Techcle Wiki

K8s Lab

3 min read

Platform Foundation Seed

This repository provides the foundational platform infrastructure components (ArgoCD and supporting applications) that serve as the base for other platform capabilities.

Overview

The k8s-lab foundation includes:

  • ArgoCD: GitOps engine for managing all platform components
  • Supporting Applications: Essential infrastructure services
    • cert-manager: TLS certificate management
    • external-secrets: Automated secret distribution
    • Kargo: Advanced GitOps workflows
    • Headlamp: Kubernetes dashboard
    • Traefik: HTTP ingress controller
    • RabbitMQ Operator: Message broker
    • Strimzi: Apache Kafka operator
    • Argo Rollouts: Advanced deployment strategies
    • n8n: Workflow automation platform
  • Central Secret Store: Centralized secret management
  • Environment Overlays: Support for different deployment environments

Bootstrap Process

1. Initial Setup with Passwords

For a clean cluster setup, use the init task which sets up passwords and applies the initial configuration:

task init

This will:

  • Create required secrets in the central-secret-store namespace
  • Apply the initial foundation configuration
  • Set up ArgoCD for self-management

2. Alternative: Manual Bootstrap

If you prefer to set up passwords separately:

# Set up required environment variables first
export GITHUB_PAT_BUILDTOOLING="your-github-pat"
export GITHUB_BUILD_USERNAME="your-github-username"
export GITHUB_BUILD_CLIENTID="your-github-oauth-client-id"
export GITHUB_BUILD_CLIENTSECRET="your-github-oauth-client-secret"
export CLOUDFLARE_API_TOKEN="your-cloudflare-api-token"
 
# Create passwords and secrets
task seed:passwords
 
# Apply foundation
kubectl apply -k .

Lab Environment Configuration

The k8s-lab foundation is pre-configured for the lab environment with:

  • Domain: lab.local.ctoaas.co for all services
  • TLS: Automatic certificate management via LetsEncrypt
  • Ingress: All foundation services accessible via Traefik
  • Services Available:
    • ArgoCD: https://argocd.lab.local.ctoaas.co
    • Kargo: https://kargo.lab.local.ctoaas.co
    • Headlamp: https://headlamp.lab.local.ctoaas.co
    • Code Server: https://code-server.lab.local.ctoaas.co
    • n8n: https://n8n.lab.local.ctoaas.co

The foundation can be deployed directly with kubectl apply -k . - no overlays needed.

Directory Structure

k8s-lab/                           # Foundation repository
├── argocd/                        # ArgoCD installation and config
├── supporting-applications/       # All supporting apps
│   ├── cert-manager/
│   ├── external-secrets/
│   ├── kargo/
│   ├── headlamp/
│   ├── rabbitmq-operator/
│   ├── strimzi/
│   ├── argo-rollouts/
│   ├── code-server/
│   └── n8n/
├── traefik/                       # Ingress controller
├── central-secret-store/          # Central secret management
├── helm/                          # Shared Helm charts
│   └── traefik-ingress/          # Shared ingress chart
├── _common/                       # Shared components
│   └── components/
│       └── argocd-branch-targetrevision/
├── letsencrypt-issuer.yaml        # Lab TLS certificate issuer
├── remove-control-plane-taint-job.yaml # Lab cluster configuration
├── kustomization.yaml             # Root kustomization with lab config
└── README.md                      # This file

Shared Components

The k8s-lab foundation provides shared components that can be used by other repositories:

Shared Helm Charts

  • traefik-ingress: Located at helm/traefik-ingress/ - A standardized ingress chart for creating Traefik ingress resources with environment-specific domain patterns and TLS configuration

Other repositories can reference these shared charts by pointing to the k8s-lab repository.

Business Capability Integration

Business capabilities (like Backstage, Image Factory, EDA) should be deployed as separate repositories that assume this foundation exists. They can reference foundation-provided services and shared components without duplicating infrastructure.

Management

# Initial setup (recommended for clean clusters)
task init
 
# Check foundation status
task status
 
# Set up passwords and secrets
task passwords
 
# Access ArgoCD UI
task argocd:ui
 
# Get ArgoCD admin password
task argocd:password
 
# Access n8n UI
task n8n:ui
 
# Check n8n status
task n8n:status
 
# Apply foundation manually
task apply
 
# Build and validate configuration
task build
task validate

Testing

The foundation includes comprehensive testing:

  • Unit tests for configuration validation
  • Property-based tests for correctness properties
  • Integration tests for component interaction
  • Acceptance tests for end-to-end validation

Migration from argocd-eda

This foundation replaces the platform components from argocd-eda, allowing argocd-eda to become a lightweight repository containing only business capabilities.

0 items under this folder.