Shared Argo CD templates for self hosted infra
A collection of Argo CD templates for deploying helm apps or directories of Kubernetes (k8s) manifests as Argo CD apps. We're still working on full stability, but please feel free to ask questions or make suggestions 🧡
https://github.com/small-hack/argocd-apps/assets/2389292/76b0fe06-554e-4e46-856f-51a268ed170e
These Argo CD apps were originally designed to be compatible with smol-k8s-lab
, but they can be used anywhere :)
Core Tenants
Here's some quick guidelines, but you if you'd like to contribute, please read the full contributing guidelines here 😃!
-
Follow a base schema for all our files and directories so that we can easily make more of them faster.
-
Make secure as we go to avoid the dreaded all-at-once security pass (but we may have missed something, in which case, please let us know).
-
Be kind and if something doesn't work as it should, try to fix the upstream repo before introducing a good-enough fix here.
-
NEVER FORGET THE BACKUPS. DO YOU REMEMBER WHAT HAPPENED LAST TIME WE DIDN'T HAVE THIS RULE? 😭
All Apps
Continuous Deployment
App Directory |
Description |
argocd |
The one, the only, Argo CD is used for declarative continuous delivery to Kubernetes with a fully-loaded UI. This actually deploys all the other apps and manages itself too :3 |
Database
App Directory |
Description |
cloud-native-postgres-operator |
PostgreSQL database management operator to spin up postgres instances, collect metrics, and create backups |
postgres |
Just a bitnami PostgreSQL database helm chart on k8s, in case you need that for something |
File Storage and Backups
App Directory |
Description |
k8up |
K8up is a k8s native backups done via restic, so you can sync your persistent volumes to external s3 compliant storage |
nextcloud |
Nextcloud is a self hosted file storage cloud solution. Replaces something like google drive/photos/notes/meets/calendar - mostly stable |
minio |
MinIO is a secure self hosted S3 compatible Object Store. |
seaweedfs |
SeaweedFS is a secure and very fast self hosted S3 compatible Object Store specialized for either many files or large files |
Experimental
App Directory |
Description |
garage |
Garage is a self hosted S3 compatible Object Store |
Harbor |
Container Registry and OCI artifact store with built-in vulernability scanning via Trivy |
Longhorn |
Longhorn is a lightweight, reliable and easy-to-use distributed block storage system for Kubernetes. (not currently actively in development) |
Identity Providers and SSO
App Directory |
Description |
vouch-proxy |
helm chart for Vouch, an OAuth2 proxy that allows you to use ingress-nginx annotations to connect to a third party identity provider, giving you proper auth on websites that don't have auth. Currently works with the zitadel provider in this template, but also known to work with keycloak, google, and github |
zitadel |
helm chart for Zitadel, an Identity Access Management tool with built in OpenIDConnect for authenticating to self hosted apps. Recommended over keycloak. |
Experimental
App Directory |
Description |
keycloak |
helm chart for Keycloak, an Identity Access Management tool with built in OpenIDConnect for authenticating to self hosted apps |
oauth2-proxy |
Oauth2 proxy that works with Google, however we're testing a keycloak provider right now |
Ingress
Monitoring
Experimental
App Directory |
Description |
kepler |
helm chart for Kepler, (Kubernetes-based Efficient Power Level Exporter), which uses eBPF to probe performance counters and other system stats, use ML models to estimate workload energy consumption based on these stats, and exports them as Prometheus metrics. |
Networking
App Directory |
Description |
metallb |
A helm chart for metallb which will let you manager your own ip address pool for use with ingress |
Experimental
App Directory |
Description |
cilium |
A helm chart for cilium, for transparently securing network connectivity/loadbalancing b/w app workloads such as app containers or processes |
headscale |
VPN, there isn't an official helm chart, so we're still working on this |
netmaker |
VPN utilizing wiregaurd on the backend |
wireguard |
A helm chart for wg-access-server which uses Wireguard®️ for a VPN |
Other
Other useful tools that don't fit neatly into any one category.
Experimental
App Directory |
Description |
k8tz |
A helm chart for k8tz, to inject timezone info into cronjob pods |
Security
App Directory |
Description |
kyverno |
Kubernetes-native policy management |
Secrets Management
Experimental
App Directory |
Description |
infisical |
Infisical is an open source secrets management solution and it has a k8s secrets operator. |
vault |
Vault is an open source secrets management solution by Hashicorp. |
Social Media and chat
App Directory |
Description |
coturn |
TURN/STUN server for connecting VoIP peers |
mastodon |
Selfhosted social media site, includes postgresql, [elastic search] (for full text searching), and redis (in memory caching) - mostly stable |
matrix |
Selfhosted chat server that plugs into a bunch of other chat apps |
Experimental
App Directory |
Description |
iceshrimp |
Selfhosted social media. This is forked from firefish, which is forked from miskey |
Virtual Machines
App Directory |
Description |
kubevirt |
KubeVirt is a virtual machine management add-on for Kubernetes. |
Experimental
App Directory |
Description |
Nvidia GPU Operator |
The GPU Operator allows administrators of Kubernetes clusters to manage GPU nodes |
Troubleshooting Tips
-
Namespace stuck in terminating state
kubectl get namespace "<NAMESPACE>" -o json | tr -d "\n" | sed "s/\"finalizers\": \[[^]]\+\]/\"finalizers\": []/" | kubectl replace --raw /api/v1/<NAMESPACE>/cdi/finalize -f -
-
Find all items in a namespace
kubectl api-resources --verbs=list --namespaced -o name | xargs -n 1 kubectl get --show-kind --ignore-not-found -n <NAMESPACE>
-
be sure to check for and remove Mutatingwebhookconfiguration
and Validatingwebhookconfiguration
-
Patching a resource you found via the Xargs search
kubectl patch <CLASS>/<NAME>-p '{"metadata":{"finalizers":[]}}' --type=merge -n <NAMESPACE>
Art
This part is just here for fun :) If you have open source fan art, consider submitting it to the project itself and/or us, and we'll display it with credit 💙
Argo CD Squid riding a Docker whale
By @jessebot