Skip to content

Latest commit

 

History

History
183 lines (157 loc) · 13.9 KB

README.md

File metadata and controls

183 lines (157 loc) · 13.9 KB

Project Octal: ArgoCD

Simplifies the deployment and management of ArgoCD on a Kubernetes cluster.

New in v1.0.0:

  • No longer relies on the banzaicloud/k8s provider.
  • Can be deployed alongside any ingress controller.
  • Deployable without SSL (if you're into that kind of thing...)
  • This module no longer relies on external modules.

IMPORTANT: Upgrading from v0.0.X to v1.0.X

If you're currently on version v0.0.5 or older the following steps need to be followed to prevent potential disruption. The following steps assume the root ArgoCD module was created with the name my_argocd

# Import the ArgoCD CRDs
terraform import -var-file=secrets.tfvars 'module.my_argocd.kubernetes_manifest.app_projects' "apiVersion=apiextensions.k8s.io/v1,kind=CustomResourceDefinition,name=appprojects.argoproj.io"
terraform import -var-file=secrets.tfvars 'module.my_argocd.kubernetes_manifest.applications' "apiVersion=apiextensions.k8s.io/v1,kind=CustomResourceDefinition,name=applications.argoproj.io"

# Delete the old ArgoCD CRD references from the statefile
terraform state rm 'module.my_argocd.k8s_manifest.app_projects'
terraform state rm 'module.my_argocd.k8s_manifest.applications'

# Lastly, run a Terraform apply to make sure the states are synced up.
terraform apply -var-file secrets.tfvars

Example

module "argocd" {
  source  = "project-octal/argocd/kubernetes"
  version = "1.0.0"

  namespace              = "kube-argocd"
  argocd_server_replicas = 2
  argocd_repo_replicas   = 2
  enable_dex             = false

  ingress_enabled    = true
  ingress_host       = "argocd.arroyo.turnbros.app"
  ingress_path       = "/"
  ingress_class_name = module.traefik.ingress_class
  ingress_annotations = {
    "traefik.ingress.kubernetes.io/router.entrypoints" : "websecure"
    "traefik.ingress.kubernetes.io/router.tls" : "true"
  }
  ingress_cert_issuer_annotation = {
    "cert-manager.io/cluster-issuer" : module.cert_manager.cert_issuer
  }

  argocd_server_requests = {
    cpu = "300m"
    memory = "256Mi"
  }
  argocd_server_limits = {
    cpu = "600m"
    memory = "512Mi"
  }

  repo_server_exec_timeout = "300"
  argocd_repo_requests = {
    cpu = "300m"
    memory = "256Mi"
  }
  argocd_repo_limits = {
    cpu = "600m"
    memory = "512Mi"
  }
  argocd_repositories = [
    {
      name = "Helm-Main"
      type = "helm"
      url = "https://charts.helm.sh/stable"
    }
  ]

  oidc_config = {
    name                      = var.argocd_oidc_name
    issuer                    = var.argocd_oidc_issuer
    client_id                 = var.argocd_oidc_client_id
    client_secret             = var.argocd_oidc_client_secret
    requested_scopes          = var.argocd_oidc_requested_scopes
    requested_id_token_claims = var.argocd_oidc_requested_id_token_claims
  }
}

Requirements

Name Version
terraform >= 0.14, < 2.0.0
kubernetes >= 2.8.0

Providers

Name Version
kubernetes 2.8.0

Modules

Name Source Version
argocd_application_controller ./argocd-application-controller n/a
argocd_dex ./argocd-dex n/a
argocd_redis ./argocd-redis n/a
argocd_repo_server ./argocd-repo-server n/a
argocd_server ./argocd-server n/a

Resources

Name Type
kubernetes_config_map.argocd_cm resource
kubernetes_config_map.argocd_gpg_keys_cm resource
kubernetes_config_map.argocd_rbac_cm resource
kubernetes_config_map.argocd_redis_ha_configmap resource
kubernetes_config_map.argocd_ssh_known_hosts_cm resource
kubernetes_config_map.argocd_tls_certs_cm resource
kubernetes_manifest.app_projects resource
kubernetes_manifest.applications resource
kubernetes_namespace.argocd_namespace resource
kubernetes_secret.argocd_secret resource

Inputs

Name Description Type Default Required
argocd_git_repositories A list of credentials that ArgoCD will use when pulling from configured repositories. list(map(any)) [] no
argocd_image_name The image to use when deploying ArgoCD string "argoproj/argocd" no
argocd_image_repository The image repository to use when pulling images. string "docker.io" no
argocd_image_tag The version of ArgoCD to deploy. string "v2.2.2" no
argocd_repo_limits n/a
object({
cpu : string
memory : string
})
{
"cpu": null,
"memory": null
}
no
argocd_repo_replicas ##################################### # ArgoCD Repo Server Configuration ## ##################################### number 2 no
argocd_repo_requests n/a
object({
cpu : string
memory : string
})
{
"cpu": "300m",
"memory": "256Mi"
}
no
argocd_repositories A list of repositories that ArgoCD might pull from. list(map(any)) [] no
argocd_repository_credentials A list of repositories that ArgoCD might pull from. list(map(any)) [] no
argocd_server_limits n/a
object({
cpu : string
memory : string
})
{
"cpu": null,
"memory": null
}
no
argocd_server_replicas #################################### # ArgoCD App Server Configuration ## #################################### number 2 no
argocd_server_requests n/a
object({
cpu : string
memory : string
})
{
"cpu": "300m",
"memory": "256Mi"
}
no
dex_image_name The name of the Dex image to use string "dexidp/dex" no
dex_image_repository The repository that the dex image will be obtained from string "docker.io" no
dex_image_tag The version of the Dex Docker image to deploy. string "2.30.0" no
enable_anonymous_access Enables anonymous user access. The anonymous users get default role permissions specified argocd-rbac-cm.yaml. bool false no
enable_dex Determines whether or not to deploy Dex alongside ArgoCD bool true no
enable_ha_redis n/a bool false no
enable_status_badge Enables application status badge feature bool false no
haproxy_image_name n/a string "haproxy" no
haproxy_image_repository n/a string "docker.io" no
haproxy_image_tag Defines which docker image tag to use for HAProxy string "2.4.8-alpine" no
helm_chat_text The text for getting chat help string "Chat now!" no
help_chat_url The URL for getting chat help, this will typically be your Slack channel for support string null no
image_pull_policy Determines when the image should be pulled prior to starting the container. Always: Always pull the image. | IfNotPresent: Only pull the image if it does not already exist on the node. | Never: Never pull the image string "Always" no
ingress_annotations A map of annotations to add to the ingress resource map(string) {} no
ingress_cert_issuer_annotation The cluster certificate issuer to use when creating a TLS certificate for the ingress. needs to be set here so the tls block is defined on the ingress resource. map(string) {} no
ingress_class_name The ingress class that the ArgoCD ingress record should reference. string null no
ingress_enabled If set to true an ingress route will be created for ArgoCD bool true no
ingress_host Argo CD's externally facing host. Required when configuring SSO string null no
ingress_path A string or an extended POSIX regular expression as defined by IEEE Std 1003.1 string "/" no
labels Extra Kubernetes labels to include with the resources created by this module map(string) {} no
namespace The namespace this ArgoCD deployment will reside in. string "argocd" no
namespace_annotations Additional ArgoCD namespace annotations (e.g. for linkerd.io/inject: enabled for mesh things) map(string) {} no
oidc_config OIDC authorization provider settings. For more information please refer to: https://argoproj.github.io/argo-cd/operator-manual/user-management/#existing-oidc-provider
object({
name : string,
issuer : string,
client_id : string,
client_secret : string,
requested_scopes : list(string),
requested_id_token_claims : map(any)
})
null no
oidc_group_claim The name of the claim that contains the list of groups a user belongs to string null no
pod_affinity_topology_key n/a string "topology.kubernetes.io/zone" no
redis_image_name n/a string "redis" no
redis_image_repository n/a string "docker.io" no
redis_image_tag The version of the Redis Docker image to deploy. string "6.2.6-alpine" no
repo_server_exec_timeout n/a string "300s" no
repository_credentials A list of git repositories that ArgoCD will be configured to use. list(map(any)) [] no

Outputs

Name Description
namespace n/a