diff --git a/kubernetes/configuration.auto.tfvars.example b/kubernetes/configuration.auto.tfvars.example index 7fbc0ac..d838ae3 100644 --- a/kubernetes/configuration.auto.tfvars.example +++ b/kubernetes/configuration.auto.tfvars.example @@ -3,8 +3,32 @@ kubernetes_config_path = "~/.kube/config" Kubernetes_config_context = "admin@yourclustername" # Cilium Load Balancer +install_cilium_lb_config = false cilium_load_balancer_ip_range_start = "192.168.10.95" cilium_load_balancer_ip_range_stop = "192.168.10.99" # ArgoCD -argocd_domain = "argocd.local" +argocd_domain = "argocd.local" +argocd_server_insecure = true +argocd_ingress_enabled = true + +## App of Apps +install_argocd_app_of_apps = false +argocd_app_of_apps_source = <<-EOT +repoURL: https://github.com/you/yourrepo.git +targetRevision: main +path: argocd +directory: + recurse: true +EOT +argocd_app_of_apps_sync_policy = <<-EOT +automated: + prune: true + selfHeal: true +syncOptions: +- SkipDryRunOnMissingResource=true +EOT +install_argocd_app_of_apps_git_repo_secret = false +argocd_app_of_apps_git_repo_secret_url = "https://github.com/you/yourrepo.git" +argocd_app_of_apps_git_repo_secret_password_or_token = "github_pat_OLImf09435459hfjoi9m435298524jtfjn45i8tmnmds329023jdhn" + diff --git a/kubernetes/locals.tf b/kubernetes/locals.tf index 0e2b89e..1e6aff5 100644 --- a/kubernetes/locals.tf +++ b/kubernetes/locals.tf @@ -11,7 +11,7 @@ locals { name = "configs.params.server\\.insecure" value = "true" }, - ] : [], + ] : [], var.argocd_ingress_enabled ? [ { name = "server.ingress.enabled" diff --git a/kubernetes/secrets.tf b/kubernetes/secrets.tf index 10cd37a..6a28d4a 100644 --- a/kubernetes/secrets.tf +++ b/kubernetes/secrets.tf @@ -11,7 +11,7 @@ resource "kubernetes_secret_v1" "argocd_app_of_apps_git_repo" { data = { type = "git" url = var.argocd_app_of_apps_git_repo_secret_url - username = "git" - password = var.argocd_app_of_apps_git_repo_secret_token + username = var.argocd_app_of_apps_git_repo_secret_username + password = var.argocd_app_of_apps_git_repo_secret_password_or_token } } diff --git a/kubernetes/variables.tf b/kubernetes/variables.tf index 4885beb..5f153c5 100644 --- a/kubernetes/variables.tf +++ b/kubernetes/variables.tf @@ -1,49 +1,62 @@ variable "kubernetes_config_path" { - type = string - sensitive = true + description = "Path to kubeconfig for this cluster" + type = string + sensitive = true } variable "Kubernetes_config_context" { - type = string - sensitive = true + description = "Name of the Kubernetes context in kubeconfig" + type = string + sensitive = true } variable "install_cilium_lb_config" { - type = bool - default = true + description = "Flag for installing CiliumL2AnnouncementPolicy and CiliumLoadBalancerIPPool via the Helm chart with OpenTofu" + type = bool + default = true } variable "cilium_load_balancer_ip_range_start" { - type = string + description = "IP range start for CiliumLoadBalancerIPPool in Helm chart" + type = string } variable "cilium_load_balancer_ip_range_stop" { - type = string + description = "IP range stop for CiliumLoadBalancerIPPool in Helm chart" + type = string } variable "argocd_domain" { - type = string + description = "The FQDN for ArgoCD application" + type = string } +# See: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#configuring-tls-for-argocd-server variable "argocd_server_insecure" { - type = bool - default = true + description = "Flag for disabling internal TLS with --insecure in ArgoCD Helm chart" + type = bool + default = true } variable "argocd_ingress_enabled" { - type = bool - default = true + description = "Flag for enabling/disabling creating an Ingress in ArgoCD Helm chart" + type = bool + default = true } +# See: https://argo-cd.readthedocs.io/en/latest/operator-manual/cluster-bootstrapping/#app-of-apps-pattern variable "install_argocd_app_of_apps" { - type = bool - default = false + description = "Flag for bootstrapping ArgoCD with an App of Apps" + type = bool + default = false } +# See: https://argo-cd.readthedocs.io/en/latest/user-guide/application-specification/ variable "argocd_app_of_apps_source" { - type = string - default = <<-EOT -repoURL: https://github.com/max-pfeiffer/proxmox-talos-opentofu + description = "Source section of ArgoCD Application CRD, use it to configure a git repository of your choice" + type = string + default = <<-EOT +repoURL: https://github.com/max-pfeiffer/proxmox-talos-opentofu.git targetRevision: feature/make-gitops-part-configurable path: argocd directory: @@ -51,9 +64,11 @@ directory: EOT } +# See: https://argo-cd.readthedocs.io/en/latest/user-guide/application-specification/ variable "argocd_app_of_apps_sync_policy" { - type = string - default = <<-EOT + description = "syncPolicy section of ArgoCD Application CRD, use it to configure syncPolicy settings of your choice" + type = string + default = <<-EOT automated: prune: true selfHeal: true @@ -62,17 +77,27 @@ syncOptions: EOT } +# See: https://argo-cd.readthedocs.io/en/stable/user-guide/private-repositories/ variable "install_argocd_app_of_apps_git_repo_secret" { - type = bool - default = false + description = "Flag for provisioning the credentials for a private App of Apps repo in ArgoCD namespace with OpenTofu" + type = bool + default = false } variable "argocd_app_of_apps_git_repo_secret_url" { - type = string - default = "" + description = "Repository URL for your private App of Apps repository" + type = string + default = "https://github.com/max-pfeiffer/proxmox-talos-opentofu.git" } -variable "argocd_app_of_apps_git_repo_secret_token" { - type = string - default = "" +variable "argocd_app_of_apps_git_repo_secret_username" { + description = "Username for your private App of Apps repository" + type = string + default = "git" +} + +variable "argocd_app_of_apps_git_repo_secret_password_or_token" { + description = "Password or token for your private App of Apps repository" + type = string + default = "yourtoken" }