+# (ie. first) server node.
+apiserver_endpoint: 192.168.0.1
 
 # k3s api server endpoint port. K3s defaults to 6443.
 # api_port: 6443
@@ -42,7 +43,7 @@ k3s_node_ip: '{{ ansible_facts[flannel_iface]["ipv4"]["address"] }}'
 
 # k3s_token is required so that masters can talk together securely.
 # This token should be alpha numeric only. Optionally use an ansible vault secret.
-k3s_token: s3kret-t0ken
+k3s_token: s3kr3t
 
 # Disable the taint manually by setting: k3s_master_taint = false
 # Disabling the taint allows server nodes to host workloads.
@@ -126,8 +127,8 @@ metal_lb_mode: layer2
 # metal_lb_bgp_peer_asn: "64512"
 # metal_lb_bgp_peer_address: "192.168.30.1"
 
-# metallb ip range for load balancer - pick whatever makes sense on your network
-metal_lb_ip_range: 192.168.0.2-192.168.0.10
+# metallb ip range for load balancer
+metal_lb_ip_range: 192.168.0.100-192.168.0.110
 
 # longhorn nfs backup target. Assumed to be on the longhorn_nfs_backup host in hosts.yaml
-longhorn_nfs_backup_target: "/srv/longhorn-backup"
+longhorn_nfs_backup_target: "/path/to/longhorn-backup/"