security app deployment guide¶
| Deployment | |
| Edit on GitHub | /deployments/security |
| Type | Kustomize |
| Parent app | None |
Overview
The security app is responsible for deploying security services for Roundtable, most notably Vault and all of its dependencies.
It follows the app of apps pattern.
It deploys:
- nginx-ingress for shared ingress.
- cert-manager for Let’s-Encrypt-provided TLS certificates.
- vault for the Vault secret service.
Bootstrapping the Application
Since security is a parent app, its Application resource was not created automatically and is not managed by GitOps.
We manually created the security application from the argocd CLI:
argocd app create security \
--dest-namespace argocd \
--dest-server https://kubernetes.default.svc \
--repo https://github.com/lsst-sqre/roundtable.git \
--path deployments/security \
--sync-policy automated \
--project default
The security Application’s properties (such as the sync policy) should be managed entirely through the Argo CD dashboard or CLI.
Of course, the security manifest in Git can be modified to manage the applications that are created by the security parent application.