| Age | Commit message (Collapse) | Author |
|---|
|
session timeout
Amp-Thread-ID: https://ampcode.com/threads/T-019c1549-6538-740f-b867-595c2dff8117
Co-authored-by: Amp <amp@ampcode.com>
|
|
- Removed SSH agent sidecar container
- Removed custom SSH_AUTH_SOCK and SSH key volumes
- ArgoCD will use native SSH support with:
- Repository credential secret (git-server-repo-creds)
- Known hosts ConfigMap (argocd-ssh-known-hosts-cm)
- Much simpler and follows ArgoCD best practices
|
|
- Fixes permission denied error when repo-server accesses socket
- Ensures changes survive cluster restart
|
|
- Check if UID 999 exists before creating user
- Look up username for UID 999 dynamically
- Fixes 'unknown user argocd' error
|
|
- Install openssh as root (has apk permissions)
- Create argocd user (999) if needed
- Use su to run ssh-agent as argocd user
- Fixes 'permission denied' and 'ssh-agent not found' errors
|
|
- Fixes permission denied error when repo-server tries to access socket
- Both containers now run as same user for shared socket access
|
|
- Create ssh-agent sidecar container to provide SSH_AUTH_SOCK
- Share socket via emptyDir volume at /tmp/ssh-agent
- Add SSH key from argocd-git-ssh-key secret to agent
- Fixes 'SSH agent requested but SSH_AUTH_SOCK not-specified' errors
|
|
- Remove custom SSH key volume and volumeMount
- Remove SSH_AUTH_SOCK and GIT_SSH_COMMAND env vars
- Let ArgoCD use repository credential secret (git-server-repo-creds)
|
|
|
|
- Set SSH_AUTH_SOCK to empty string to disable SSH agent
- Add IdentitiesOnly=yes to GIT_SSH_COMMAND to use only the specified key
- Fixes 'SSH agent requested but SSH_AUTH_SOCK not-specified' errors
|
|
- Enable SYS_CHROOT capability for git-server SSH to work in containers
- Configure ArgoCD repo-server to use SSH key for git-server access
- Set DEBUG3 logging in sshd for troubleshooting (temp)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|
Remove fixed password from values.yaml so helm upgrade doesn't reset
the admin password when users change it via UI.
Changes:
- Remove argocdServerAdminPassword from values.yaml
- Leave password generation to ArgoCD default behavior
- Update Justfile install message to show get-password command
Behavior now:
- helm install: Generates random password in argocd-initial-admin-secret
- helm upgrade: Preserves existing password (does NOT reset)
- helm uninstall: Deletes secret along with all resources
- User password changes via UI are preserved
Verified:
- Password hash unchanged after helm upgrade ✅
- Secret deleted on helm uninstall ✅
- Login works before and after upgrade ✅
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|
Change admin password handling so it's properly managed by Helm and gets
deleted when running helm uninstall, while using a fixed password instead
of random generation.
Changes:
- Set fixed argocdServerAdminPassword in values.yaml
- Remove configs.secret.createSecret: false (use Helm default: true)
- Remove argocd-secret.yaml (Helm creates it now)
- Update Justfile to not apply manual secret
- Password: "argocd-admin-default" (bcrypt hash in values.yaml)
Behavior:
- helm install: Creates secret with fixed password
- helm upgrade: Updates secret to fixed password (resets any UI changes)
- helm uninstall: Deletes secret along with all resources
- Secret has Helm annotations (managed by Helm)
This is standard Helm behavior - the password in values.yaml is the
source of truth. User can change via UI, but helm operations will
reset it to the configured value.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|
Ensure admin password persists through helm uninstall/install cycles by
managing argocd-secret outside of Helm's control.
Changes:
- Set configs.secret.createSecret: false in values.yaml
- Create argocd-secret.yaml with default admin password
- Update Justfile to apply secret before helm install
- Secret is now managed by kubectl, not Helm
- Default password: "argocd-admin-default" (change after first login)
Benefits:
- Admin password survives helm uninstall/install
- Password changes via UI/CLI are preserved
- No random password regeneration on redeployments
- Secret has no Helm annotations (not managed by Helm)
The argocd-secret will persist across redeployments unless explicitly
deleted. PVC and admin password are now both persistent.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|
Enable PVC mount for ArgoCD repo-server to cache Git repositories and
generated manifests, improving performance for subsequent deployments.
Changes:
- Mount argocd-repo-server-pvc at /home/argocd/repo-cache
- Set XDG_CACHE_HOME environment variable to use persistent cache
- Avoid conflict with default /tmp mount used by ArgoCD
This ensures Git repo clones and Helm charts are cached persistently
across pod restarts, reducing network traffic and speeding up syncs.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|
Deploy ArgoCD v3.2.3 for GitOps continuous delivery in the k3s cluster.
Configuration:
- New cicd namespace for CI/CD tooling
- Non-HA single instance deployment (following cluster patterns)
- Traefik ingress at argocd.f3s.buetow.org
- Prometheus ServiceMonitor integration for metrics
- 10Gi persistent volume for repo-server cache
- Insecure mode with TLS termination at proxy
Components deployed:
- argocd-server (Web UI and API)
- argocd-repo-server (Repository management)
- argocd-application-controller (Application sync)
- argocd-redis (State cache)
- argocd-applicationset-controller (Multi-app management)
Also adds argocd.f3s.buetow.org to frontends Rexfile for relayd proxy
configuration.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
