stabify/gitops
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added HA conf for argo, outline and traefik

Browse Source
This commit is contained in:
Nick Adam
2026-01-19 00:25:51 +01:00
parent 3f4672684f
commit d6d1614660
6 changed files with 78 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
apps/argocd-config-app.yaml
View File

@@ -16,3 +16,7 @@ spec:
automated: automated:
prune: false # Safety: Don't delete ArgoCD resources not managed by this app prune: false # Safety: Don't delete ArgoCD resources not managed by this app
selfHeal: true selfHeal: true
syncOptions:
- CreateNamespace=true
# WICHTIG: ServerSideApply für Patches
- ServerSideApply=true

38
apps/argocd-config/argocd-ha-patch.yaml Normal file
View File

@@ -0,0 +1,38 @@
# ArgoCD HA Patch
# Patches das argocd-server Deployment für High Availability
apiVersion: apps/v1
kind: Deployment
metadata:
name: argocd-server
namespace: argocd
spec:
replicas: 2 # HA: Mindestens 2 Replicas für Ausfallsicherheit
template:
spec:
affinity:
podAntiAffinity:
# Hard Rule: Pods müssen auf verschiedenen Nodes laufen
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- argocd-server
topologyKey: kubernetes.io/hostname
# WICHTIG: Controller flag für HA Mode
# --disable-auth sollte NICHT gesetzt werden in HA Mode
# --insecure wird bereits vom Standard-Manifest gesetzt
---
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: argocd-server
namespace: argocd
spec:
minAvailable: 1 # Mindestens 1 Pod muss immer verfügbar sein
selector:
matchLabels:
app.kubernetes.io/name: argocd-server

1
apps/argocd-config/kustomization.yaml
View File

@@ -4,3 +4,4 @@ resources:
- external-secret.yaml - external-secret.yaml
- argocd-cm.yaml - argocd-cm.yaml
- argocd-rbac-cm.yaml - argocd-rbac-cm.yaml
- argocd-ha-patch.yaml # HA: 2 Replicas + Anti-Affinity + PDB

13
apps/outline/deployment.yaml
View File

@@ -6,7 +6,7 @@ metadata:
labels: labels:
app: outline app: outline
spec: spec:
replicas: 1 replicas: 2 # HA: Mindestens 2 Replicas für Ausfallsicherheit
selector: selector:
matchLabels: matchLabels:
app: outline app: outline
@@ -15,6 +15,17 @@ spec:
labels: labels:
app: outline app: outline
spec: spec:
affinity:
podAntiAffinity:
# Hard Rule: Pods müssen auf verschiedenen Nodes laufen
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- outline
topologyKey: kubernetes.io/hostname
containers: containers:
- name: outline - name: outline
image: outlinewiki/outline:latest image: outlinewiki/outline:latest

12
apps/outline/pdb.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: outline
namespace: outline
labels:
app: outline
spec:
minAvailable: 1 # Mindestens 1 Pod muss immer verfügbar sein
selector:
matchLabels:
app: outline

8
infrastructure/traefik-app.yaml
View File

@@ -17,10 +17,10 @@ spec:
replicas: 3 # HA: Einer pro Node replicas: 3 # HA: Einer pro Node
affinity: affinity:
podAntiAffinity: podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution: # WICHTIG: requiredDuringSchedulingIgnoredDuringExecution = Hard Rule
- weight: 100 # Verhindert, dass Pods auf dem gleichen Node laufen
podAffinityTerm: requiredDuringSchedulingIgnoredDuringExecution:
labelSelector: - labelSelector:
matchExpressions: matchExpressions:
- key: app.kubernetes.io/name - key: app.kubernetes.io/name
operator: In operator: In