diff --git a/kubernetes/.terraform.lock.hcl b/kubernetes/.terraform.lock.hcl index 310068d..dad943a 100644 --- a/kubernetes/.terraform.lock.hcl +++ b/kubernetes/.terraform.lock.hcl @@ -17,3 +17,19 @@ provider "registry.opentofu.org/hashicorp/helm" { "zh:f6fe7ecfafc344f4e6aecacf5ae12ac73b94389b9679dcd0f04fc5ff45bdc066", ] } + +provider "registry.opentofu.org/hashicorp/kubernetes" { + version = "3.0.1" + hashes = [ + "h1:e0dSpTDhKjin6KYIwLWTR+AHVC7wWlU3VfIx27n1bec=", + "zh:0a6aff192781cfd062efe814d87ec21c84273005a685c818fb3c771ec9fd7051", + "zh:129f10760e8c727f7b593111e0026aa36aeb28c98f6500c749007aabba402332", + "zh:4a0995010f32949b1fbe580db15e76c73ba15aa265f73a7e535addd15dfade0d", + "zh:8b518be59029e8f0ad0767dbbd87f169ac6c906e50636314f8a5ff3c952f0ad5", + "zh:a2f1c113ae07dc5da8410d7a93b7e9ad24c3f17db357f090e6d68b41ed52e616", + "zh:b1d3604a2f545beae0965305d7bca821076cc9127fc34a77eef01c2d0cf916d2", + "zh:c2f2d371018d77affce46fee8b9a9ff0d27c4d5c3c64f8bce654e7c8d3305dc1", + "zh:c7cf958fb9bb429086ff1d371a4b824ec601ec0913dddaf85cd2e38d73ca7ec0", + "zh:f7753278388598c8e27140c5700e5699a0131926df8dad362f86ad67c36585ea", + ] +} diff --git a/kubernetes/helm_charts/argocd-base-application/Chart.yaml b/kubernetes/helm_charts/argocd-base-application/Chart.yaml new file mode 100644 index 0000000..a3a78fc --- /dev/null +++ b/kubernetes/helm_charts/argocd-base-application/Chart.yaml @@ -0,0 +1,23 @@ +apiVersion: v2 +name: argocd-base-application +description: Helm chart for installing the ArgoCD base application + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +appVersion: "1.0" \ No newline at end of file diff --git a/kubernetes/helm_charts/argocd-base-application/templates/argocd-base-application.yaml b/kubernetes/helm_charts/argocd-base-application/templates/argocd-base-application.yaml new file mode 100644 index 0000000..f14e041 --- /dev/null +++ b/kubernetes/helm_charts/argocd-base-application/templates/argocd-base-application.yaml @@ -0,0 +1,16 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: applications + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + destination: + server: https://kubernetes.default.svc + namespace: argocd + source: + {{- toYaml .Values.source | nindent 4 }} + syncPolicy: + {{- toYaml .Values.syncPolicy | nindent 4 }} \ No newline at end of file diff --git a/kubernetes/helm_charts/argocd-base-application/values.yaml b/kubernetes/helm_charts/argocd-base-application/values.yaml new file mode 100644 index 0000000..ba3b5b6 --- /dev/null +++ b/kubernetes/helm_charts/argocd-base-application/values.yaml @@ -0,0 +1,2 @@ +source: {} +syncPolicy: {} diff --git a/kubernetes/helm_releases.tf b/kubernetes/helm_releases.tf index 262bf23..2b88fc8 100644 --- a/kubernetes/helm_releases.tf +++ b/kubernetes/helm_releases.tf @@ -3,34 +3,14 @@ resource "helm_release" "argocd" { namespace = "argocd" create_namespace = true chart = "argo-cd" - version = "9.1.0" + version = "9.2.4" repository = "https://argoproj.github.io/argo-helm" timeout = 120 - set = [ - { - name = "global.domain" - value = var.argocd_domain - }, - { - name = "configs.params.server\\.insecure" - value = "true" - }, - { - name = "server.ingress.enabled" - value = "true" - }, - { - name = "server.ingress.ingressClassName" - value = "cilium" - }, - { - name = "server.ingress.annotations.ingress\\.cilium\\.io/force-https" - value = "disabled" - }, - ] + set = local.argocd_values } resource "helm_release" "cilium_lb_config" { + count = var.install_cilium_lb_config ? 1 : 0 depends_on = [helm_release.argocd] name = "cilium-lb-config" chart = "${path.module}/helm_charts/cilium-lb-config" @@ -46,3 +26,21 @@ resource "helm_release" "cilium_lb_config" { }, ] } + +resource "helm_release" "argocd_app_of_apps" { + count = var.install_argocd_app_of_apps ? 1 : 0 + depends_on = [helm_release.argocd] + name = "cilium-lb-config" + chart = "${path.module}/helm_charts/cilium-lb-config" + timeout = 60 + set = [ + { + name = "source" + value = var.argocd_app_of_apps_source + }, + { + name = "syncPolicy" + value = var.argocd_app_of_apps_sync_policy + }, + ] +} \ No newline at end of file diff --git a/kubernetes/locals.tf b/kubernetes/locals.tf new file mode 100644 index 0000000..26abefd --- /dev/null +++ b/kubernetes/locals.tf @@ -0,0 +1,31 @@ +locals { + argocd_values = concat( + [ + { + name = "global.domain" + value = var.argocd_domain + }, + ], + var.argocd_server_insecure ? [ + { + name = "configs.params.server\\.insecure" + value = "true" + }, + ] : [ + { + name = "configs.params.server\\.insecure" + value = "false" + }, + ], + var.argocd_ingress_enabled ? [ + { + name = "server.ingress.enabled" + value = "true" + }, + { + name = "server.ingress.ingressClassName" + value = "cilium" + }, + ] : [] + ) +} diff --git a/kubernetes/secrets.tf b/kubernetes/secrets.tf new file mode 100644 index 0000000..8c556df --- /dev/null +++ b/kubernetes/secrets.tf @@ -0,0 +1,17 @@ +resource "kubernetes_secret_v1" "argocd_app_of_apps_git_repo" { + count = var.install_argocd_app_of_apps_git_repo_secret ? 1 : 0 + depends_on = [helm_release.argocd_app_of_apps] + metadata { + namespace = "argocd" + name = "argocd-app-of-apps-git-repo" + labels = { + "argocd.argoproj.io/secret-type" = "repository" + } + } + data = { + type = "git" + url = var.argocd_app_of_apps_git_repo_secret_url + username = "git" + password = var.argocd_app_of_apps_git_repo_secret_token + } +} diff --git a/kubernetes/variables.tf b/kubernetes/variables.tf index 2e297dd..b09b424 100644 --- a/kubernetes/variables.tf +++ b/kubernetes/variables.tf @@ -8,6 +8,11 @@ variable "Kubernetes_config_context" { sensitive = true } +variable "install_cilium_lb_config" { + type = bool + default = true +} + variable "cilium_load_balancer_ip_range_start" { type = string } @@ -20,3 +25,56 @@ variable "argocd_domain" { type = string } +variable "argocd_server_insecure" { + type = bool + default = true +} + +variable "argocd_ingress_enabled" { + type = bool + default = true +} + +variable "install_argocd_app_of_apps" { + type = bool + default = false +} + +variable "argocd_app_of_apps_source" { + type = string + default = <<-EOT +source: + repoURL: https://github.com/max-pfeiffer/proxmox-talos-opentofu + targetRevision: main + path: argocd/root + directory: + recurse: true +EOT +} + +variable "argocd_app_of_apps_sync_policy" { + type = string + default = <<-EOT +syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - SkipDryRunOnMissingResource=true +EOT +} + +variable "install_argocd_app_of_apps_git_repo_secret" { + type = bool + default = false +} + +variable "argocd_app_of_apps_git_repo_secret_url" { + type = string + default = "" +} + +variable "argocd_app_of_apps_git_repo_secret_token" { + type = string + default = "" +}