security app deployment guide¶
| Deployment | |
| Edit on GitHub | /deployments/security |
| Type | Kustomize |
| Parent app | None |
Overview
The security app is responsible for deploying security services for Roundtable. Since Vault has moved to Phalanx Roundtable, it doesn’t have much to do.
It follows the app of apps pattern.
It deploys:
- ingress-nginx for shared ingress.
- cert-manager for Let’s-Encrypt-provided TLS certificates.
Bootstrapping the Application
Since security is a parent app, its Application resource was not created automatically and is not managed by GitOps.
We manually created the security application from the argocd CLI:
argocd app create security \
--dest-namespace argocd \
--dest-server https://kubernetes.default.svc \
--repo https://github.com/lsst-sqre/roundtable.git \
--path deployments/security \
--sync-policy automated \
--project default
The security Application’s properties (such as the sync policy) should be managed entirely through the Argo CD dashboard or CLI.
Of course, the security manifest in Git can be modified to manage the applications that are created by the security parent application.