diff --git a/apps/argocd-config-app.yaml b/apps/argocd-config-app.yaml index 92e2df5..900028f 100644 --- a/apps/argocd-config-app.yaml +++ b/apps/argocd-config-app.yaml @@ -16,3 +16,7 @@ spec: automated: prune: false # Safety: Don't delete ArgoCD resources not managed by this app selfHeal: true + syncOptions: + - CreateNamespace=true + # WICHTIG: ServerSideApply für Patches + - ServerSideApply=true \ No newline at end of file diff --git a/apps/argocd-config/argocd-ha-patch.yaml b/apps/argocd-config/argocd-ha-patch.yaml new file mode 100644 index 0000000..f05efae --- /dev/null +++ b/apps/argocd-config/argocd-ha-patch.yaml @@ -0,0 +1,38 @@ +# ArgoCD HA Patch +# Patches das argocd-server Deployment für High Availability + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: argocd-server + namespace: argocd +spec: + replicas: 2 # HA: Mindestens 2 Replicas für Ausfallsicherheit + template: + spec: + affinity: + podAntiAffinity: + # Hard Rule: Pods müssen auf verschiedenen Nodes laufen + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - argocd-server + topologyKey: kubernetes.io/hostname + # WICHTIG: Controller flag für HA Mode + # --disable-auth sollte NICHT gesetzt werden in HA Mode + # --insecure wird bereits vom Standard-Manifest gesetzt + +--- +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: argocd-server + namespace: argocd +spec: + minAvailable: 1 # Mindestens 1 Pod muss immer verfügbar sein + selector: + matchLabels: + app.kubernetes.io/name: argocd-server diff --git a/apps/argocd-config/kustomization.yaml b/apps/argocd-config/kustomization.yaml index 5b781ae..0e167ee 100644 --- a/apps/argocd-config/kustomization.yaml +++ b/apps/argocd-config/kustomization.yaml @@ -3,4 +3,5 @@ kind: Kustomization resources: - external-secret.yaml - argocd-cm.yaml - - argocd-rbac-cm.yaml \ No newline at end of file + - argocd-rbac-cm.yaml + - argocd-ha-patch.yaml # HA: 2 Replicas + Anti-Affinity + PDB \ No newline at end of file diff --git a/apps/outline/deployment.yaml b/apps/outline/deployment.yaml index e2bcad0..e975926 100644 --- a/apps/outline/deployment.yaml +++ b/apps/outline/deployment.yaml @@ -6,7 +6,7 @@ metadata: labels: app: outline spec: - replicas: 1 + replicas: 2 # HA: Mindestens 2 Replicas für Ausfallsicherheit selector: matchLabels: app: outline @@ -15,6 +15,17 @@ spec: labels: app: outline spec: + affinity: + podAntiAffinity: + # Hard Rule: Pods müssen auf verschiedenen Nodes laufen + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - outline + topologyKey: kubernetes.io/hostname containers: - name: outline image: outlinewiki/outline:latest diff --git a/apps/outline/pdb.yaml b/apps/outline/pdb.yaml new file mode 100644 index 0000000..0065734 --- /dev/null +++ b/apps/outline/pdb.yaml @@ -0,0 +1,12 @@ +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: outline + namespace: outline + labels: + app: outline +spec: + minAvailable: 1 # Mindestens 1 Pod muss immer verfügbar sein + selector: + matchLabels: + app: outline diff --git a/infrastructure/traefik-app.yaml b/infrastructure/traefik-app.yaml index 34e7417..c6378bb 100644 --- a/infrastructure/traefik-app.yaml +++ b/infrastructure/traefik-app.yaml @@ -17,16 +17,16 @@ spec: replicas: 3 # HA: Einer pro Node affinity: podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: - - traefik - topologyKey: kubernetes.io/hostname + # WICHTIG: requiredDuringSchedulingIgnoredDuringExecution = Hard Rule + # Verhindert, dass Pods auf dem gleichen Node laufen + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - traefik + topologyKey: kubernetes.io/hostname service: enabled: true type: LoadBalancer