Simplified argocd helm chart configuration

2026-01-30 09:03:27 +01:00
parent 911b9c4c75
commit 035e676fd2
7 changed files with 59 additions and 74 deletions
--- a/README.md
+++ b/README.md
@@ -78,18 +78,14 @@ from. All options can be configured using variables in `configuration.auto.tfvar
 1. **Quick start**: installs Cilium LB config, ArgoCD, Ingress without TLS (default settings) with OpenTofu. [ArgoCD](https://argoproj.github.io/cd/) is
   available on http://argocd.local.
   * install_cilium_lb_config = true
-   * argocd_domain = "argocd.local"
+   * argocd_helm_values: [see defaults in variables.tf](kubernetes/variables.tf)
   * argocd_server_insecure = true
   * argocd_ingress_enabled = true
   * install_argocd_app_of_apps = false
   * install_argocd_app_of_apps_git_repo_secret = false
 2. **GitOps using your own repository**: installs ArgoCD, no Cilium LB config, no Ingress and the Kubernetes resources in
   the repository you specify in `argocd_app_of_apps_source`. Credentials for a private repository can be configured
   and installed with OpenTofu using `install_argocd_app_of_apps_git_repo_secret` and the related variables:
   * install_cilium_lb_config = false
-   * argocd_domain = "yourpublicdomain.com"
+   * argocd_helm_values: add your Helm values and override defaults, for instance keep server insecure and switch off ingress
   * argocd_server_insecure = true
   * argocd_ingress_enabled = false
   * install_argocd_app_of_apps = true
   * argocd_app_of_apps_source = YOUR SOURCE SETTINGS
   * install_argocd_app_of_apps_git_repo_secret = true
--- a/kubernetes/configuration.auto.tfvars.example
+++ b/kubernetes/configuration.auto.tfvars.example
@@ -8,9 +8,25 @@ cilium_load_balancer_ip_range_start = "192.168.10.95"
 cilium_load_balancer_ip_range_stop = "192.168.10.99"
 # ArgoCD
-argocd_domain          = "argocd.local"
+argocd_helm_values = [
-argocd_server_insecure = true
+    {
-argocd_ingress_enabled = true
+      name  = "global.domain"
      value = "argocd.local"
    },
    {
      # See: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#configuring-tls-for-argocd-server
      name  = "configs.params.server\\.insecure"
      value = "true"
    },
    {
      name  = "server.ingress.enabled"
      value = "true"
    },
    {
      name  = "server.ingress.ingressClassName"
      value = "cilium"
    },
 ]
 ## App of Apps
 install_argocd_app_of_apps                 = false
--- a/kubernetes/helm_releases.tf
+++ b/kubernetes/helm_releases.tf
@@ -6,7 +6,7 @@ resource "helm_release" "argocd" {
  repository = "https://argoproj.github.io/argo-helm"
  namespace  = kubernetes_namespace_v1.argocd.id
  timeout    = 120
-  set        = local.argocd_values
+  set        = var.argocd_helm_values
 }
 resource "helm_release" "cilium_lb_config" {
--- a/kubernetes/locals.tf
+++ b/kubernetes/locals.tf
@@ -1,27 +0,0 @@
 locals {
  argocd_values = concat(
    [
      {
        name  = "global.domain"
        value = var.argocd_domain
      },
    ],
    var.argocd_server_insecure ? [
      {
        name  = "configs.params.server\\.insecure"
        value = "true"
      },
    ] : [],
    var.argocd_ingress_enabled ? [
      {
        name  = "server.ingress.enabled"
        value = "true"
      },
      {
        name  = "server.ingress.ingressClassName"
        value = "cilium"
      },
    ] : [],
    length(var.argocd_helm_values) > 0 ? var.argocd_helm_values : []
  )
 }
--- a/kubernetes/variables.tf
+++ b/kubernetes/variables.tf
@@ -26,31 +26,31 @@ variable "cilium_load_balancer_ip_range_stop" {
  type        = string
 }
 variable "argocd_domain" {
  description = "The FQDN for ArgoCD application"
  type        = string
 }
 # See: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#configuring-tls-for-argocd-server
 variable "argocd_server_insecure" {
  description = "Flag for disabling internal TLS with --insecure in ArgoCD Helm chart"
  type        = bool
  default     = true
 }
 variable "argocd_ingress_enabled" {
  description = "Flag for enabling/disabling creating an Ingress in ArgoCD Helm chart"
  type        = bool
  default     = true
 }
 variable "argocd_helm_values" {
  description = "Additional Helm values for installing the ArgoCD Helm chart"
  type = list(object({
    name  = string
    value = string
  }))
-  default = []
+  default = [
    {
      name  = "global.domain"
      value = "argocd.local"
    },
    {
      # See: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#configuring-tls-for-argocd-server
      name  = "configs.params.server\\.insecure"
      value = "true"
    },
    {
      name  = "server.ingress.enabled"
      value = "true"
    },
    {
      name  = "server.ingress.ingressClassName"
      value = "cilium"
    },
  ]
 }
 # See: https://argo-cd.readthedocs.io/en/latest/operator-manual/cluster-bootstrapping/#app-of-apps-pattern
--- a/proxmox/.terraform.lock.hcl
+++ b/proxmox/.terraform.lock.hcl
@@ -19,25 +19,25 @@ provider "registry.opentofu.org/hashicorp/helm" {
 }
 provider "registry.opentofu.org/siderolabs/talos" {
-  version     = "0.10.0"
+  version     = "0.10.1"
-  constraints = "0.10.0"
+  constraints = "0.10.1"
  hashes = [
-    "h1:nFn2rYLkst+Bt9qSmtB0hIfV6iaZ98rqYc5TSZDhwzc=",
+    "h1:fc7ekyeFDNNvScqgHgowGjM9jnKFyUOMGfnEKJwuf1c=",
    "zh:0640a27e658d5305c055721290a196780194c7f75ace9fd3461e0e2a8e465410",
    "zh:0fa82a384b25a58b65523e0ea4768fa1212b1f5cfc0c9379d31162454fedcc9d",
-    "zh:1340a04eec0b33e08cca08aa414b53c8e279ec32d22bec828faa17c6043119ba",
+    "zh:349463cdd4cdb36e03276fdb855e687242237c7cf0bd5871aea995a83838c52e",
-    "zh:1ab34b5dca009111238b9a787c618ea61585646b1a2f6364d57c7906bbe31d12",
+    "zh:3885026ef7c1c7012d312fc37a35af70821650b10cef03b8ffd08d22145c117d",
-    "zh:22ec1058cf4e75af80edc00777250129f6d211e020da2fd256b288bce215d9ea",
+    "zh:3a5c4ddae27200663d3552daa8db6d6ad91f49746825e0556370f67e2d3ead5a",
-    "zh:334526c85d40fb87b772ec6eb00e7334940e17bb6c8ffe7dc9a7e22438487f1a",
+    "zh:456e233aec7d83558255da87ba0b1c7fec81bf71b1aa4e0f35a2787d3f104c2a",
-    "zh:38def6886f13da461535d1691d90ff6d700a111edb8fd2c49058b9ad071c6bb6",
+    "zh:6b781a16764c91259a6646f346cf47e99a31d7eefcdd188b1ea8b287b8fd0531",
-    "zh:3e63031980d12419efa0af2a398c17e3f75d6326fc49a298c689fc451efdd9cf",
+    "zh:6d91f628812ec99a71964f00e83df93f6106b830af111b611b6a0f68ad6987ea",
-    "zh:48e71c03bb4f05cc6d6649f1c197669f170c60f63fbcd8f0a5c19a4e449113d9",
+    "zh:80430dea846ef82a4fb430abe4f0213ae79f9f38a7a61752bbeeec59c82c1387",
-    "zh:61bfcb5f5cd594b0a445a87f8450183ed376c973e3a2d3a8916f3daccd19ceb3",
+    "zh:84717212f789a026492b0a4d121fcdf4a15f48916f9500cdb4ffa1f6c26479cc",
-    "zh:8c06d6cfecd57a8a7c0d07d3bba0f9ebf8dda68068d1e2ca2f7fd30af4c629a0",
+    "zh:a0fcaa3fd515d78cf635884165e111fa37b6300cefb0a6412fb1ed584d88599a",
-    "zh:9ecc15da7a8e8ae94908fbf7cb662c26fbf028a2eeb5496121593ee549e408d5",
+    "zh:b0f8dbb8a667e00340ca9566d1bee933097b3b252a1df3737d2fb376964ab8cc",
-    "zh:be6925cb91e302e1e7b7d161c3204d259b5f2c7d5b8ea315765ee493033b0b52",
+    "zh:b8191729e70d5e7e53730f7c499ab16faec23d45969424c1f304bab0f6fcfcb6",
-    "zh:c4b02f4271265e03ca473f330704d2010a6f6836b0fb26d17c7df758f8ec058c",
+    "zh:be3b5cfc57abdbab689088b2677516703600a12eaefc02a2355ba9002f80f273",
-    "zh:d3a9cd0451d55b71639ce97f561bdf0ebdbde5e4710a39bef75e0128c3efcd73",
+    "zh:d53afbcbeaeeed6c7e65477da4daca2cc4ab0c52ad833219c1141f9310325dc2",
    "zh:f04f8a103f5136bdd6910d531192ad0cb10c8734b519b9e9dff4185d5cc7113e",
  ]
 }
--- a/proxmox/providers.tf
+++ b/proxmox/providers.tf
@@ -6,7 +6,7 @@ terraform {
    }
    talos = {
      source  = "siderolabs/talos"
-      version = "0.10.0"
+      version = "0.10.1"
    }
    helm = {
      source  = "hashicorp/helm"