create argocd apps declaratively

2026-06-23 01:03:06 +02:00
parent 01321bf50c
commit f6562df066
23 changed files with 707 additions and 1 deletions
--- a/README.md
+++ b/README.md
@@ -25,6 +25,7 @@ Aquest clúster K3s gestiona els següents serveis:
 ```
 .
 ├── README.md                    # Aquest fitxer
 ├── argocd-bootstrap.yaml        # App-of-apps: llavor per a ArgoCD (aplicar 1 cop)
 ├── <aplicació>/                 # Cada aplicació té el seu directori
 │   ├── deployment.yaml          # Definició del Deployment
 │   ├── service.yaml            # Definició del Service
@@ -32,8 +33,12 @@ Aquest clúster K3s gestiona els següents serveis:
 │   ├── namespace.yaml           # Namespace dedicat (opcional)
 │   ├── configmap.yaml          # ConfigMaps (opcional)
 │   └── pvc.yaml                 # PersistentVolumeClaims (opcional)
 ├── argocd/                      # ArgoCD
 │   ├── ingress.yaml             # Ingress d'ArgoCD
 │   ├── apps/                    # Applications + AppProject declaratius
 │   └── gen-apps.sh              # Genera argocd/apps/* i argocd-bootstrap.yaml
 └── nas/                         # Servei extern per al NAS
-    ├── nas.yaml                 # Service i Endpoints externs
+    ├── transport.yaml           # ServersTransport de Traefik
    └── ingress.yaml             # Ingress del NAS
 ```
@@ -62,6 +67,9 @@ kubectl apply -f <aplicació>/<fitxer>.yaml
 ### Desplegar Tot el Clúster
 La forma recomanada és deixar que ArgoCD sincronitzi el repo (veure secció [ArgoCD (GitOps)](#-argocd-gitops)).
 Per a un desplegament manual sense ArgoCD:
 ```bash
 # Desplegar totes les aplicacions
 for dir in */; do
@@ -122,6 +130,66 @@ spec:
                number: 80
 ```
 ## 🐙 ArgoCD (GitOps)
 Totes les aplicacions del repo es despleguen de forma declarativa amb ArgoCD. Hi ha un `Application` per cada directori d'aplicació, agrupades sota un `AppProject` anomenat `k3s-cluster`.
 ### Estructura
 - [`argocd/apps/project.yaml`](argocd/apps/project.yaml) — `AppProject` `k3s-cluster` (sync-wave -1).
 - [`argocd/apps/<app>.yaml`](argocd/apps/) — un `Application` per aplicació (sync-wave 0), cadascun apunta al seu directori del repo.
 - [`argocd-bootstrap.yaml`](argocd-bootstrap.yaml) — `Application` "app-of-apps" que sincronitza tot el directori `argocd/apps/`. És l'únic recurs que cal aplicar a mà.
 - [`argocd/gen-apps.sh`](argocd/gen-apps.sh) — regenera tots els fitxers anteriors a partir d'una llista d'aplicacions.
 ### Flux
 1. El `AppProject` i tots els `Application` estan versionats a `argocd/apps/`.
 2. L'app `k3s-cluster-root` (a `argocd-bootstrap.yaml`) llegeix `argocd/apps/` i crea/actualitza el projecte i totes les applications.
 3. Cada `Application` sincronitza el seu directori (ex: `pihole/`) cap al seu namespace, amb `prune` i `selfHeal` activats.
 ### Bootstrap (una sola vegada)
 Prerequisits:
 1. ArgoCD instal·lat al clúster (namespace `argocd`).
 2. `cert-manager` instal·lat (veure [`cert-manager/install.sh`](cert-manager/install.sh)) — el `ClusterIssuer` depèn dels seus CRDs.
 3. El repo registrat a ArgoCD (`Settings → Repositories`). Si el repo és públic a GitHub, l'HTTPS funciona sense credencials.
 Llançar la llavor:
 ```bash
 kubectl apply -f argocd-bootstrap.yaml
 ```
 A partir d'aquí ArgoCD crea el projecte `k3s-cluster`, totes les `Application` i les sincronitza automàticament. Qualsevol canvi al repo es propaga sol (self-heal).
 ### Recrear el clúster des de zero
 ```bash
 # 1. Instal·lar K3s
 # 2. Instal·lar ArgoCD
 # 3. Instal·lar cert-manager
 kubectl apply -f https://github.com/cert-manager/cert-manager/releases/latest/download/cert-manager.yaml
 kubectl wait --for=condition=available --timeout=120s deployment/cert-manager -n cert-manager
 # 4. Registrar el repo a ArgoCD (o deixar-lo públic)
 # 5. Llançar la llavor
 kubectl apply -f argocd-bootstrap.yaml
 ```
 ### Afegir o treure una aplicació
 1. Crea/esborra el directori de l'aplicació.
 2. Afegeix/treu la línia corresponent a l'array `APPS` de [`argocd/gen-apps.sh`](argocd/gen-apps.sh) amb el format `name|namespace|path|recurse|validate`.
 3. Executa `./argocd/gen-apps.sh` per regenerar els manifests.
 4. Fes commit i push; ArgoCD ho sincronitza sol.
 ### Notes
 - Els `Application`/`AppProject` pertanyen al namespace `argocd` (recursos propis d'ArgoCD).
 - L'app `argocd` té `recurse: false` sobre el directori `argocd/` per gestionar només `ingress.yaml` i no els seus propis manifests sota `argocd/apps/`.
 - L'app `phoenix` usa `Validate=false` per tolerar el CRD `ServiceMonitor` si el Prometheus Operator encara no és instal·lat.
 - Els secrets que no estan al repo (ex: `gitea-registry` per a `gym-tracker`) s'han de crear manualment al seu namespace; Argo no els gestiona ni els esborra.
 ## 💾 Persistència de Dades
 Les aplicacions que necessiten emmagatzematge persistent utilitzen:
--- a/argocd-bootstrap.yaml
+++ b/argocd-bootstrap.yaml
@@ -0,0 +1,24 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: k3s-cluster-root
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-wave: "-1"
 spec:
  project: default
  source:
    repoURL: https://git.rogi.casa/roger/k3s-cluster.git
    targetRevision: main
    path: argocd/apps
    directory:
      recurse: true
  destination:
    server: https://kubernetes.default.svc
    namespace: argocd
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=false
--- a/argocd/apps/argocd.yaml
+++ b/argocd/apps/argocd.yaml
@@ -0,0 +1,24 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: argocd
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-wave: "0"
 spec:
  project: k3s-cluster
  source:
    repoURL: https://git.rogi.casa/roger/k3s-cluster.git
    targetRevision: main
    path: argocd
    directory:
      recurse: false
  destination:
    server: https://kubernetes.default.svc
    namespace: argocd
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=false
--- a/argocd/apps/cert-manager.yaml
+++ b/argocd/apps/cert-manager.yaml
@@ -0,0 +1,24 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: cert-manager
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-wave: "0"
 spec:
  project: k3s-cluster
  source:
    repoURL: https://git.rogi.casa/roger/k3s-cluster.git
    targetRevision: main
    path: cert-manager
    directory:
      recurse: true
  destination:
    server: https://kubernetes.default.svc
    namespace: cert-manager
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=false
--- a/argocd/apps/fava.yaml
+++ b/argocd/apps/fava.yaml
@@ -0,0 +1,24 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: fava
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-wave: "0"
 spec:
  project: k3s-cluster
  source:
    repoURL: https://git.rogi.casa/roger/k3s-cluster.git
    targetRevision: main
    path: fava
    directory:
      recurse: true
  destination:
    server: https://kubernetes.default.svc
    namespace: fava
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=false
--- a/argocd/apps/gitea.yaml
+++ b/argocd/apps/gitea.yaml
@@ -0,0 +1,24 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: gitea
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-wave: "0"
 spec:
  project: k3s-cluster
  source:
    repoURL: https://git.rogi.casa/roger/k3s-cluster.git
    targetRevision: main
    path: gitea
    directory:
      recurse: true
  destination:
    server: https://kubernetes.default.svc
    namespace: gitea
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=false
--- a/argocd/apps/glance.yaml
+++ b/argocd/apps/glance.yaml
@@ -0,0 +1,24 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: glance
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-wave: "0"
 spec:
  project: k3s-cluster
  source:
    repoURL: https://git.rogi.casa/roger/k3s-cluster.git
    targetRevision: main
    path: glance
    directory:
      recurse: true
  destination:
    server: https://kubernetes.default.svc
    namespace: glance
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=false
--- a/argocd/apps/gym-tracker.yaml
+++ b/argocd/apps/gym-tracker.yaml
@@ -0,0 +1,24 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: gym-tracker
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-wave: "0"
 spec:
  project: k3s-cluster
  source:
    repoURL: https://git.rogi.casa/roger/k3s-cluster.git
    targetRevision: main
    path: gym-tracker
    directory:
      recurse: true
  destination:
    server: https://kubernetes.default.svc
    namespace: gym-tracker
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=false
--- a/argocd/apps/homeassistant.yaml
+++ b/argocd/apps/homeassistant.yaml
@@ -0,0 +1,24 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: homeassistant
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-wave: "0"
 spec:
  project: k3s-cluster
  source:
    repoURL: https://git.rogi.casa/roger/k3s-cluster.git
    targetRevision: main
    path: homeassistant
    directory:
      recurse: true
  destination:
    server: https://kubernetes.default.svc
    namespace: home-assistant
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=false
--- a/argocd/apps/jellyfin.yaml
+++ b/argocd/apps/jellyfin.yaml
@@ -0,0 +1,24 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: jellyfin
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-wave: "0"
 spec:
  project: k3s-cluster
  source:
    repoURL: https://git.rogi.casa/roger/k3s-cluster.git
    targetRevision: main
    path: jellyfin
    directory:
      recurse: true
  destination:
    server: https://kubernetes.default.svc
    namespace: jellyfin
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=false
--- a/argocd/apps/litellm.yaml
+++ b/argocd/apps/litellm.yaml
@@ -0,0 +1,24 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: litellm
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-wave: "0"
 spec:
  project: k3s-cluster
  source:
    repoURL: https://git.rogi.casa/roger/k3s-cluster.git
    targetRevision: main
    path: litellm
    directory:
      recurse: true
  destination:
    server: https://kubernetes.default.svc
    namespace: litellm
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=false
--- a/argocd/apps/minecraft-server.yaml
+++ b/argocd/apps/minecraft-server.yaml
@@ -0,0 +1,24 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: minecraft-server
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-wave: "0"
 spec:
  project: k3s-cluster
  source:
    repoURL: https://git.rogi.casa/roger/k3s-cluster.git
    targetRevision: main
    path: minecraft-server
    directory:
      recurse: true
  destination:
    server: https://kubernetes.default.svc
    namespace: minecraft
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=false
--- a/argocd/apps/monitoring.yaml
+++ b/argocd/apps/monitoring.yaml
@@ -0,0 +1,24 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: monitoring
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-wave: "0"
 spec:
  project: k3s-cluster
  source:
    repoURL: https://git.rogi.casa/roger/k3s-cluster.git
    targetRevision: main
    path: monitoring
    directory:
      recurse: true
  destination:
    server: https://kubernetes.default.svc
    namespace: monitoring
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=false
--- a/argocd/apps/myorg-assistant.yaml
+++ b/argocd/apps/myorg-assistant.yaml
@@ -0,0 +1,24 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: myorg-assistant
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-wave: "0"
 spec:
  project: k3s-cluster
  source:
    repoURL: https://git.rogi.casa/roger/k3s-cluster.git
    targetRevision: main
    path: myorg-assistant
    directory:
      recurse: true
  destination:
    server: https://kubernetes.default.svc
    namespace: myorg-assistant
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=false
--- a/argocd/apps/n8n.yaml
+++ b/argocd/apps/n8n.yaml
@@ -0,0 +1,24 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: n8n
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-wave: "0"
 spec:
  project: k3s-cluster
  source:
    repoURL: https://git.rogi.casa/roger/k3s-cluster.git
    targetRevision: main
    path: n8n
    directory:
      recurse: true
  destination:
    server: https://kubernetes.default.svc
    namespace: n8n
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=false
--- a/argocd/apps/nas.yaml
+++ b/argocd/apps/nas.yaml
@@ -0,0 +1,24 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: nas
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-wave: "0"
 spec:
  project: k3s-cluster
  source:
    repoURL: https://git.rogi.casa/roger/k3s-cluster.git
    targetRevision: main
    path: nas
    directory:
      recurse: true
  destination:
    server: https://kubernetes.default.svc
    namespace: nas-proxy
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=false
--- a/argocd/apps/openwebui.yaml
+++ b/argocd/apps/openwebui.yaml
@@ -0,0 +1,24 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: openwebui
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-wave: "0"
 spec:
  project: k3s-cluster
  source:
    repoURL: https://git.rogi.casa/roger/k3s-cluster.git
    targetRevision: main
    path: openwebui
    directory:
      recurse: true
  destination:
    server: https://kubernetes.default.svc
    namespace: openwebui
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=false
--- a/argocd/apps/phoenix.yaml
+++ b/argocd/apps/phoenix.yaml
@@ -0,0 +1,25 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: phoenix
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-wave: "0"
 spec:
  project: k3s-cluster
  source:
    repoURL: https://git.rogi.casa/roger/k3s-cluster.git
    targetRevision: main
    path: phoenix
    directory:
      recurse: true
  destination:
    server: https://kubernetes.default.svc
    namespace: phoenix
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=false
      - Validate=false
--- a/argocd/apps/pihole.yaml
+++ b/argocd/apps/pihole.yaml
@@ -0,0 +1,24 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: pihole
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-wave: "0"
 spec:
  project: k3s-cluster
  source:
    repoURL: https://git.rogi.casa/roger/k3s-cluster.git
    targetRevision: main
    path: pihole
    directory:
      recurse: true
  destination:
    server: https://kubernetes.default.svc
    namespace: pihole
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=false
--- a/argocd/apps/project.yaml
+++ b/argocd/apps/project.yaml
@@ -0,0 +1,17 @@
 apiVersion: argoproj.io/v1alpha1
 kind: AppProject
 metadata:
  name: k3s-cluster
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-wave: "-1"
 spec:
  description: Applications for the rogi.casa K3s cluster (managed in Git)
  sourceRepos:
    - https://git.rogi.casa/roger/k3s-cluster.git
  destinations:
    - server: https://kubernetes.default.svc
      namespace: "*"
  clusterResourceWhitelist:
    - group: "*"
      kind: "*"
--- a/argocd/apps/qbittorrent.yaml
+++ b/argocd/apps/qbittorrent.yaml
@@ -0,0 +1,24 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: qbittorrent
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-wave: "0"
 spec:
  project: k3s-cluster
  source:
    repoURL: https://git.rogi.casa/roger/k3s-cluster.git
    targetRevision: main
    path: qbittorrent
    directory:
      recurse: true
  destination:
    server: https://kubernetes.default.svc
    namespace: qbittorrent
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=false
--- a/argocd/apps/vaultwarden.yaml
+++ b/argocd/apps/vaultwarden.yaml
@@ -0,0 +1,24 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: vaultwarden
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-wave: "0"
 spec:
  project: k3s-cluster
  source:
    repoURL: https://git.rogi.casa/roger/k3s-cluster.git
    targetRevision: main
    path: vaultwarden
    directory:
      recurse: true
  destination:
    server: https://kubernetes.default.svc
    namespace: vaultwarden
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=false
--- a/argocd/gen-apps.sh
+++ b/argocd/gen-apps.sh
@@ -0,0 +1,140 @@
 #!/usr/bin/env bash
 # Generates ArgoCD Application manifests (one per app folder) + an AppProject.
 #
 # Layout produced:
 #   argocd/apps/project.yaml            -> AppProject "k3s-cluster" (sync-wave -1)
 #   argocd/apps/<app>.yaml              -> Application for that app folder
 #   argocd-bootstrap.yaml (repo root)   -> app-of-apps: syncs everything in argocd/apps/
 #
 # Bootstrap (one-time, after ArgoCD + cert-manager are installed):
 #   kubectl apply -f argocd-bootstrap.yaml
 #
 # Re-run this script after adding/removing an app folder to regenerate the manifests.
 set -euo pipefail
 cd "$(dirname "$0")/.."   # repo root
 REPO="${REPO:-https://git.rogi.casa/roger/k3s-cluster.git}"
 REV="${REV:-main}"
 APPS_DIR="argocd/apps"
 mkdir -p "$APPS_DIR"
 # app-name | namespace | path | recurse | validate
 APPS=(
  "argocd|argocd|argocd|false|true"
  "cert-manager|cert-manager|cert-manager|true|true"
  "fava|fava|fava|true|true"
  "gitea|gitea|gitea|true|true"
  "glance|glance|glance|true|true"
  "gym-tracker|gym-tracker|gym-tracker|true|true"
  "homeassistant|home-assistant|homeassistant|true|true"
  "jellyfin|jellyfin|jellyfin|true|true"
  "litellm|litellm|litellm|true|true"
  "minecraft-server|minecraft|minecraft-server|true|true"
  "monitoring|monitoring|monitoring|true|true"
  "myorg-assistant|myorg-assistant|myorg-assistant|true|true"
  "n8n|n8n|n8n|true|true"
  "nas|nas-proxy|nas|true|true"
  "openwebui|openwebui|openwebui|true|true"
  "phoenix|phoenix|phoenix|true|false"
  "pihole|pihole|pihole|true|true"
  "qbittorrent|qbittorrent|qbittorrent|true|true"
  "vaultwarden|vaultwarden|vaultwarden|true|true"
 )
 # ---------------------------------------------------------------------------
 # AppProject
 # ---------------------------------------------------------------------------
 cat > "$APPS_DIR/project.yaml" <<EOF
 apiVersion: argoproj.io/v1alpha1
 kind: AppProject
 metadata:
  name: k3s-cluster
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-wave: "-1"
 spec:
  description: Applications for the rogi.casa K3s cluster (managed in Git)
  sourceRepos:
    - ${REPO}
  destinations:
    - server: https://kubernetes.default.svc
      namespace: "*"
  clusterResourceWhitelist:
    - group: "*"
      kind: "*"
 EOF
 # ---------------------------------------------------------------------------
 # One Application per app folder
 # ---------------------------------------------------------------------------
 gen_app() {
  local name="$1" ns="$2" path="$3" recurse="$4" validate="$5"
  local recurse_yaml validate_opts=""
  [ "$recurse" = "true" ] && recurse_yaml="      recurse: true" || recurse_yaml="      recurse: false"
  [ "$validate" = "false" ] && validate_opts=$'\n      - Validate=false'
  cat > "$APPS_DIR/${name}.yaml" <<EOF
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: ${name}
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-wave: "0"
 spec:
  project: k3s-cluster
  source:
    repoURL: ${REPO}
    targetRevision: ${REV}
    path: ${path}
    directory:
 ${recurse_yaml}
  destination:
    server: https://kubernetes.default.svc
    namespace: ${ns}
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=false${validate_opts}
 EOF
 }
 for line in "${APPS[@]}"; do
  IFS='|' read -r name ns path recurse validate <<< "$line"
  gen_app "$name" "$ns" "$path" "$recurse" "$validate"
 done
 # ---------------------------------------------------------------------------
 # Root "app-of-apps" bootstrap Application (uses the built-in default project)
 # ---------------------------------------------------------------------------
 cat > argocd-bootstrap.yaml <<EOF
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: k3s-cluster-root
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-wave: "-1"
 spec:
  project: default
  source:
    repoURL: ${REPO}
    targetRevision: ${REV}
    path: argocd/apps
    directory:
      recurse: true
  destination:
    server: https://kubernetes.default.svc
    namespace: argocd
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=false
 EOF
 echo "Generated $(find "$APPS_DIR" -name '*.yaml' | wc -l) files in $APPS_DIR/ and argocd-bootstrap.yaml"