security app deployment guide¶
Deployment | |
Edit on GitHub | /deployments/security |
Type | Kustomize |
Parent app | None |
Overview
The security
app is responsible for deploying security services for Roundtable, most notably Vault and all of its dependencies.
It follows the app of apps pattern.
It deploys:
- ingress-nginx for shared ingress.
- cert-manager for Let’s-Encrypt-provided TLS certificates.
- vault for the Vault secret service.
Bootstrapping the Application
Since security
is a parent app, its Application
resource was not created automatically and is not managed by GitOps.
We manually created the security
application from the argocd CLI:
argocd app create security \
--dest-namespace argocd \
--dest-server https://kubernetes.default.svc \
--repo https://github.com/lsst-sqre/roundtable.git \
--path deployments/security \
--sync-policy automated \
--project default
The security
Application’s properties (such as the sync policy) should be managed entirely through the Argo CD dashboard or CLI.
Of course, the security
manifest in Git can be modified to manage the applications that are created by the security
parent application.