FEAT(ci): add ArgoCD Image Updater and CI/CD pipelines

- ArgoCD Image Updater for Zot registry polling - Tekton Tasks: git-clone, buildah-build-push - Pipelines: nextjs, fastapi, python - ExternalSecrets for Zot and GitHub credentials
2026-01-07 14:27:51 +09:00
parent 34de9051c6
commit e1641cd3cf
14 changed files with 503 additions and 0 deletions
--- a/argocd-image-updater/argocd.yaml
+++ b/argocd-image-updater/argocd.yaml
@@ -0,0 +1,35 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: argocd-image-updater
+  namespace: argocd
+spec:
+  project: default
+  sources:
+    - repoURL: https://argoproj.github.io/argo-helm
+      chart: argocd-image-updater
+      targetRevision: 0.11.0
+      helm:
+        valueFiles:
+          - $values/argocd-image-updater/helm-values.yaml
+    - repoURL: https://github.com/K3S-HOME/platform.git
+      targetRevision: main
+      ref: values
+    - repoURL: https://github.com/K3S-HOME/platform.git
+      targetRevision: main
+      path: argocd-image-updater/manifests
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: argocd
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+    retry:
+      limit: 5
+      backoff:
+        duration: 5s
+        factor: 2
+        maxDuration: 3m
--- a/argocd-image-updater/helm-values.yaml
+++ b/argocd-image-updater/helm-values.yaml
@@ -0,0 +1,28 @@
+# ArgoCD Image Updater Helm Values
+
+# Configuration for Zot private registry
+config:
+  logLevel: debug
+  registries:
+    - name: zot
+      prefix: zot0213.kro.kr
+      api_url: https://zot0213.kro.kr
+      credentials: pullsecret:argocd/zot-registry-credentials
+      insecure: false
+
+# Resource limits
+resources:
+  requests:
+    cpu: 10m
+    memory: 64Mi
+  limits:
+    memory: 256Mi
+
+# Tolerations for master node
+tolerations:
+  - key: "node-role.kubernetes.io/master"
+    operator: "Exists"
+    effect: "NoExecute"
+  - key: "node-role.kubernetes.io/control-plane"
+    operator: "Exists"
+    effect: "NoSchedule"
--- a/argocd-image-updater/kustomization.yaml
+++ b/argocd-image-updater/kustomization.yaml
@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - argocd.yaml
+  - manifests/secret.yaml
--- a/argocd-image-updater/manifests/secret.yaml
+++ b/argocd-image-updater/manifests/secret.yaml
@@ -0,0 +1,27 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: zot-registry-credentials
+  namespace: argocd
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-backend
+  target:
+    name: zot-registry-credentials
+    creationPolicy: Owner
+    template:
+      type: kubernetes.io/dockerconfigjson
+      data:
+        .dockerconfigjson: |
+          {"auths":{"zot0213.kro.kr":{"username":"{{ .USERNAME }}","password":"{{ .PASSWORD }}","auth":"{{ printf "%s:%s" .USERNAME .PASSWORD | b64enc }}"}}}
+  data:
+    - secretKey: USERNAME
+      remoteRef:
+        key: zot
+        property: USERNAME
+    - secretKey: PASSWORD
+      remoteRef:
+        key: zot
+        property: PASSWORD