Merge pull request #5 from max-pfeiffer/feature/argocd-setup

ArgoCD setup

README.md

@@ -1,6 +1,9 @@
 # proxmox-talos-opentofu
-Proof of concept project using [OpenTofu](https://opentofu.org/) to install a Kubernetes cluster on a Proxmox VE
+A turnkey Kubernetes cluster built with [Talos Linux](https://www.talos.dev/) running on a
-hypervisor using [Talos Linux](https://www.talos.dev/).
+[Proxmox VE hypervisor](https://www.proxmox.com/en/products/proxmox-virtual-environment/overview).
+Provisioning is done with [OpenTofu](https://opentofu.org/).
+
+The Kubernetes cluster uses [Cilium](https://cilium.io/) as Container Network Interface (CNI).
 
 ## Requirements
 You need to have installed on your local machine:
@@ -8,10 +11,13 @@ You need to have installed on your local machine:
 * [kubectl](https://kubernetes.io/docs/reference/kubectl/) (for testing and cluster interaction)
 
 ## Provisioning
-The project is grouped in two modules:
+The project is grouped in two sections:
 * proxmox: provisioning of virtual machines, operating systems and Kubernetes cluster
 * kubernetes: provisioning of Kubernetes cluster resources
 
+You will have an [ArgoCD](https://argoproj.github.io/cd/) instance running in the cluster eventually. You can then
+install your applications using the GitOps approach. 
+
 ### Proxmox VE
 So you want first to provision the Proxmox part: create a `configuration.auto.tfvars` file based on the example and
 edit it so it suits your needs:
@@ -54,10 +60,15 @@ tofu init
 tofu plan
 tofu apply
 ```
+The [ArgoCD](https://argoproj.github.io/cd/) instance should be available under the `argocd_domain` you configured
+in your `configuration.auto.tfvars` file i.e., http://argocd.local.
 
 ## Information Sources
 * [Talos Linux documentation](https://www.talos.dev/v1.8/)
 * [Talos Linux Image Factory](https://factory.talos.dev/)
-* Terraform providers/modules
+* Terraform providers:
   * [terraform-provider-proxmox](https://github.com/Telmate/terraform-provider-proxmox)
   * [terraform-provider-talos](https://github.com/siderolabs/terraform-provider-talos)
+  * [terraform-provider-helm](https://github.com/hashicorp/terraform-provider-helm)
+* Helm charts:
+  * [ArgoCD](https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd)

kubernetes/configuration.auto.tfvars.example

@@ -1,3 +1,10 @@
 # Kubernetes
 kubernetes_config_path    = "~/.kube/config"
 Kubernetes_config_context = "admin@yourclustername"
+
+# Cilium Load Balancer
+cilium_load_balancer_ip_range_start = "192.168.10.95"
+cilium_load_balancer_ip_range_stop = "192.168.10.99"
+
+# ArgoCD
+argocd_domain = "argocd.local"

kubernetes/helm_charts/cilium-lb-config/Chart.yaml

@@ -0,0 +1,23 @@
+apiVersion: v2
+name: cilium-lb-config
+description: Helm chart for installing Cilium load balancer configuration
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+appVersion: "1.0"

kubernetes/helm_charts/cilium-lb-config/templates/cilium-l2-announcement-policy.yaml

@@ -0,0 +1,8 @@
+apiVersion: cilium.io/v2alpha1
+kind: CiliumL2AnnouncementPolicy
+metadata:
+  name: default
+  namespace: kube-system
+spec:
+  externalIPs: true
+  loadBalancerIPs: true

kubernetes/helm_charts/cilium-lb-config/templates/cilium-load-balancer-ip-pool.yaml

@@ -0,0 +1,8 @@
+apiVersion: cilium.io/v2
+kind: CiliumLoadBalancerIPPool
+metadata:
+  name: default-pool
+spec:
+  blocks:
+    - start: {{ .Values.ciliumLoadBalancerIpRange.start}}
+      stop: {{ .Values.ciliumLoadBalancerIpRange.stop }}

kubernetes/helm_charts/cilium-lb-config/values.yaml

@@ -0,0 +1,3 @@
+ciliumLoadBalancerIpRange:
+  start: ""
+  stop: ""

kubernetes/helm_releases.tf

@@ -6,4 +6,43 @@ resource "helm_release" "argocd" {
   version          = "8.3.1"
   repository       = "https://argoproj.github.io/argo-helm"
   timeout          = 120
+  set = [
+    {
+      name  = "global.domain"
+      value = var.argocd_domain
+    },
+    {
+      name  = "configs.params.server\\.insecure"
+      value = "true"
+    },
+    {
+      name  = "server.ingress.enabled"
+      value = "true"
+    },
+    {
+      name  = "server.ingress.ingressClassName"
+      value = "cilium"
+    },
+    {
+      name  = "server.ingress.annotations.ingress\\.cilium\\.io/force-https"
+      value = "disabled"
+    },
+  ]
+}
+
+resource "helm_release" "cilium_lb_config" {
+  depends_on = [helm_release.argocd]
+  name       = "cilium-lb-config"
+  chart      = "${path.module}/helm_charts/cilium-lb-config"
+  timeout    = 60
+  set = [
+    {
+      name  = "ciliumLoadBalancerIpRange.start"
+      value = var.cilium_load_balancer_ip_range_start
+    },
+    {
+      name  = "ciliumLoadBalancerIpRange.stop"
+      value = var.cilium_load_balancer_ip_range_stop
+    },
+  ]
 }

kubernetes/variables.tf

@@ -7,3 +7,16 @@ variable "Kubernetes_config_context" {
   type      = string
   sensitive = true
 }
+
+variable "cilium_load_balancer_ip_range_start" {
+  type      = string
+}
+
+variable "cilium_load_balancer_ip_range_stop" {
+  type      = string
+}
+
+variable "argocd_domain" {
+  type      = string
+}
+