Added Helm chart for argocd app of apps, made the setup more configurable

2026-01-08 17:52:50 +01:00
parent 8b774d6fb1
commit a24a2bd969
8 changed files with 184 additions and 23 deletions
--- a/kubernetes/.terraform.lock.hcl
+++ b/kubernetes/.terraform.lock.hcl
@@ -17,3 +17,19 @@ provider "registry.opentofu.org/hashicorp/helm" {
    "zh:f6fe7ecfafc344f4e6aecacf5ae12ac73b94389b9679dcd0f04fc5ff45bdc066",
  ]
 }
+
+provider "registry.opentofu.org/hashicorp/kubernetes" {
+  version = "3.0.1"
+  hashes = [
+    "h1:e0dSpTDhKjin6KYIwLWTR+AHVC7wWlU3VfIx27n1bec=",
+    "zh:0a6aff192781cfd062efe814d87ec21c84273005a685c818fb3c771ec9fd7051",
+    "zh:129f10760e8c727f7b593111e0026aa36aeb28c98f6500c749007aabba402332",
+    "zh:4a0995010f32949b1fbe580db15e76c73ba15aa265f73a7e535addd15dfade0d",
+    "zh:8b518be59029e8f0ad0767dbbd87f169ac6c906e50636314f8a5ff3c952f0ad5",
+    "zh:a2f1c113ae07dc5da8410d7a93b7e9ad24c3f17db357f090e6d68b41ed52e616",
+    "zh:b1d3604a2f545beae0965305d7bca821076cc9127fc34a77eef01c2d0cf916d2",
+    "zh:c2f2d371018d77affce46fee8b9a9ff0d27c4d5c3c64f8bce654e7c8d3305dc1",
+    "zh:c7cf958fb9bb429086ff1d371a4b824ec601ec0913dddaf85cd2e38d73ca7ec0",
+    "zh:f7753278388598c8e27140c5700e5699a0131926df8dad362f86ad67c36585ea",
+  ]
+}
--- a/kubernetes/helm_charts/argocd-base-application/Chart.yaml
+++ b/kubernetes/helm_charts/argocd-base-application/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+name: argocd-base-application
+description: Helm chart for installing the ArgoCD base application
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+appVersion: "1.0"
--- a/kubernetes/helm_charts/argocd-base-application/templates/argocd-base-application.yaml
+++ b/kubernetes/helm_charts/argocd-base-application/templates/argocd-base-application.yaml
@@ -0,0 +1,16 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: applications
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: argocd
+  source:
+    {{- toYaml .Values.source | nindent 4 }}
+  syncPolicy:
+    {{- toYaml .Values.syncPolicy | nindent 4 }}
--- a/kubernetes/helm_charts/argocd-base-application/values.yaml
+++ b/kubernetes/helm_charts/argocd-base-application/values.yaml
@@ -0,0 +1,2 @@
+source: {}
+syncPolicy: {}
--- a/kubernetes/helm_releases.tf
+++ b/kubernetes/helm_releases.tf
@@ -3,34 +3,14 @@ resource "helm_release" "argocd" {
  namespace        = "argocd"
  create_namespace = true
  chart            = "argo-cd"
-  version          = "9.1.0"
+  version          = "9.2.4"
  repository       = "https://argoproj.github.io/argo-helm"
  timeout          = 120
-  set = [
-    {
-      name  = "global.domain"
-      value = var.argocd_domain
-    },
-    {
-      name  = "configs.params.server\\.insecure"
-      value = "true"
-    },
-    {
-      name  = "server.ingress.enabled"
-      value = "true"
-    },
-    {
-      name  = "server.ingress.ingressClassName"
-      value = "cilium"
-    },
-    {
-      name  = "server.ingress.annotations.ingress\\.cilium\\.io/force-https"
-      value = "disabled"
-    },
-  ]
+  set              = local.argocd_values
 }

 resource "helm_release" "cilium_lb_config" {
+  count      = var.install_cilium_lb_config ? 1 : 0
  depends_on = [helm_release.argocd]
  name       = "cilium-lb-config"
  chart      = "${path.module}/helm_charts/cilium-lb-config"
@@ -46,3 +26,21 @@ resource "helm_release" "cilium_lb_config" {
    },
  ]
 }
+
+resource "helm_release" "argocd_app_of_apps" {
+  count      = var.install_argocd_app_of_apps ? 1 : 0
+  depends_on = [helm_release.argocd]
+  name       = "cilium-lb-config"
+  chart      = "${path.module}/helm_charts/cilium-lb-config"
+  timeout    = 60
+  set = [
+    {
+      name  = "source"
+      value = var.argocd_app_of_apps_source
+    },
+    {
+      name  = "syncPolicy"
+      value = var.argocd_app_of_apps_sync_policy
+    },
+  ]
+}
--- a/kubernetes/locals.tf
+++ b/kubernetes/locals.tf
@@ -0,0 +1,31 @@
+locals {
+  argocd_values = concat(
+    [
+      {
+        name  = "global.domain"
+        value = var.argocd_domain
+      },
+    ],
+    var.argocd_server_insecure ? [
+      {
+        name  = "configs.params.server\\.insecure"
+        value = "true"
+      },
+      ] : [
+      {
+        name  = "configs.params.server\\.insecure"
+        value = "false"
+      },
+    ],
+    var.argocd_ingress_enabled ? [
+      {
+        name  = "server.ingress.enabled"
+        value = "true"
+      },
+      {
+        name  = "server.ingress.ingressClassName"
+        value = "cilium"
+      },
+    ] : []
+  )
+}
--- a/kubernetes/secrets.tf
+++ b/kubernetes/secrets.tf
@@ -0,0 +1,17 @@
+resource "kubernetes_secret_v1" "argocd_app_of_apps_git_repo" {
+  count      = var.install_argocd_app_of_apps_git_repo_secret ? 1 : 0
+  depends_on = [helm_release.argocd_app_of_apps]
+  metadata {
+    namespace = "argocd"
+    name      = "argocd-app-of-apps-git-repo"
+    labels = {
+      "argocd.argoproj.io/secret-type" = "repository"
+    }
+  }
+  data = {
+    type     = "git"
+    url      = var.argocd_app_of_apps_git_repo_secret_url
+    username = "git"
+    password = var.argocd_app_of_apps_git_repo_secret_token
+  }
+}
--- a/kubernetes/variables.tf
+++ b/kubernetes/variables.tf
@@ -8,6 +8,11 @@ variable "Kubernetes_config_context" {
  sensitive = true
 }

+variable "install_cilium_lb_config" {
+  type    = bool
+  default = true
+}
+
 variable "cilium_load_balancer_ip_range_start" {
  type = string
 }
@@ -20,3 +25,56 @@ variable "argocd_domain" {
  type = string
 }

+variable "argocd_server_insecure" {
+  type    = bool
+  default = true
+}
+
+variable "argocd_ingress_enabled" {
+  type    = bool
+  default = true
+}
+
+variable "install_argocd_app_of_apps" {
+  type    = bool
+  default = false
+}
+
+variable "argocd_app_of_apps_source" {
+  type    = string
+  default = <<-EOT
+source:
+  repoURL: https://github.com/max-pfeiffer/proxmox-talos-opentofu
+  targetRevision: main
+  path: argocd/root
+  directory:
+    recurse: true
+EOT
+}
+
+variable "argocd_app_of_apps_sync_policy" {
+  type    = string
+  default = <<-EOT
+syncPolicy:
+  automated:
+    prune: true
+    selfHeal: true
+  syncOptions:
+  - SkipDryRunOnMissingResource=true
+EOT
+}
+
+variable "install_argocd_app_of_apps_git_repo_secret" {
+  type    = bool
+  default = false
+}
+
+variable "argocd_app_of_apps_git_repo_secret_url" {
+  type    = string
+  default = ""
+}
+
+variable "argocd_app_of_apps_git_repo_secret_token" {
+  type    = string
+  default = ""
+}