diff options
| -rw-r--r-- | f3s/argocd/Justfile | 15 | ||||
| -rw-r--r-- | f3s/argocd/argocd-secret.yaml | 28 | ||||
| -rw-r--r-- | f3s/argocd/values.yaml | 6 |
3 files changed, 45 insertions, 4 deletions
diff --git a/f3s/argocd/Justfile b/f3s/argocd/Justfile index 6aa7b76..3f0d487 100644 --- a/f3s/argocd/Justfile +++ b/f3s/argocd/Justfile @@ -9,16 +9,20 @@ install: helm repo update kubectl create namespace {{NAMESPACE}} || true kubectl apply -f persistent-volumes.yaml + kubectl apply -f argocd-secret.yaml helm install {{RELEASE_NAME}} argo/argo-cd --namespace {{NAMESPACE}} -f values.yaml @echo "Waiting for ArgoCD to be ready..." @sleep 10 kubectl apply -f ingress.yaml @echo "" @echo "ArgoCD deployed successfully!" - @echo "Access UI at: http://argocd.f3s.buetow.org" + @echo "Access UI at: https://argocd.f3s.buetow.org" @echo "" - @echo "Get initial admin password with:" - @echo "kubectl -n {{NAMESPACE}} get secret argocd-initial-admin-secret -o jsonpath=\"{.data.password}\" | base64 -d" + @echo "Default admin credentials:" + @echo " Username: admin" + @echo " Password: argocd-admin-default" + @echo "" + @echo "IMPORTANT: Change the password after first login!" upgrade: helm upgrade {{RELEASE_NAME}} argo/argo-cd --namespace {{NAMESPACE}} -f values.yaml @@ -27,7 +31,10 @@ upgrade: uninstall: kubectl delete -f ingress.yaml || true helm uninstall {{RELEASE_NAME}} --namespace {{NAMESPACE}} || true - kubectl delete -f persistent-volumes.yaml || true + @echo "" + @echo "NOTE: argocd-secret is preserved to keep your admin password" + @echo " To fully remove: kubectl delete secret argocd-secret -n {{NAMESPACE}}" + @echo " To remove PV: kubectl delete -f persistent-volumes.yaml" status: kubectl get pods -n {{NAMESPACE}} -l app.kubernetes.io/name=argocd-server diff --git a/f3s/argocd/argocd-secret.yaml b/f3s/argocd/argocd-secret.yaml new file mode 100644 index 0000000..1c7c1ef --- /dev/null +++ b/f3s/argocd/argocd-secret.yaml @@ -0,0 +1,28 @@ +# ArgoCD Secret - Managed manually (not by Helm) +# This preserves admin password changes across helm uninstall/install cycles +# +# Default admin password: "argocd-admin-default" +# Change this after first login via: argocd account update-password +# +# To generate a new password hash: +# htpasswd -nbBC 10 "" "your-password" | tr -d ':\n' | sed 's/$2y/$2a/' +# echo -n "hash-output" | base64 + +apiVersion: v1 +kind: Secret +metadata: + name: argocd-secret + namespace: cicd + labels: + app.kubernetes.io/name: argocd-secret + app.kubernetes.io/part-of: argocd +type: Opaque +data: + # admin.password: bcrypt hash of "argocd-admin-default" + # Generated with: htpasswd -nbBC 10 "" "argocd-admin-default" | tr -d ':\n' | sed 's/$2y/$2a/' + admin.password: JDJhJDEwJDhKdlRveW5tb1NTZkMvMndZZGxDN09RVTZyUVJjTHJPT054WkllZ3poWmVpc0hmdnpETjUy + # admin.passwordMtime: modification time (ISO 8601 format) + admin.passwordMtime: MjAyNS0xMi0zMFQwOTozMDowMFo= + # server.secretkey: auto-generated or set your own (base64 encoded random string) + # Generated with: openssl rand -base64 32 + server.secretkey: WjJRMU1rWXlSMjFoTlZOSUsyeEpRamRNTDNkcEwxUndPRkJGVjBkNGJtOUxLMGxGWVhoM2FtcG9kejA9 diff --git a/f3s/argocd/values.yaml b/f3s/argocd/values.yaml index 2a8e7b6..fb97755 100644 --- a/f3s/argocd/values.yaml +++ b/f3s/argocd/values.yaml @@ -103,3 +103,9 @@ crds: configs: params: server.insecure: true + # Secret configuration - don't let Helm manage the secret + # This preserves admin password changes across redeployments + secret: + createSecret: false + # Note: argocd-secret must be created manually before first install + # See argocd-secret.yaml for the secret template |