Added Helm chart for argocd app of apps, made the setup more configurable

2026-01-08 17:52:50 +01:00
parent 8b774d6fb1
commit a24a2bd969
8 changed files with 184 additions and 23 deletions
--- a/kubernetes/.terraform.lock.hcl
+++ b/kubernetes/.terraform.lock.hcl
@@ -17,3 +17,19 @@ provider "registry.opentofu.org/hashicorp/helm" {
    "zh:f6fe7ecfafc344f4e6aecacf5ae12ac73b94389b9679dcd0f04fc5ff45bdc066",
  ]
 }
 provider "registry.opentofu.org/hashicorp/kubernetes" {
  version = "3.0.1"
  hashes = [
    "h1:e0dSpTDhKjin6KYIwLWTR+AHVC7wWlU3VfIx27n1bec=",
    "zh:0a6aff192781cfd062efe814d87ec21c84273005a685c818fb3c771ec9fd7051",
    "zh:129f10760e8c727f7b593111e0026aa36aeb28c98f6500c749007aabba402332",
    "zh:4a0995010f32949b1fbe580db15e76c73ba15aa265f73a7e535addd15dfade0d",
    "zh:8b518be59029e8f0ad0767dbbd87f169ac6c906e50636314f8a5ff3c952f0ad5",
    "zh:a2f1c113ae07dc5da8410d7a93b7e9ad24c3f17db357f090e6d68b41ed52e616",
    "zh:b1d3604a2f545beae0965305d7bca821076cc9127fc34a77eef01c2d0cf916d2",
    "zh:c2f2d371018d77affce46fee8b9a9ff0d27c4d5c3c64f8bce654e7c8d3305dc1",
    "zh:c7cf958fb9bb429086ff1d371a4b824ec601ec0913dddaf85cd2e38d73ca7ec0",
    "zh:f7753278388598c8e27140c5700e5699a0131926df8dad362f86ad67c36585ea",
  ]
 }
--- a/kubernetes/helm_charts/argocd-base-application/Chart.yaml
+++ b/kubernetes/helm_charts/argocd-base-application/Chart.yaml
@@ -0,0 +1,23 @@
 apiVersion: v2
 name: argocd-base-application
 description: Helm chart for installing the ArgoCD base application
 # A chart can be either an 'application' or a 'library' chart.
 #
 # Application charts are a collection of templates that can be packaged into versioned archives
 # to be deployed.
 #
 # Library charts provide useful utilities or functions for the chart developer. They're included as
 # a dependency of application charts to inject those utilities and functions into the rendering
 # pipeline. Library charts do not define any templates and therefore cannot be deployed.
 type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
 version: 0.1.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 appVersion: "1.0"
--- a/kubernetes/helm_charts/argocd-base-application/templates/argocd-base-application.yaml
+++ b/kubernetes/helm_charts/argocd-base-application/templates/argocd-base-application.yaml
@@ -0,0 +1,16 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: applications
  namespace: argocd
  finalizers:
  - resources-finalizer.argocd.argoproj.io
 spec:
  project: default
  destination:
    server: https://kubernetes.default.svc
    namespace: argocd
  source:
    {{- toYaml .Values.source | nindent 4 }}
  syncPolicy:
    {{- toYaml .Values.syncPolicy | nindent 4 }}
--- a/kubernetes/helm_charts/argocd-base-application/values.yaml
+++ b/kubernetes/helm_charts/argocd-base-application/values.yaml
@@ -0,0 +1,2 @@
 source: {}
 syncPolicy: {}
--- a/kubernetes/helm_releases.tf
+++ b/kubernetes/helm_releases.tf
@@ -3,34 +3,14 @@ resource "helm_release" "argocd" {
  namespace        = "argocd"
  create_namespace = true
  chart            = "argo-cd"
-  version          = "9.1.0"
+  version          = "9.2.4"
  repository       = "https://argoproj.github.io/argo-helm"
  timeout          = 120
-  set = [
+  set              = local.argocd_values
    {
      name  = "global.domain"
      value = var.argocd_domain
    },
    {
      name  = "configs.params.server\\.insecure"
      value = "true"
    },
    {
      name  = "server.ingress.enabled"
      value = "true"
    },
    {
      name  = "server.ingress.ingressClassName"
      value = "cilium"
    },
    {
      name  = "server.ingress.annotations.ingress\\.cilium\\.io/force-https"
      value = "disabled"
    },
  ]
 }
 resource "helm_release" "cilium_lb_config" {
  count      = var.install_cilium_lb_config ? 1 : 0
  depends_on = [helm_release.argocd]
  name       = "cilium-lb-config"
  chart      = "${path.module}/helm_charts/cilium-lb-config"
@@ -46,3 +26,21 @@ resource "helm_release" "cilium_lb_config" {
    },
  ]
 }
 resource "helm_release" "argocd_app_of_apps" {
  count      = var.install_argocd_app_of_apps ? 1 : 0
  depends_on = [helm_release.argocd]
  name       = "cilium-lb-config"
  chart      = "${path.module}/helm_charts/cilium-lb-config"
  timeout    = 60
  set = [
    {
      name  = "source"
      value = var.argocd_app_of_apps_source
    },
    {
      name  = "syncPolicy"
      value = var.argocd_app_of_apps_sync_policy
    },
  ]
 }
--- a/kubernetes/locals.tf
+++ b/kubernetes/locals.tf
@@ -0,0 +1,31 @@
 locals {
  argocd_values = concat(
    [
      {
        name  = "global.domain"
        value = var.argocd_domain
      },
    ],
    var.argocd_server_insecure ? [
      {
        name  = "configs.params.server\\.insecure"
        value = "true"
      },
      ] : [
      {
        name  = "configs.params.server\\.insecure"
        value = "false"
      },
    ],
    var.argocd_ingress_enabled ? [
      {
        name  = "server.ingress.enabled"
        value = "true"
      },
      {
        name  = "server.ingress.ingressClassName"
        value = "cilium"
      },
    ] : []
  )
 }
--- a/kubernetes/secrets.tf
+++ b/kubernetes/secrets.tf
@@ -0,0 +1,17 @@
 resource "kubernetes_secret_v1" "argocd_app_of_apps_git_repo" {
  count      = var.install_argocd_app_of_apps_git_repo_secret ? 1 : 0
  depends_on = [helm_release.argocd_app_of_apps]
  metadata {
    namespace = "argocd"
    name      = "argocd-app-of-apps-git-repo"
    labels = {
      "argocd.argoproj.io/secret-type" = "repository"
    }
  }
  data = {
    type     = "git"
    url      = var.argocd_app_of_apps_git_repo_secret_url
    username = "git"
    password = var.argocd_app_of_apps_git_repo_secret_token
  }
 }
--- a/kubernetes/variables.tf
+++ b/kubernetes/variables.tf
@@ -8,6 +8,11 @@ variable "Kubernetes_config_context" {
  sensitive = true
 }
 variable "install_cilium_lb_config" {
  type    = bool
  default = true
 }
 variable "cilium_load_balancer_ip_range_start" {
  type = string
 }
@@ -20,3 +25,56 @@ variable "argocd_domain" {
  type = string
 }
 variable "argocd_server_insecure" {
  type    = bool
  default = true
 }
 variable "argocd_ingress_enabled" {
  type    = bool
  default = true
 }
 variable "install_argocd_app_of_apps" {
  type    = bool
  default = false
 }
 variable "argocd_app_of_apps_source" {
  type    = string
  default = <<-EOT
 source:
  repoURL: https://github.com/max-pfeiffer/proxmox-talos-opentofu
  targetRevision: main
  path: argocd/root
  directory:
    recurse: true
 EOT
 }
 variable "argocd_app_of_apps_sync_policy" {
  type    = string
  default = <<-EOT
 syncPolicy:
  automated:
    prune: true
    selfHeal: true
  syncOptions:
  - SkipDryRunOnMissingResource=true
 EOT
 }
 variable "install_argocd_app_of_apps_git_repo_secret" {
  type    = bool
  default = false
 }
 variable "argocd_app_of_apps_git_repo_secret_url" {
  type    = string
  default = ""
 }
 variable "argocd_app_of_apps_git_repo_secret_token" {
  type    = string
  default = ""
 }