Add ArgoCD as an optional module

oci-managed/argocd/argocd.tf

@@ -0,0 +1,28 @@
+resource "helm_release" "argocd" {
+  namespace        = var.namespace
+  create_namespace = true
+  name             = "argo"
+  repository       = "https://argoproj.github.io/argo-helm"
+  chart            = "argo-cd"
+  version          = var.argocd_chart_version
+  cleanup_on_fail  = true
+
+  # Helm chart deployment can sometimes take longer than the default 5 minutes
+  timeout = var.timeout_seconds
+
+  set {
+    name  = "configs.params.server\\.insecure"
+    value = "true"
+  }
+}
+
+resource "kubectl_manifest" "dashboard-ingress" {
+  depends_on = [helm_release.argocd]
+  
+  server_side_apply = true
+
+  yaml_body  = templatefile("${path.module}/argocd_ingress_route.tfpl.yaml", {
+      namespace = var.namespace,
+      my_domain = var.my_domain
+    })
+}

oci-managed/argocd/argocd_ingress_route.tfpl.yaml

@@ -0,0 +1,24 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: argocd-server
+  namespace: ${namespace}
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`argocd.${my_domain}`)
+      priority: 10
+      services:
+        - name: argo-argocd-server
+          port: 80
+    - kind: Rule
+      match: Host(`argocd.${my_domain}`) && Headers(`Content-Type`, `application/grpc`)
+      priority: 11
+      services:
+        - name: argo-argocd-server
+          port: 80
+          scheme: h2c
+  tls: {}

oci-managed/argocd/output.tf

@@ -0,0 +1,7 @@
+output "argocd_url" {
+  value = "argocd.${var.my_domain}"
+}
+
+output "argo_helm_values_overrides" {
+  value = helm_release.argocd.metadata[0].values
+}

oci-managed/argocd/provider.tf

@@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    helm = {
+      source  = "hashicorp/helm"
+      version = ">= 2.12.1"
+    }
+    kubectl = {
+      source  = "gavinbunney/kubectl"
+      version = ">= 1.14.0"
+    }
+  }
+}

oci-managed/argocd/variables.tf

@@ -0,0 +1,30 @@
+variable "compartment_ocid" {}
+variable "environment" {
+  default = "prod"
+}
+variable "cluster_ocid" {
+  type = string
+}
+
+variable "namespace" {
+  description = "Namespace to install argocd chart into"
+  type        = string
+  default     = "argocd"
+}
+
+variable "my_domain" {
+  type = string
+}
+
+variable "argocd_chart_version" {
+  description = "Version of argocd chart to install"
+  type        = string
+  default     = "6.7.1" # See https://artifacthub.io/packages/helm/argo/argo-cd for latest version(s)
+}
+
+# Helm chart deployment can sometimes take longer than the default 5 minutes
+variable "timeout_seconds" {
+  type        = number
+  description = "Helm chart deployment can sometimes take longer than the default 5 minutes. Set a custom timeout here."
+  default     = 800 # 10 minutes
+}

oci-managed/main.tf

@@ -62,3 +62,14 @@ module "nlb" {
 
   depends_on = [ module.oke ]
 }
+
+module "argocd" {
+  compartment_ocid = var.compartment_ocid
+  cluster_ocid     = module.oke.cluster_ocid
+  count = var.install_argocd ? 1 : 0
+  source = "./argocd"
+
+  my_domain = var.my_domain
+
+  depends_on = [ module.nlb ]
+}

oci-managed/nlb/traefik.tf

@@ -1,5 +1,5 @@
 resource "helm_release" "traefik" {
-  namespace        = "traefik-loadbalancer"
+  namespace        = var.namespace
   create_namespace = true
   name             = "traefik"
   repository       = "https://traefik.github.io/charts"

oci-managed/nlb/variables.tf

@@ -9,13 +9,13 @@ variable "cluster_ocid" {
 variable "namespace" {
   description = "Namespace to install traefik chart into"
   type        = string
-  default     = "traefik"
+  default     = "traefik-loadbalancer"
 }
 
 variable "traefik_chart_version" {
   description = "Version of Traefik chart to install"
   type        = string
-  default     = "21.1.0" # See https://artifacthub.io/packages/helm/traefik/traefik for latest version(s)
+  default     = "26.1.0" # See https://artifacthub.io/packages/helm/traefik/traefik for latest version(s)
 }
 
 # Helm chart deployment can sometimes take longer than the default 5 minutes

oci-managed/provider.tf

@@ -12,6 +12,10 @@ terraform {
       source  = "cloudflare/cloudflare"
       version = "~> 4.0"
     }
+    kubectl = {
+      source  = "gavinbunney/kubectl"
+      version = ">= 1.14.0"
+    }
   }
 }
 
@@ -34,3 +38,7 @@ provider "cloudflare" {
   email   = var.cloudflare_api_email
   api_key = var.cloudflare_api_key
 }
+
+provider "kubectl" {
+  config_path = "oke/kubeconfig"
+}

oci-managed/traefik-values.tfpl.yaml

@@ -229,7 +229,7 @@ providers:
     # -- Load Kubernetes IngressRoute provider
     enabled: true
     # -- Allows IngressRoute to reference resources in namespace other than theirs
-    allowCrossNamespace: false
+    allowCrossNamespace: true
     # -- Allows to reference ExternalName services in IngressRoute
     allowExternalNameServices: false
     # -- Allows to return 503 when there is no endpoints available

oci-managed/variables.tf

@@ -23,6 +23,10 @@ variable "cloudflare_origin_certificate_key" {
 variable "my_domain" {
   type = string
 }
+variable "install_argocd" {
+  type = bool
+  default = true
+}
 
 variable "region" {}
 variable "public_key_path" {}