docs: Updated README and QUICKSTART to be more in line with current setup

QUICKSTART.md

@@ -32,7 +32,7 @@ kubectl taint nodes --all node-role.kubernetes.io/control-plane-
 cilium install
 ```
 
-# Load Balancer
+# MetalLB
 
 ## Install MetalLB for LoadBalancing
 
@@ -42,18 +42,18 @@ https://raw.githubusercontent.com/metallb/metallb/v0.13.7/config/manifests/metal
 kubectl apply -k infra/metallb
 ```
 
-# Traefik
+# Traefik reverse proxy
 
 https://doc.traefik.io/traefik/v2.9/user-guides/crd-acme/
 
-## Run Terraform-script
+```shell
+kubectl kustomize --enable-helm infra/traefik | ku apply -f -
+```
 
-This will create a cert-storage `StorageClass` and a traefik-cert-pv `PersistentVolume` for use by Traefik before
+# ArgoCD
-installing Traefik in the `kube-system` namespace using the official Traefik Helm chart which binds to the
+
-traefik-cert-pv `PersistentVolume` for persistent storage of certificates using the traefik `PersistentVolumeClaim`.
+https://argo-cd.readthedocs.io/en/stable/getting_started/
 
 ```shell
-terraform init
+kubectl apply -k infra/traefik
-terraform plan
-terraform apply
 ```

README.md

@@ -20,18 +20,12 @@ sudo apt-get update
 sudo apt-get install -y containerd conntrack socat kubelet kubeadm kubectl 
 ```
 
-cri-ctl: https://github.com/kubernetes-sigs/cri-tools
+Kubelet 1.26 requires containerd 1.6.0 or later.
-TODO: nerdctl?
-
-We are going to use Cilium kube-proxy (TODO)
 
 ## Initialise cluster
 
-```shell
+We are going to use cilium in place of kube-proxy
-sudo kubeadm init 
+https://docs.cilium.io/en/v1.12/gettingstarted/kubeproxy-free/
-```
-
-Kubelet 1.26 requires containerd 1.6.0+
 
 ```shell
 sudo kubeadm init --skip-phases=addon/kube-proxy
@@ -88,63 +82,30 @@ Install Cilium
 cilium install
 ```
 
-// TODO: Directly by Helm chart
-
-```shell
-helm template --namespace kube-system cilium cilium/cilium --version 1.12.1 --set cluster.id=0,cluster.name=kubernetes,encryption.nodeEncryption=false,kubeProxyReplacement=disabled,operator.replicas=1,serviceAccounts.cilium.name=cilium,serviceAccounts.operator.name=cilium-operator,tunnel=vxlan
-```
-
 Validate install
 
 ```shell
 cilium status
 ```
 
-### (Optional) Replace kube-proxy with Cilium [TODO]
-
-https://docs.cilium.io/en/v1.12/gettingstarted/kubeproxy-free/
-
-*NB* Cluster should be initialised with
-
-```shell
-sudo kubeadm init --skip-phases=addon/kube-proxy
-```
-
 ## MetalLB
 
 For load balancing
 
 https://metallb.universe.tf/installation/
 
-Installation
-https://raw.githubusercontent.com/metallb/metallb/v0.13.5/config/manifests/metallb-native.yaml
-
 ```shell
-kubectl apply -f infra/metallb/00-manifest.yml
+kubectl apply -f infra/metallb
-```
-
-Configure IP-pool and advertise as Level 2
-https://metallb.universe.tf/configuration/
-
-```yaml
-kubectl apply -f infra/metallb/01-configuration.yml
 ```
 
 # Traefik
 
-Configure `helm/traefik-values.ymal` and run
+Install Traefik
 
 ```shell
-terraform init
+kubectl kustomize --enable-helm infra/traefik | ku apply -f -
-terraform plan
-terraform apply
 ```
 
-to deploy Traefik using Helm
-
-**NB:** It appears we need the "volume-permissions" init container for Traefik if using `StorageClass` with
-provisioner `kubernetes.io/no-provisioner`
-
 ## Port forward Traefik
 
 Port forward Traefik ports in router from 8000 to 80 for http and 4443 to 443 for https.
@@ -152,6 +113,21 @@ IP can be found with `kubectl get svc`.
 
 # Test-application
 
+## Generate secret
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: traefik-forward-auth-secrets
+  namespace: whoami
+type: Opaque
+data:
+  google-client-id: <...>
+  google-client-secret: <...>
+  secret: <...>
+```
+
 Deploy a test-application by running
 
 ```shell
@@ -162,9 +138,17 @@ An unsecured test-application `whoami` should be available at [https://test.${DO
 If you configured `apps/whoami/traefik-forward-auth` correctly a secured version should be available
 at [https://whoami.${DOMAIN}](https://whoami.${DOMAIN})
 
+# ArgoCD
+
+[ArgoCD](https://argo-cd.readthedocs.io/en/stable/getting_started/) is configured to bootstrap the rest of the cluster
+
+```shell
+kubectl apply -k infra/traefik
+```
+
 # Kubernetes Dashboard
 
-An OIDC (treaefik-forward-auth)
+An OIDC (traefik-forward-auth)
 protected [Kubernetes Dashboard](https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/) can be
 deployed using
 
@@ -181,9 +165,12 @@ sudo iptables -F && sudo iptables -t nat -F && sudo iptables -t mangle -F && sud
 sudo ipvsadm -C
 ```
 
-# Troubleshoot
+# Troubleshooting
 
-Missing runc-config in containerd
+Kubernetes 1.26 requires containerd 1.6.0 or later due to the removal of support for CRI
+version `v1alpha2` ([link](https://kubernetes.io/blog/2022/11/18/upcoming-changes-in-kubernetes-1-26/#cri-api-removal)).
+
+Make sure that `runc` is properly configured in containerd.
 
 ```shell
 sudo cat /etc/containerd/config.toml
@@ -191,6 +178,6 @@ sudo cat /etc/containerd/config.toml
 
 ```toml
 [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
-  runtime_path = "/usr/bin/runc"
+runtime_path = "/usr/bin/runc"
-  runtime_type = "io.containerd.runc.v2"
+runtime_type = "io.containerd.runc.v2"
 ```