ArgoCD-Documentation updated

2026-02-20 13:52:41 +01:00
parent 6af0b02442
commit 67a967da67
1 changed files with 148 additions and 14 deletions
--- a/Documentation/ArgoCD.md
+++ b/Documentation/ArgoCD.md
@@ -13,21 +13,29 @@ This directory contains the ArgoCD application manifests for deploying the Vorga
 - **Storage Class**: Uses NFS storage class for shared storage across multiple pods
 - **Namespace**: vorgabenui

+#### `configmap.yaml`
+- **Purpose**: Django application configuration
+- **Contains**: Environment variables, application settings, version information
+- **Namespace**: vorgabenui
+- **Version**: 0.990
+
 #### `deployment.yaml`
 - **Purpose**: Main application deployment configuration
 - **Contains**: Django application container, environment variables, resource limits
 - **Replicas**: Configurable replica count for high availability
+- **Version**: 0.990

 #### `ingress.yaml`
 - **Purpose**: External access configuration
 - **Host**: Configurable hostname for the application
 - **TLS**: SSL/TLS termination configuration
 - **Backend**: Routes traffic to the Django application service
+- **Ingress Class**: traefik

 #### `nfs-pv.yaml`
 - **Purpose**: PersistentVolume definition for NFS storage
 - **Server**: 192.168.17.199
- **Path**: /mnt/user/vorgabenui
+- **Path**: /mnt/user/kubernetesdata/vorgabenui
 - **Access**: ReadWriteMany for multi-pod access
 - **Reclaim Policy**: Retain (data preserved after PVC deletion)

@@ -40,14 +48,21 @@ This directory contains the ArgoCD application manifests for deploying the Vorga
 #### `diagrammer.yaml`
 - **Purpose**: Deployment configuration for the diagram generation service
 - **Function**: Handles diagram creation and caching for the application
+- **Version**: 0.026

-## NFS Storage Configuration
+#### `secret.yaml` (Template)
+- **Purpose**: Template for Django SECRET_KEY secret
+- **Contains**: Secret key configuration for cryptographic operations
+- **Namespace**: vorgabenui
+- **Generated by**: `deploy-argocd-secret.sh` script
+- **Version**: 0.026

-### Prerequisites
-1. NFS server must be running at 192.168.17.199
-2. The directory `/mnt/user/vorgabenui` must exist and be exported
-3. Kubernetes nodes must have NFS client utilities installed
-4. For MicroK8s: `microk8s enable nfs`
+#### `secret.yaml` (Template)
+- **Purpose**: Template for Django SECRET_KEY secret
+- **Contains**: Secret key configuration for cryptographic operations
+- **Namespace**: vorgabenui
+- **Generated by**: `deploy-argocd-secret.sh` script
+- **Version**: 0.026

 ## MicroK8s Addons Required

@@ -136,7 +151,7 @@ microk8s kubectl get pods -n ingress
 microk8s kubectl get svc -n ingress

 # Test ingress connectivity
-curl -k https://your-domain.com
+curl -k https://vorgabenportal.knowyoursecurity.com
 ```

 #### Storage Issues
@@ -159,24 +174,143 @@ On the NFS server (192.168.17.199), ensure the following:

 ```bash
 # Create the shared directory
-sudo mkdir -p /mnt/user/vorgabenui
-sudo chmod 755 /mnt/user/vorgabenui
+sudo mkdir -p /mnt/user/kubernetesdata/vorgabenui
+sudo chmod 755 /mnt/user/kubernetesdata/vorgabenui

 # Add to /etc/exports
-echo "/mnt/user/vorgabenui *(rw,sync,no_subtree_check,no_root_squash)" | sudo tee -a /etc/exports
+echo "/mnt/user/kubernetesdata/vorgabenui *(rw,sync,no_subtree_check,no_root_squash)" | sudo tee -a /etc/exports

 # Export the directory
 sudo exportfs -a
 sudo systemctl restart nfs-kernel-server
 ```

+## Configuration Management
+
+### ConfigMap Deployment
+
+The Django application uses a ConfigMap for application configuration. The ConfigMap contains environment variables and settings for the Django application.
+
+#### ConfigMap File
+- **File**: `configmap.yaml`
+- **Name**: `django-config`
+- **Namespace**: `vorgabenui`
+- **Version**: 0.990
+
+#### Configuration Contents
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: django-config
+  namespace: vorgabenui
+data:
+  # Django Configuration
+  DEBUG: "false"
+  DJANGO_ALLOWED_HOSTS: "vorgabenportal.knowyoursecurity.com,localhost,127.0.0.1,*"
+  DJANGO_SETTINGS_MODULE: "VorgabenUI.settings"
+  
+  # Application Configuration
+  LANGUAGE_CODE: "de-ch"
+  TIME_ZONE: "UTC"
+  
+  # Static and Media Configuration
+  STATIC_URL: "/static/"
+  MEDIA_URL: "/media/"
+  
+  # Application Version
+  VERSION: "0.990"
+  
+  # Database Configuration (for future use)
+  # DATABASE_ENGINE: "django.db.backends.sqlite3"
+  # DATABASE_NAME: "/app/data/db.sqlite3"
+  
+  # Security Configuration
+  # CSRF_TRUSTED_ORIGINS: "https://vorgabenportal.knowyoursecurity.com"
+```
+
+#### Deployment Script
+The ConfigMap is deployed using the `deploy-argocd-configmap.sh` script located in the `scripts/` directory.
+
+**Script Usage**:
+```bash
+# Deploy ConfigMap
+./scripts/deploy-argocd-configmap.sh
+
+# Verify ConfigMap only (no deployment)
+./scripts/deploy-argocd-configmap.sh --verify-only
+
+# Dry-run (show what would be deployed)
+./scripts/deploy-argocd-configmap.sh --dry-run
+```
+
+**Script Features**:
+- Validates kubectl availability
+- Checks if ConfigMap file exists
+- Creates namespace if it doesn't exist
+- Applies ConfigMap configuration
+- Verifies successful deployment
+- Provides detailed logging and error handling
+
+### Secret Deployment
+
+The Django application requires a secure SECRET_KEY for cryptographic signing. This is managed through a Kubernetes Secret.
+
+#### Secret Configuration
+- **Secret Name**: `vorgabenui-secrets`
+- **Secret Key**: `vorgabenui_secret`
+- **Namespace**: `vorgabenui`
+
+#### Secret Generation
+The secret is automatically generated using the `deploy-argocd-secret.sh` script, which creates a secure Django-style SECRET_KEY.
+
+**Script Usage**:
+```bash
+# Generate and deploy new secret
+./scripts/deploy-argocd-secret.sh
+
+# Verify existing secret only (no new generation)
+./scripts/deploy-argocd-secret.sh --verify-only
+
+# Dry-run (show what would be done)
+./scripts/deploy-argocd-secret.sh --dry-run
+```
+
+**Secret Generation Features**:
+- Generates secure 50-character SECRET_KEY using Python
+- Uses Django-style character set (letters, digits, special characters)
+- Creates or updates the secret in the vorgabenui namespace
+- Verifies secret deployment and accessibility
+- Tests secret accessibility in Django pods
+
+#### Environment Variable Reference
+The deployment.yaml references the secret through environment variables:
+
+```yaml
+env:
+  # Secret configuration
+  - name: VORGABENUI_SECRET
+    valueFrom:
+      secretKeyRef:
+        name: vorgabenui-secrets
+        key: vorgabenui_secret
+```
+
+#### Security Notes
+- The SECRET_KEY is never logged or displayed in full
+- Only the first 10 characters are shown during generation for verification
+- The secret is stored securely in Kubernetes and only accessible to authorized pods
+- Regular secret rotation is recommended for production environments
+
 ## Deployment Order

 1. **StorageClass** (`nfs-storageclass.yaml`) - Defines NFS storage class
 2. **PersistentVolume** (`nfs-pv.yaml`) - Creates the NFS volume
 3. **PersistentVolumeClaim** (`001_pvc.yaml`) - Claims storage for application
-4. **Application Deployments** (`deployment.yaml`, `diagrammer.yaml`) - Deploy application services
-5. **Ingress** (`ingress.yaml`) - Configure external access
+4. **ConfigMap** (`configmap.yaml`) - Deploy Django configuration
+5. **Secret** (`secret.yaml`) - Generate and deploy Django SECRET_KEY
+6. **Application Deployments** (`deployment.yaml`, `diagrammer.yaml`) - Deploy application services
+7. **Ingress** (`ingress.yaml`) - Configure external access

 ## Configuration Notes

@@ -227,7 +361,7 @@ kubectl describe pod <pod-name> -n vorgabenui
 ## Maintenance

 ### Backup Strategy
- The NFS server should have regular backups of `/mnt/user/vorgabenui`
+- The NFS server should have regular backups of `/mnt/user/kubernetesdata/vorgabenui`
 - Consider snapshot capabilities if using enterprise NFS solutions

 ### Monitoring