Merge pull request #21 from ADORSYS-GIS/15-document-manual-argocd-deployment-process

15 document manual argocd deployment process

Author: USHER-PB

argocd/README.md

@@ -0,0 +1,24 @@
+# Argo CD Deployment Guide
+
+Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It automates the deployment of applications by continuously monitoring Git repositories and synchronizing the desired application state with the live state in your Kubernetes cluster.
+
+## Deployment Options
+
+We provide two ways to deploy Argo CD to your Kubernetes cluster:
+
+### 1. Manual Deployment
+
+Deploy Argo CD manually using Helm with customizable values files. This approach gives you full control over the configurations.
+
+**[Manual Deployment Guide](../docs/manual-argocd-deployment.md)**
+
+The manual deployment uses the production-ready values file located at [`argocd/manual/argocd-prod-values.yaml`](manual/argocd-prod-values.yaml),
+
+### 2. Automated Deployment (Terraform)
+
+Deploy Argo CD automatically using Terraform for infrastructure-as-code management
+
+**[Automated Deployment Guide](#)** *(Coming soon)*
+
+The automated deployment is located in the [`argocd/terraform/`](terraform)
+

argocd/manual/argocd-prod-values.yaml

@@ -0,0 +1,93 @@
+# 1. High Availability (Redis & Components)
+# -----------------------------------------
+redis-ha:
+  enabled: true
+  exporter:
+    enabled: true
+
+controller:
+  replicas: 1
+  resources:
+    limits:
+      memory: "2Gi"
+      cpu: "1"
+    requests:
+      memory: "512Mi"
+      cpu: "250m"
+
+repoServer:
+  replicas: 2
+  autoscaling:
+    enabled: true
+    minReplicas: 2
+    maxReplicas: 5
+  resources:
+    limits:
+      memory: "1Gi"
+      cpu: "500m"
+
+server:
+  replicas: 2
+  autoscaling:
+    enabled: true
+    minReplicas: 2
+    maxReplicas: 5
+  
+  # 2. Ingress & Cert-Manager Integration
+  # -------------------------------------
+  ingress:
+    enabled: true
+    ingressClassName: nginx # CHANGE THIS TO YOUR INGRESS CLASS NAME
+    hostname: "YOUR_ARGO-CD_DOMAIN" # CHANGE THIS
+    annotations:
+      # Standard Nginx tuning
+      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+      nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
+      
+      # Cert-Manager Configuration
+      cert-manager.io/cluster-issuer: "letsencrypt-prod" # CHANGE THIS to your Issuer name
+      # If you were using a ClusterIssuer, you would use:
+      # cert-manager.io/cluster-issuer: "letsencrypt-prod"
+      
+    tls:
+      - secretName: argocd-tls-cert
+        hosts:
+          - "YOUR_ARGO-CD_DOMAIN" # CHANGE THIS
+
+  # 3. Multi-Tenancy & RBAC
+  # -----------------------
+  # This section sets up the foundation for multi-tenancy.
+  # We disable the admin user eventually and rely on SSO, 
+  # but for now, we define policies.
+configs:
+  params:
+    server.insecure: true # We terminate TLS at NGINX, so Argo itself runs insecurely internally
+  
+  # Define RBAC roles for your tenants here or in a separate ConfigMap
+  rbac:
+    policy.csv: |
+      # Example: Grant 'dev-team' access only to 'dev-project'
+      # p, role:dev-team, applications, *, dev-project/*, allow
+      # g, dev-user@yourcompany.com, role:dev-team
+      
+      # Default policy
+      g, admin, role:admin
+      g, ArgoCDAdmins, role:admin
+  
+  cm:
+    url: https://YOUR_ARGO-CD_DOMAIN
+    oidc.config: |
+      name: Keycloak
+      issuer: https://YOUR_KEYCLOAK_DOMAIN/realms/YOUR_REALM
+      clientID: YOUR_CLIENT_ID
+      clientSecret: YOUR_CLIENT_SECRET
+      requestedScopes: ["openid", "profile", "email", "groups"]
+      enablePKCEAuthentication: true
+      # PKCE is handled automatically by the ArgoCD CLI 
+      # when it talks to this OIDC provider.
+
+# 4. GitOps Engine Tuning
+# -----------------------
+# Important for production to handle many applications
+applicationSet:
+  replicas: 2