-
Notifications
You must be signed in to change notification settings - Fork 1.4k
/
main.tf
121 lines (100 loc) · 3.68 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
module "helm_addon" {
source = "../helm-addon"
helm_config = local.helm_config
irsa_config = null
addon_context = var.addon_context
depends_on = [kubernetes_namespace_v1.this]
}
resource "kubernetes_namespace_v1" "this" {
count = try(local.helm_config["create_namespace"], true) && local.helm_config["namespace"] != "kube-system" ? 1 : 0
metadata {
name = local.helm_config["namespace"]
}
}
# ---------------------------------------------------------------------------------------------------------------------
# ArgoCD App of Apps Bootstrapping (Helm)
# ---------------------------------------------------------------------------------------------------------------------
resource "helm_release" "argocd_application" {
for_each = { for k, v in var.applications : k => merge(local.default_argocd_application, v) if merge(local.default_argocd_application, v).type == "helm" }
name = each.key
chart = "${path.module}/argocd-application/helm"
version = "1.0.0"
namespace = local.helm_config["namespace"]
# Application Meta.
set {
name = "name"
value = each.key
}
set {
name = "project"
value = each.value.project
}
# Source Config.
set {
name = "source.repoUrl"
value = each.value.repo_url
}
set {
name = "source.targetRevision"
value = each.value.target_revision
}
set {
name = "source.path"
value = each.value.path
}
set {
name = "source.helm.releaseName"
value = each.key
}
set {
name = "source.helm.values"
value = yamlencode(merge(
{ repo_url = each.value.repo_url },
each.value.values,
local.global_application_values,
each.value.add_on_application ? var.addon_config : {}
))
}
# Destination Config.
set {
name = "destination.server"
value = each.value.destination
}
depends_on = [module.helm_addon]
}
# ---------------------------------------------------------------------------------------------------------------------
# ArgoCD App of Apps Bootstrapping (Kustomize)
# ---------------------------------------------------------------------------------------------------------------------
resource "kubectl_manifest" "argocd_kustomize_application" {
for_each = { for k, v in var.applications : k => merge(local.default_argocd_application, v) if merge(local.default_argocd_application, v).type == "kustomize" }
yaml_body = templatefile("${path.module}/argocd-application/kubectl/application.yaml.tftpl",
{
name = each.key
namespace = each.value.namespace
project = each.value.project
sourceRepoUrl = each.value.repo_url
sourceTargetRevision = each.value.target_revision
sourcePath = each.value.path
destinationServer = each.value.destination
}
)
depends_on = [module.helm_addon]
}
# ---------------------------------------------------------------------------------------------------------------------
# Private Repo Access
# ---------------------------------------------------------------------------------------------------------------------
resource "kubernetes_secret" "argocd_gitops" {
for_each = { for k, v in var.applications : k => v if try(v.ssh_key_secret_name, null) != null }
metadata {
name = "${each.key}-repo-secret"
namespace = local.helm_config["namespace"]
labels = { "argocd.argoproj.io/secret-type" : "repository" }
}
data = {
insecure = lookup(each.value, "insecure", false)
sshPrivateKey = data.aws_secretsmanager_secret_version.ssh_key_version[each.key].secret_string
type = "git"
url = each.value.repo_url
}
depends_on = [module.helm_addon]
}