Skip to content

DeimosCloud/terraform-kubernetes-argocd

Repository files navigation

Terraform-argocd

Setup ArgoCD on cluster using terraform. This uses the Argocd helm chart to deploy argocd into the cluster. You can pass extra params via var.values to customize your deployments

Usage

NOTE: Ensure Helm Provider and kubectl provider is configureed are correct

Argocd with Nginx Ingress Controller

# providers.tf
...
provider "helm" {
  kubernetes {
    config_path = "~/.kube/config"
  }
}

provider "kubectl" {
  load_config_file       = true
  config_path = "~/.kube/config"
}
...

# main.tf
...
locals {
  # Example annotations when using Nginx ingress controller as shown here https://argoproj.github.io/argo-cd/operator-manual/ingress/#option-1-ssl-passthrough
  argocd_ingress_annotations = {
    "kubernetes.io/ingress.class" = nginx
    "nginx.ingress.kubernetes.io/force-ssl-redirect" = "true"
    "nginx.ingress.kubernetes.io/ssl-passthrough" = "true"
  }
  argocd_repositories = {
    "private-repo" = {
      url      = "https://repo.git"
      username = "argocd"
      password = "access_token"
    },
    "git-repo" = {
      url      = "https://repo.git"
      password = var.argocd_access_token # when using access token, you pass a random username
      username = "admin"
    },
    "private-helm-chart" = {
      url  = "https://charts.jetstack.io"
      type = "helm"
      username = "foo"
      password = "bar"
    },
  ]

}

...
module "argocd" {
  source  = "DeimosCloud/argocd/kubernetes"  
  
  ingress_host        = "argocd.example.com"
  ingress_annotations = local.argocd_ingress_annotations
  repositories        = local.argocd_repositories
  # Argocd Config
  config = {
    "accounts.image-updater" = "apiKey"
  }

  # Argocd RBAC Config
  rbac_config = {
    "policy.default" = "role:readonly"
    "policy.csv"     = <<POLICY
  p, role:image-updater, applications, get, */*, allow
  p, role:image-updater, applications, update, */*, allow
  g, image-updater, role:image-updater
POLICY
  }

  module_depends_on = [module.gke]
}
...

Argocd with Azure Application Gateway Ingress Controller

locals {
  # Example annotations when using Azure application gateway Ingress Controller with Cert-manager
  argocd_ingress_annotations = {
    "cert-manager.io/cluster-issuer"           = module.cert_manager.issuer
    "appgw.ingress.kubernetes.io/ssl-redirect" = "true"
    "kubernetes.io/ingress.class"              = "azure/application-gateway"
  }
}

module "argocd" {
  source  = "DeimosCloud/argocd/kubernetes"  
  
  repositories        = local.argocd_repositories
  ingress_host        = "argocd.example.com"
  ingress_annotations = local.argocd_ingress_annotations
  server_insecure     = true # Run argocd-server in secure mode to prevent SSL conflicts with application/gateway and cert-manager

  module_depends_on = [module.gke]
}

Contributing

Report issues/questions/feature requests on in the issues section.

Full contributing guidelines are covered here.

Requirements

Name Version
terraform >= 0.14
helm >=1.2.3
kubectl >= 1.14.0

Providers

Name Version
helm 2.5.1
kubectl 1.14.0

Modules

No modules.

Resources

Name Type
helm_release.argocd resource
kubectl_manifest.extra_manifests resource
kubectl_path_documents.docs data source

Inputs

Name Description Type Default Required
chart_version version of charts string "4.5.10" no
config Additional config to be added to the Argocd configmap map {} no
image_tag Image tag to install string null no
ingress_annotations annotations to pass to the ingress map {} no
ingress_host The ingress host any null no
ingress_tls_secret The TLS secret name for argocd ingress string "argocd-tls" no
manifests Raw manifests to be applied after argocd is deployed list(string) [] no
manifests_directory Path/URL to directory that contains manifest files to be applied after argocd is deployed string "" no
namespace The namespace to deploy argocd into string "argocd" no
rbac_config Additional rbac config to be added to the Argocd rbac configmap map {} no
repositories A list of repository defintions
map(object({
url = string
type = optional(string)
username = optional(string)
password = optional(string)
sshPrivateKey = optional(string)
}))
{} no
server_extra_args Extra arguments passed to argoCD server list [] no
server_insecure Whether to run the argocd-server with --insecure flag. Useful when disabling argocd-server tls default protocols to provide your certificates bool false no
values A terraform map of extra values to pass to the Argocd Helm map {} no
values_files Path to values files be passed to the Argocd Helm Deployment list(string) [] no

Outputs

Name Description
namespace the kubernetes namespace of the release
release_name the name of the release
server_url The server URL of argocd created by ingress