argocd.tf
1 resource "kubernetes_namespace" "argocd" { 2 metadata { name = "argocd" } 3 } 4 5 resource "helm_release" "argocd" { 6 name = "argocd" 7 namespace = kubernetes_namespace.argocd.metadata[0].name 8 create_namespace = true 9 repository = "https://argoproj.github.io/argo-helm" 10 chart = "argo-cd" 11 version = "5.53.12" 12 13 # todo: switch to github oauth 14 values = [<<YAML 15 global: 16 networkPolicy: 17 enabled: true 18 defaultDenyIngress: true 19 20 configs: 21 params: 22 server.insecure: true 23 cm: 24 url: https://cd.super.fish 25 admin.enabled: false 26 # Controls which people are allowed to login 27 dex.config: | 28 connectors: 29 - type: github 30 id: github 31 name: GitHub 32 config: 33 clientID: ${var.argocd_openid_client_id} 34 clientSecret: $oidc:github.clientSecret 35 redirectURI: https://cd.super.fish/dex/callback 36 loadAllGroups: true 37 orgs: 38 - name: superfishial 39 teams: 40 - superlodons 41 scopes: 42 - email 43 - profile 44 - groups 45 teamNameField: slug 46 useLoginAsID: true 47 # Controls what permissions users get once they login 48 rbac: 49 policy.default: "role:admin" 50 scopes: "[orgs, repos]" 51 52 redis-ha: 53 enabled: true 54 hardAntiAffinity: false 55 haproxy: 56 enabled: true 57 hardAntiAffinity: false 58 controller: 59 replicas: 2 60 resources: 61 requests: 62 cpu: 250m 63 memory: 256Mi 64 limits: 65 cpu: '2' 66 memory: 2Gi 67 server: 68 replicas: 2 69 resources: 70 requests: 71 cpu: 50m 72 memory: 64Mi 73 limits: 74 cpu: 500m 75 memory: 256Mi 76 metrics: 77 enabled: true 78 serviceMonitor: 79 enabled: true 80 ingress: 81 enabled: true 82 hosts: 83 - cd.super.fish 84 annotations: 85 kubernetes.io/tls-acme: "true" 86 tls: 87 - hosts: 88 - cd.super.fish 89 secretName: cd.super.fish 90 repoServer: 91 replicas: 2 92 extraArgs: 93 - --parallelismlimit=8 94 resources: 95 requests: 96 cpu: 25m 97 memory: 128Mi 98 limits: 99 cpu: '1' 100 memory: 1Gi 101 applicationSet: 102 replicaCount: 2 103 resources: 104 requests: 105 cpu: 10m 106 memory: 96Mi 107 limits: 108 cpu: 100m 109 memory: 256Mi 110 YAML 111 ] 112 depends_on = [helm_release.longhorn, kubectl_manifest.coreos_crds] 113 } 114 115 resource "kubernetes_secret" "argocd_repo_creds" { 116 for_each = var.argocd_github_app_installations 117 metadata { 118 name = "org-repo-creds-${lower(each.key)}" 119 namespace = kubernetes_namespace.argocd.metadata[0].name 120 labels = { 121 "argocd.argoproj.io/secret-type" : "repo-creds" 122 } 123 } 124 data = { 125 type = "git" 126 url = "https://github.com/${each.key}" 127 githubAppID = var.argocd_github_app_id 128 githubAppInstallationID = each.value 129 githubAppPrivateKey = var.argocd_github_app_private_key 130 } 131 } 132 133 resource "kubernetes_secret" "argocd_oidc" { 134 metadata { 135 name = "oidc" 136 namespace = kubernetes_namespace.argocd.metadata[0].name 137 labels = { "app.kubernetes.io/part-of" : "argocd" } 138 } 139 data = { "github.clientSecret" : var.argocd_openid_client_secret } 140 }