Add ArgoCD as an optional module

2025-08-12 13:59:09 +02:00 · 2024-03-14 17:00:30 +01:00
parent 4f744da328
commit 19da08cb1a
11 changed files with 128 additions and 4 deletions
--- a/oci-managed/argocd/argocd.tf
+++ b/oci-managed/argocd/argocd.tf
@@ -0,0 +1,28 @@
+resource "helm_release" "argocd" {
+  namespace        = var.namespace
+  create_namespace = true
+  name             = "argo"
+  repository       = "https://argoproj.github.io/argo-helm"
+  chart            = "argo-cd"
+  version          = var.argocd_chart_version
+  cleanup_on_fail  = true
+
+  # Helm chart deployment can sometimes take longer than the default 5 minutes
+  timeout = var.timeout_seconds
+
+  set {
+    name  = "configs.params.server\\.insecure"
+    value = "true"
+  }
+}
+
+resource "kubectl_manifest" "dashboard-ingress" {
+  depends_on = [helm_release.argocd]
+  
+  server_side_apply = true
+
+  yaml_body  = templatefile("${path.module}/argocd_ingress_route.tfpl.yaml", {
+      namespace = var.namespace,
+      my_domain = var.my_domain
+    })
+}
--- a/oci-managed/argocd/argocd_ingress_route.tfpl.yaml
+++ b/oci-managed/argocd/argocd_ingress_route.tfpl.yaml
@@ -0,0 +1,24 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: argocd-server
+  namespace: ${namespace}
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`argocd.${my_domain}`)
+      priority: 10
+      services:
+        - name: argo-argocd-server
+          port: 80
+    - kind: Rule
+      match: Host(`argocd.${my_domain}`) && Headers(`Content-Type`, `application/grpc`)
+      priority: 11
+      services:
+        - name: argo-argocd-server
+          port: 80
+          scheme: h2c
+  tls: {}
--- a/oci-managed/argocd/output.tf
+++ b/oci-managed/argocd/output.tf
@@ -0,0 +1,7 @@
+output "argocd_url" {
+  value = "argocd.${var.my_domain}"
+}
+
+output "argo_helm_values_overrides" {
+  value = helm_release.argocd.metadata[0].values
+}
--- a/oci-managed/argocd/provider.tf
+++ b/oci-managed/argocd/provider.tf
@@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    helm = {
+      source  = "hashicorp/helm"
+      version = ">= 2.12.1"
+    }
+    kubectl = {
+      source  = "gavinbunney/kubectl"
+      version = ">= 1.14.0"
+    }
+  }
+}
--- a/oci-managed/argocd/variables.tf
+++ b/oci-managed/argocd/variables.tf
@@ -0,0 +1,30 @@
+variable "compartment_ocid" {}
+variable "environment" {
+  default = "prod"
+}
+variable "cluster_ocid" {
+  type = string
+}
+
+variable "namespace" {
+  description = "Namespace to install argocd chart into"
+  type        = string
+  default     = "argocd"
+}
+
+variable "my_domain" {
+  type = string
+}
+
+variable "argocd_chart_version" {
+  description = "Version of argocd chart to install"
+  type        = string
+  default     = "6.7.1" # See https://artifacthub.io/packages/helm/argo/argo-cd for latest version(s)
+}
+
+# Helm chart deployment can sometimes take longer than the default 5 minutes
+variable "timeout_seconds" {
+  type        = number
+  description = "Helm chart deployment can sometimes take longer than the default 5 minutes. Set a custom timeout here."
+  default     = 800 # 10 minutes
+}
--- a/oci-managed/main.tf
+++ b/oci-managed/main.tf
@@ -62,3 +62,14 @@ module "nlb" {

  depends_on = [ module.oke ]
 }
+
+module "argocd" {
+  compartment_ocid = var.compartment_ocid
+  cluster_ocid     = module.oke.cluster_ocid
+  count = var.install_argocd ? 1 : 0
+  source = "./argocd"
+
+  my_domain = var.my_domain
+
+  depends_on = [ module.nlb ]
+}
--- a/oci-managed/nlb/traefik.tf
+++ b/oci-managed/nlb/traefik.tf
@@ -1,5 +1,5 @@
 resource "helm_release" "traefik" {
-  namespace        = "traefik-loadbalancer"
+  namespace        = var.namespace
  create_namespace = true
  name             = "traefik"
  repository       = "https://traefik.github.io/charts"
--- a/oci-managed/nlb/variables.tf
+++ b/oci-managed/nlb/variables.tf
@@ -9,13 +9,13 @@ variable "cluster_ocid" {
 variable "namespace" {
  description = "Namespace to install traefik chart into"
  type        = string
-  default     = "traefik"
+  default     = "traefik-loadbalancer"
 }

 variable "traefik_chart_version" {
  description = "Version of Traefik chart to install"
  type        = string
-  default     = "21.1.0" # See https://artifacthub.io/packages/helm/traefik/traefik for latest version(s)
+  default     = "26.1.0" # See https://artifacthub.io/packages/helm/traefik/traefik for latest version(s)
 }

 # Helm chart deployment can sometimes take longer than the default 5 minutes
--- a/oci-managed/provider.tf
+++ b/oci-managed/provider.tf
@@ -12,6 +12,10 @@ terraform {
      source  = "cloudflare/cloudflare"
      version = "~> 4.0"
    }
+    kubectl = {
+      source  = "gavinbunney/kubectl"
+      version = ">= 1.14.0"
+    }
  }
 }

@@ -33,4 +37,8 @@ provider "helm" {
 provider "cloudflare" {
  email   = var.cloudflare_api_email
  api_key = var.cloudflare_api_key
+}
+
+provider "kubectl" {
+  config_path = "oke/kubeconfig"
 }
--- a/oci-managed/traefik-values.tfpl.yaml
+++ b/oci-managed/traefik-values.tfpl.yaml
@@ -229,7 +229,7 @@ providers:
    # -- Load Kubernetes IngressRoute provider
    enabled: true
    # -- Allows IngressRoute to reference resources in namespace other than theirs
-    allowCrossNamespace: false
+    allowCrossNamespace: true
    # -- Allows to reference ExternalName services in IngressRoute
    allowExternalNameServices: false
    # -- Allows to return 503 when there is no endpoints available
--- a/oci-managed/variables.tf
+++ b/oci-managed/variables.tf
@@ -23,6 +23,10 @@ variable "cloudflare_origin_certificate_key" {
 variable "my_domain" {
  type = string
 }
+variable "install_argocd" {
+  type = bool
+  default = true
+}

 variable "region" {}
 variable "public_key_path" {}