From 19da08cb1a58d3839eedc9b4c437ab92591bc676 Mon Sep 17 00:00:00 2001
From: Vargha Csongor <Culisa1023@gmail.com>
Date: Thu, 14 Mar 2024 17:00:30 +0100
Subject: [PATCH] Add ArgoCD as an optional module

---
 oci-managed/argocd/argocd.tf                  | 28 +++++++++++++++++
 .../argocd/argocd_ingress_route.tfpl.yaml     | 24 +++++++++++++++
 oci-managed/argocd/output.tf                  |  7 +++++
 oci-managed/argocd/provider.tf                | 12 ++++++++
 oci-managed/argocd/variables.tf               | 30 +++++++++++++++++++
 oci-managed/main.tf                           | 11 +++++++
 oci-managed/nlb/traefik.tf                    |  2 +-
 oci-managed/nlb/variables.tf                  |  4 +--
 oci-managed/provider.tf                       |  8 +++++
 oci-managed/traefik-values.tfpl.yaml          |  2 +-
 oci-managed/variables.tf                      |  4 +++
 11 files changed, 128 insertions(+), 4 deletions(-)
 create mode 100644 oci-managed/argocd/argocd.tf
 create mode 100644 oci-managed/argocd/argocd_ingress_route.tfpl.yaml
 create mode 100644 oci-managed/argocd/output.tf
 create mode 100644 oci-managed/argocd/provider.tf
 create mode 100644 oci-managed/argocd/variables.tf

diff --git a/oci-managed/argocd/argocd.tf b/oci-managed/argocd/argocd.tf
new file mode 100644
index 0000000..c55d072
--- /dev/null
+++ b/oci-managed/argocd/argocd.tf
@@ -0,0 +1,28 @@
+resource "helm_release" "argocd" {
+  namespace        = var.namespace
+  create_namespace = true
+  name             = "argo"
+  repository       = "https://argoproj.github.io/argo-helm"
+  chart            = "argo-cd"
+  version          = var.argocd_chart_version
+  cleanup_on_fail  = true
+
+  # Helm chart deployment can sometimes take longer than the default 5 minutes
+  timeout = var.timeout_seconds
+
+  set {
+    name  = "configs.params.server\\.insecure"
+    value = "true"
+  }
+}
+
+resource "kubectl_manifest" "dashboard-ingress" {
+  depends_on = [helm_release.argocd]
+  
+  server_side_apply = true
+
+  yaml_body  = templatefile("${path.module}/argocd_ingress_route.tfpl.yaml", {
+      namespace = var.namespace,
+      my_domain = var.my_domain
+    })
+}
\ No newline at end of file
diff --git a/oci-managed/argocd/argocd_ingress_route.tfpl.yaml b/oci-managed/argocd/argocd_ingress_route.tfpl.yaml
new file mode 100644
index 0000000..1ab1c18
--- /dev/null
+++ b/oci-managed/argocd/argocd_ingress_route.tfpl.yaml
@@ -0,0 +1,24 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: argocd-server
+  namespace: ${namespace}
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`argocd.${my_domain}`)
+      priority: 10
+      services:
+        - name: argo-argocd-server
+          port: 80
+    - kind: Rule
+      match: Host(`argocd.${my_domain}`) && Headers(`Content-Type`, `application/grpc`)
+      priority: 11
+      services:
+        - name: argo-argocd-server
+          port: 80
+          scheme: h2c
+  tls: {}
\ No newline at end of file
diff --git a/oci-managed/argocd/output.tf b/oci-managed/argocd/output.tf
new file mode 100644
index 0000000..78c9283
--- /dev/null
+++ b/oci-managed/argocd/output.tf
@@ -0,0 +1,7 @@
+output "argocd_url" {
+  value = "argocd.${var.my_domain}"
+}
+
+output "argo_helm_values_overrides" {
+  value = helm_release.argocd.metadata[0].values
+}
diff --git a/oci-managed/argocd/provider.tf b/oci-managed/argocd/provider.tf
new file mode 100644
index 0000000..88d874b
--- /dev/null
+++ b/oci-managed/argocd/provider.tf
@@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    helm = {
+      source  = "hashicorp/helm"
+      version = ">= 2.12.1"
+    }
+    kubectl = {
+      source  = "gavinbunney/kubectl"
+      version = ">= 1.14.0"
+    }
+  }
+}
\ No newline at end of file
diff --git a/oci-managed/argocd/variables.tf b/oci-managed/argocd/variables.tf
new file mode 100644
index 0000000..0769c6f
--- /dev/null
+++ b/oci-managed/argocd/variables.tf
@@ -0,0 +1,30 @@
+variable "compartment_ocid" {}
+variable "environment" {
+  default = "prod"
+}
+variable "cluster_ocid" {
+  type = string
+}
+
+variable "namespace" {
+  description = "Namespace to install argocd chart into"
+  type        = string
+  default     = "argocd"
+}
+
+variable "my_domain" {
+  type = string
+}
+
+variable "argocd_chart_version" {
+  description = "Version of argocd chart to install"
+  type        = string
+  default     = "6.7.1" # See https://artifacthub.io/packages/helm/argo/argo-cd for latest version(s)
+}
+
+# Helm chart deployment can sometimes take longer than the default 5 minutes
+variable "timeout_seconds" {
+  type        = number
+  description = "Helm chart deployment can sometimes take longer than the default 5 minutes. Set a custom timeout here."
+  default     = 800 # 10 minutes
+}
\ No newline at end of file
diff --git a/oci-managed/main.tf b/oci-managed/main.tf
index 4fc4fba..3ef146f 100644
--- a/oci-managed/main.tf
+++ b/oci-managed/main.tf
@@ -62,3 +62,14 @@ module "nlb" {
 
   depends_on = [ module.oke ]
 }
+
+module "argocd" {
+  compartment_ocid = var.compartment_ocid
+  cluster_ocid     = module.oke.cluster_ocid
+  count = var.install_argocd ? 1 : 0
+  source = "./argocd"
+
+  my_domain = var.my_domain
+
+  depends_on = [ module.nlb ]
+}
\ No newline at end of file
diff --git a/oci-managed/nlb/traefik.tf b/oci-managed/nlb/traefik.tf
index 91bb34b..5c3e8dc 100644
--- a/oci-managed/nlb/traefik.tf
+++ b/oci-managed/nlb/traefik.tf
@@ -1,5 +1,5 @@
 resource "helm_release" "traefik" {
-  namespace        = "traefik-loadbalancer"
+  namespace        = var.namespace
   create_namespace = true
   name             = "traefik"
   repository       = "https://traefik.github.io/charts"
diff --git a/oci-managed/nlb/variables.tf b/oci-managed/nlb/variables.tf
index 14eb782..ea3aa50 100644
--- a/oci-managed/nlb/variables.tf
+++ b/oci-managed/nlb/variables.tf
@@ -9,13 +9,13 @@ variable "cluster_ocid" {
 variable "namespace" {
   description = "Namespace to install traefik chart into"
   type        = string
-  default     = "traefik"
+  default     = "traefik-loadbalancer"
 }
 
 variable "traefik_chart_version" {
   description = "Version of Traefik chart to install"
   type        = string
-  default     = "21.1.0" # See https://artifacthub.io/packages/helm/traefik/traefik for latest version(s)
+  default     = "26.1.0" # See https://artifacthub.io/packages/helm/traefik/traefik for latest version(s)
 }
 
 # Helm chart deployment can sometimes take longer than the default 5 minutes
diff --git a/oci-managed/provider.tf b/oci-managed/provider.tf
index 0ef1fa6..df4131b 100644
--- a/oci-managed/provider.tf
+++ b/oci-managed/provider.tf
@@ -12,6 +12,10 @@ terraform {
       source  = "cloudflare/cloudflare"
       version = "~> 4.0"
     }
+    kubectl = {
+      source  = "gavinbunney/kubectl"
+      version = ">= 1.14.0"
+    }
   }
 }
 
@@ -33,4 +37,8 @@ provider "helm" {
 provider "cloudflare" {
   email   = var.cloudflare_api_email
   api_key = var.cloudflare_api_key
+}
+
+provider "kubectl" {
+  config_path = "oke/kubeconfig"
 }
\ No newline at end of file
diff --git a/oci-managed/traefik-values.tfpl.yaml b/oci-managed/traefik-values.tfpl.yaml
index 8bf9ea0..e96aea8 100644
--- a/oci-managed/traefik-values.tfpl.yaml
+++ b/oci-managed/traefik-values.tfpl.yaml
@@ -229,7 +229,7 @@ providers:
     # -- Load Kubernetes IngressRoute provider
     enabled: true
     # -- Allows IngressRoute to reference resources in namespace other than theirs
-    allowCrossNamespace: false
+    allowCrossNamespace: true
     # -- Allows to reference ExternalName services in IngressRoute
     allowExternalNameServices: false
     # -- Allows to return 503 when there is no endpoints available
diff --git a/oci-managed/variables.tf b/oci-managed/variables.tf
index ef3086d..64c7ad9 100644
--- a/oci-managed/variables.tf
+++ b/oci-managed/variables.tf
@@ -23,6 +23,10 @@ variable "cloudflare_origin_certificate_key" {
 variable "my_domain" {
   type = string
 }
+variable "install_argocd" {
+  type = bool
+  default = true
+}
 
 variable "region" {}
 variable "public_key_path" {}