This repository contains the complete Kubernetes cluster configuration managed by ArgoCD using the App of Apps pattern.
bootstrap/ # Root application for App of Apps pattern
gitops/
├── apps/ # ArgoCD Application manifests (App of Apps)
└── k8s/ # Kubernetes resources managed by apps
- Kubernetes cluster running
- ArgoCD installed in
argocdnamespace - kubectl configured and connected
- kubeseal CLI installed (
brew install kubeseal) - Doppler service token
# 1. Seal your Doppler token first
./scripts/seal-doppler-token.sh dp.st.YOUR_DOPPLER_TOKEN
git add gitops/k8s/doppler-secrets/doppler-token-sealed.yaml
git commit -m "Add sealed Doppler token"
git push
# 2. Run the bootstrap script
./bootstrap/bootstrap-cluster.sh# 1. Seal and commit Doppler token (see above)
# 2. Apply the root application
kubectl apply -f bootstrap/root-app.yaml
# 3. Watch applications sync
kubectl get applications -n argocd -w# Get admin password
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d && echo
# Open UI
open https://argocd.k8s.server.lan
# Username: admin
# Password: (from command above)That's it! All applications will be automatically deployed by ArgoCD.
- MetalLB - LoadBalancer for bare metal clusters
- Traefik - Ingress controller
- cert-manager - SSL/TLS certificate management
- Doppler Operator - Secrets management
- Doppler Secrets - Secret synchronization
- Prometheus Stack - Metrics and alerting
- Grafana - Dashboards and visualization
- Loki - Log aggregation
- Promtail - Log collection
- Blackbox Exporter - External monitoring
- Actions Runner Controller - GitHub Actions runners
- GitHub Runner - Self-hosted runners
- ArgoCD Ingress - External access to ArgoCD UI
- Create an Application manifest in
gitops/apps/:
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: my-app
namespace: argocd
spec:
project: default
source:
repoURL: https://github.com/x86txt/argocd_2025.git
targetRevision: main
path: gitops/k8s/my-app
destination:
server: https://kubernetes.default.svc
namespace: my-app
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions: [CreateNamespace=true]- Create the resources in
gitops/k8s/my-app/ - Commit and push - ArgoCD handles the rest!
Contains the root Application that implements the App of Apps pattern. Apply this once to bootstrap everything.
Application manifests that define what to deploy. Each file is an ArgoCD Application resource.
The actual Kubernetes resources (Deployments, Services, ConfigMaps, etc.) organized by application.
This repo uses the App of Apps pattern:
- Root App (
bootstrap/root-app.yaml) watchesgitops/apps/ - Child Apps in
gitops/apps/manage actual workloads - GitOps workflow: commit → push → auto-deploy
- LoadBalancer IP: 10.5.22.60 (Traefik)
- ArgoCD URL: https://argocd.k8s.server.lan
Secrets are managed via Doppler and synchronized automatically. See gitops/k8s/doppler-secrets/ for configuration.
kubectl get applications -n argocdkubectl annotate application -n argocd --all argocd.argoproj.io/refresh=hard --overwritekubectl get application -n argocd <app-name> -o yaml# Force refresh
kubectl annotate application -n argocd <app-name> argocd.argoproj.io/refresh=hard --overwritekubectl describe application -n argocd <app-name>kubectl logs -n argocd -l app.kubernetes.io/name=argocd-server- All applications use automated sync with prune and self-heal
- Namespaces are created automatically via
CreateNamespace=true - Secrets should never be committed - use Doppler or sealed secrets