-
Notifications
You must be signed in to change notification settings - Fork 97
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
1e577e6
commit 7848535
Showing
5 changed files
with
317 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
## Requirements | ||
|
||
No requirements. | ||
|
||
## Providers | ||
|
||
| Name | Version | | ||
|------|---------| | ||
| google | n/a | | ||
| helm | n/a | | ||
|
||
## Inputs | ||
|
||
| Name | Description | Type | Default | Required | | ||
|------|-------------|------|---------|:--------:| | ||
| apex\_domain | The apex domain to be allocated to the cluster | `string` | n/a | yes | | ||
| cluster\_id | A random generated to uniqly name cluster resources | `string` | n/a | yes | | ||
| cluster\_location | The location (region or zone) in which the cluster master will be created. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region | `string` | n/a | yes | | ||
| cluster\_name | Name of the Kubernetes cluster | `string` | n/a | yes | | ||
| gcp\_project | The name of the GCP project | `string` | n/a | yes | | ||
| jenkins\_x\_namespace | Kubernetes namespace to install Jenkins X in | `string` | n/a | yes | | ||
| cluster\_network | The name of the network (VPC) to which the cluster is connected | `string` | `"default"` | no | | ||
| cluster\_subnetwork | The name of the subnetwork to which the cluster is connected. Leave blank when using the 'default' vpc to generate a subnet for your cluster | `string` | `""` | no | | ||
| content | Interpolated jx-requirements.yml | `string` | `""` | no | | ||
| helm\_settings | Additional settings which will be passed to the Helm chart values, see https://artifacthub.io/packages/helm/argo/argo-cd | `map(any)` | `{}` | no | | ||
| jx\_bot\_token | Bot token used to interact with the Jenkins X cluster git repository | `string` | `""` | no | | ||
| jx\_bot\_username | Bot username used to interact with the Jenkins X cluster git repository | `string` | `""` | no | | ||
| jx\_git\_operator\_version | The jx-git-operator helm chart version | `string` | `"0.0.192"` | no | | ||
| jx\_git\_url | URL for the Jenins X cluster git repository | `string` | `""` | no | | ||
| kuberhealthy | Enable Kuberhealthy helm installation | `bool` | `true` | no | | ||
|
||
## Outputs | ||
|
||
| Name | Description | | ||
|------|-------------| | ||
| argocd\_sa\_email | n/a | | ||
| argocd\_sa\_name | n/a | | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,135 @@ | ||
// ---------------------------------------------------------------------------- | ||
// Create and configure the Argo CD installation | ||
// | ||
// ---------------------------------------------------------------------------- | ||
locals {} | ||
|
||
resource "helm_release" "bootstrap" { | ||
provider = helm | ||
name = "argocd" | ||
chart = "argo-cd" | ||
namespace = "argocd" | ||
repository = "https://argoproj.github.io/argo-helm" | ||
version = "5.6.1" | ||
create_namespace = true | ||
values = [ | ||
jsonencode( | ||
{ | ||
"controller" : { | ||
"serviceAccount" : { | ||
"annotations" : { | ||
"iam.gke.io/gcp-service-account" : "argocd-${var.cluster_name}@${var.gcp_project}.iam.gserviceaccount.com" | ||
} | ||
}, | ||
}, | ||
"repoServer" : { | ||
"autoscaling" : { | ||
"enabled" : true, | ||
"minReplicas" : 2 | ||
}, | ||
"initContainers" : [ | ||
{ | ||
"name" : "download-tools", | ||
"image" : "ghcr.io/helmfile/helmfile:v0.147.0", | ||
"command" : [ | ||
"sh", | ||
"-c" | ||
], | ||
"args" : [ | ||
"wget -qO /custom-tools/argo-cd-helmfile.sh https://raw.githubusercontent.com/travisghansen/argo-cd-helmfile/master/src/argo-cd-helmfile.sh && chmod +x /custom-tools/argo-cd-helmfile.sh && mv /usr/local/bin/helmfile /custom-tools/helmfile" | ||
], | ||
"volumeMounts" : [ | ||
{ | ||
"mountPath" : "/custom-tools", | ||
"name" : "custom-tools" | ||
} | ||
] | ||
} | ||
], | ||
"serviceAccount" : { | ||
"annotations" : { | ||
"iam.gke.io/gcp-service-account" : "argocd-${var.cluster_name}@${var.gcp_project}.iam.gserviceaccount.com" | ||
} | ||
}, | ||
"volumes" : [ | ||
{ | ||
"name" : "custom-tools", | ||
"emptyDir" : {} | ||
} | ||
], | ||
"volumeMounts" : [ | ||
{ | ||
"mountPath" : "/usr/local/bin/argo-cd-helmfile.sh", | ||
"name" : "custom-tools", | ||
"subPath" : "argo-cd-helmfile.sh" | ||
}, | ||
{ | ||
"mountPath" : "/usr/local/bin/helmfile", | ||
"name" : "custom-tools", | ||
"subPath" : "helmfile" | ||
} | ||
] | ||
}, | ||
"server" : { | ||
"autoscaling" : { | ||
"enabled" : true, | ||
"minReplicas" : 2 | ||
} | ||
"ingress" : { | ||
"enabled" : true, | ||
"annotations" : { | ||
"nginx.ingress.kubernetes.io/backend-protocol" : "HTTPS", | ||
"nginx.ingress.kubernetes.io/force-ssl-redirect" : "true", | ||
"nginx.ingress.kubernetes.io/ssl-passthrough" : "true" | ||
}, | ||
"hosts" : [ | ||
"argocd.${var.apex_domain}" | ||
], | ||
"serviceAccount" : { | ||
"annotations" : { | ||
"iam.gke.io/gcp-service-account" : "argocd-${var.cluster_name}@${var.gcp_project}.iam.gserviceaccount.com" | ||
} | ||
} | ||
} | ||
} | ||
} | ||
) | ||
] | ||
|
||
set { | ||
name = "server.config.configManagementPlugins" | ||
value = <<-EOT | ||
- name: helmfile | ||
init: # Optional command to initialize application source directory | ||
command: ["argo-cd-helmfile.sh"] | ||
args: ["init"] | ||
generate: # Command to generate manifests YAML | ||
command: ["argo-cd-helmfile.sh"] | ||
args: ["generate"] | ||
EOT | ||
} | ||
set { | ||
name = "configs.credentialTemplates.https-creds.url" | ||
value = regex("\\w+://\\w+\\.\\w+", var.jx_git_url) | ||
} | ||
set_sensitive { | ||
name = "configs.credentialTemplates.https-creds.username" | ||
value = var.jx_bot_username | ||
} | ||
set_sensitive { | ||
name = "configs.credentialTemplates.https-creds.password" | ||
value = var.jx_bot_token | ||
} | ||
|
||
dynamic "set" { | ||
for_each = var.helm_values | ||
content { | ||
name = set.key | ||
value = set.value | ||
} | ||
} | ||
|
||
lifecycle { | ||
# ignore_changes = all | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
output "argocd_sa_email" { | ||
value = google_service_account.argocd_sa.email | ||
} | ||
|
||
output "argocd_sa_name" { | ||
value = google_service_account.argocd_sa.name | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
// ---------------------------------------------------------------------------- | ||
// Setup GCloud Service Accounts | ||
// | ||
// https://www.terraform.io/docs/providers/google/r/google_service_account.html | ||
// https://www.terraform.io/docs/providers/google/r/google_project_iam.html#google_project_iam_member | ||
// ---------------------------------------------------------------------------- | ||
// argocd | ||
resource "google_service_account" "argocd_sa" { | ||
provider = google | ||
account_id = "argocd-${var.cluster_name}" | ||
display_name = substr("ArgoCD service account for cluster ${var.cluster_name}", 0, 100) | ||
} | ||
|
||
resource "google_project_iam_member" "argocd_sa_secret_manager_admin_binding" { | ||
project = var.gcp_project | ||
provider = google | ||
role = "roles/secretmanager.admin" | ||
member = "serviceAccount:${google_service_account.argocd_sa.email}" | ||
} | ||
|
||
resource "google_project_iam_member" "argocd_sa_container_developer_binding" { | ||
project = var.gcp_project | ||
provider = google | ||
role = "roles/container.developer" | ||
member = "serviceAccount:${google_service_account.argocd_sa.email}" | ||
} | ||
|
||
resource "google_service_account_iam_member" "argocd_app_controller_sa_workload_identity_user" { | ||
provider = google | ||
service_account_id = google_service_account.argocd_sa.name | ||
role = "roles/iam.workloadIdentityUser" | ||
member = "serviceAccount:${var.gcp_project}.svc.id.goog[argocd/argocd-application-controller]" | ||
} | ||
|
||
resource "google_service_account_iam_member" "argocd_repo_server_sa_workload_identity_user" { | ||
provider = google | ||
service_account_id = google_service_account.argocd_sa.name | ||
role = "roles/iam.workloadIdentityUser" | ||
member = "serviceAccount:${var.gcp_project}.svc.id.goog[argocd/argocd-repo-server]" | ||
} | ||
|
||
resource "google_service_account_iam_member" "argocd_server_sa_workload_identity_user" { | ||
provider = google | ||
service_account_id = google_service_account.argocd_sa.name | ||
role = "roles/iam.workloadIdentityUser" | ||
member = "serviceAccount:${var.gcp_project}.svc.id.goog[argocd/argocd-server]" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,90 @@ | ||
// ---------------------------------------------------------------------------- | ||
// Required Variables | ||
// ---------------------------------------------------------------------------- | ||
variable "gcp_project" { | ||
description = "The name of the GCP project" | ||
type = string | ||
} | ||
|
||
variable "cluster_location" { | ||
description = "The location (region or zone) in which the cluster master will be created. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region" | ||
type = string | ||
} | ||
|
||
variable "cluster_network" { | ||
description = "The name of the network (VPC) to which the cluster is connected" | ||
type = string | ||
default = "default" | ||
} | ||
|
||
variable "cluster_subnetwork" { | ||
description = "The name of the subnetwork to which the cluster is connected. Leave blank when using the 'default' vpc to generate a subnet for your cluster" | ||
type = string | ||
default = "" | ||
} | ||
|
||
variable "cluster_name" { | ||
description = "Name of the Kubernetes cluster" | ||
type = string | ||
} | ||
|
||
variable "apex_domain" { | ||
description = "The apex domain to be allocated to the cluster" | ||
type = string | ||
} | ||
|
||
variable "jenkins_x_namespace" { | ||
description = "Kubernetes namespace to install Jenkins X in" | ||
type = string | ||
} | ||
|
||
variable "cluster_id" { | ||
description = "A random generated to uniqly name cluster resources" | ||
type = string | ||
} | ||
|
||
// ---------------------------------------------------------------------------- | ||
// Optional Variables | ||
// ---------------------------------------------------------------------------- | ||
|
||
variable "jx_git_url" { | ||
description = "URL for the Jenins X cluster git repository" | ||
type = string | ||
default = "" | ||
} | ||
|
||
variable "jx_bot_username" { | ||
description = "Bot username used to interact with the Jenkins X cluster git repository" | ||
type = string | ||
default = "" | ||
} | ||
|
||
variable "jx_bot_token" { | ||
description = "Bot token used to interact with the Jenkins X cluster git repository" | ||
type = string | ||
default = "" | ||
} | ||
|
||
variable "jx_git_operator_version" { | ||
description = "The jx-git-operator helm chart version" | ||
type = string | ||
default = "0.0.192" | ||
} | ||
|
||
variable "kuberhealthy" { | ||
description = "Enable Kuberhealthy helm installation" | ||
type = bool | ||
default = true | ||
} | ||
|
||
variable "content" { | ||
description = "Interpolated jx-requirements.yml" | ||
type = string | ||
default = "" | ||
} | ||
|
||
variable "helm_values" { | ||
type = map(any) | ||
description = "Additional settings which will be passed to the Helm chart values, see https://artifacthub.io/packages/helm/argo/argo-cd" | ||
default = {} | ||
} |