gitops_repo stuff

inventory/group_vars/all/vault

@@ -1,45 +1,48 @@
 $ANSIBLE_VAULT;1.1;AES256
-64663430633139373631396663666636393739316561306337343739656662353265636131383136
-3030366331636534613365656334613431343065356136360a636134326366616534653966653131
-63353732653834376235303666656561373438623166323634356235343438666266633032663736
-6534383464383364660a386435636439646437646531373838326138363165356631323461313331
-34626261333331323065333564313635633332613861326431396436643934353234346663366466
-32333763646231353666663537613231656639663336333231323933336461633065633364663830
-33633661343337316461373837623633633764373033343731616262393662376166356665633630
-61353136353061316336316237316535346661383265623437656163663635343065303938373466
-37326264393962363338613361616137626235616135373239383863333537663565326135316432
-37353832343531623432396363356133616132396630396536326635653762343932363830633331
-64363030616135383331333038353133393431636463636534386633393135653132353134306333
-37373630333337386637393766636165313934313239623839363761393563666236396539383235
-31326335366536656365373665313136316361646565343066663734323936386334393836343963
-39393063326665613162626134343961366633633830643564313138643230313965313337666236
-65383437316333633334633963366563393265356135653132383066343938353365663135623937
-38383762346236316465373135313530613133663635323236646266633836633362633961346464
-30623864383236636364316137663664623138656437633032626165653635363265613764313538
-63303638666461326264383733623962653366356430613130363564366661383534346230336133
-34633033376264643332386532636166333637656533366266386535316466633236323936326463
-30663236393437346262343166616161386238396334313334323537626661656465616364333562
-36346461353034363434656432613966636464653437386133376139653564313833616332646361
-61316462333630333333353063343739313562663563646362396432383239346132336130666164
-66626338313763656537343664306530393138376236353330373336363131336363336462326133
-39623136323666373132336638313164353963653663353963333966626632326266656537643234
-36396339633433313035343463343362346262653465303763356234663438366461663833343631
-33343362396161313363346565376662376136396364663438303332626135366231353633323539
-64613136343130363230396362366133356237303139633264373437613239363137393538306663
-36623761353639303137386530373533643339366230373264633632316132666333653637356632
-65643730323066393838626135363239616566666461623663646562363039376565343732393435
-64616330306166643465333263643333646132643739353764653366313436646439353235313638
-30383138316432393530346231623033386333613261323939643965613266663964366465636539
-62356664353531303263326436303831653865626332336166343966653036383733363830313836
-30653638316230633538323935613535346332373135366133386234303437323666363836323563
-65323434316236323962316234646339323165646330363030366332643030366434323532386235
-63313462393238326364386664363137656233343237666632366432363966616631313166663765
-65393266656335363966366438303336656438323531613132356436633838316332336463653234
-64356533373133383063306530376138613333373430363539626664663065356538643134636263
-35666631393362336531346435626630353366323065316362353465326263316435633535653066
-65383466376266333330323330353863636635636565383162313736386465613934303866633732
-65396366663939353430663732313231663333643831306565656631616638363333373839323636
-65653666633434363635303032316639643932616436646164633064343063326230616333653330
-38613039373162656438643866303538653938376561323532356232386433323966323561626666
-33353235633738373230333236393537356265633034666362303965343236333334626565633263
-37633065333632323162
+30396438623664666166343436333839303362376134303338343133383930636462323033313463
+3632373930636132636438326331656633663362626563610a363263353235346230636363373636
+36363436626134353966316432306430623237663430656635623064623733373865336433643637
+3361326261366434390a616365633234353834663864333439386335636231623531303536623265
+65636166633431306665616166303465636434666537373034316636383132666164356532663163
+66626365313938393737613665623264633766313837393732653862393831336334316162326135
+36373934333733343064323530323363333166633735386463613462323866303031393865656636
+61323634646663326237653836343861323239386436343935333630383633393561383464366565
+30336264623636363665613839663737666466393862323236663632336538656162343732303539
+30313864633138363432663164323139303062613466323130336333656266623431616234376537
+61353862383531333231333861303665333635333763396535343661323161386230633161353361
+32626566303734623732643862643763333561363532303832643963366537326130663535303239
+66303966363763633438636437366464376161343636336639373937623533373861333835353962
+37653864376161333637633835643630656663386361616338366631306631303837396433666663
+34363565316634306635356434376137663430636561623763646362623134663665653166353239
+64333634623362353437356136613262303466613861303065376334653365336464333965313364
+36356133306632353066636666656433393639633130323334306565666562623632653063613162
+36383165323231653939393236356538613033313764626333356531623434343530633533303638
+36336137353564373131653661366531336364383330353234306139343133336137356433396462
+61323065353431363635613135616562373739333265363764646466316564366265353334383162
+31393730396666393039653363343539663937333137303037323661613365343034356661653261
+31326335336638306234393934626635376661646336666662386332656665353030373664646138
+32323662313839393662343261616539646635613833656262613061626237636431323764376336
+31306334386338333033656561623037353166303564623930383033376465396136306638623232
+34633331326637303465306365656435373232633338643035353930303533333733336235636165
+62356133303033396363623034643635633736613766643033313165623832373530386337386661
+33396336626162663436656465623165336331303637313865333738633732376162633138363563
+35626163656430626636393237376632316563336636656130663661623065633366393765633061
+35346562616565626262323538346333376664373565313331633532623538316661353736383431
+66306132326236623662316666346363666362616464306365666232323534643439323765663133
+38663039633261633261393532616563396337666561386661333630356535373039613465646164
+30656333353437343664663138653539353365656364356532666263356164306433653831613265
+62336364303361633833376132366330626363636139626139363664616233633437303366633037
+37653866326139363361303834643435643833663566386435373638636334363139323463613564
+35313066333366333233393762383537376334353733646665663737326566326564646366353338
+64303363373430383462363337623431313034326263323864366632633033616363386365646431
+65323236306263316530363031636165333539306433643363653165613362643939636361326138
+37323737643632313063386433323636386636396262346538393134336532306435613134626533
+31663639653038383132623835613331653662323830396534613136623935616262633235643730
+35383639616463336232333936626334303632656466303061653439356130386133386665653862
+32333864363639633831346239313830643965646338346637663136646565623065313836646230
+34313664306464346464376234336265323233633336616665613261646363316130363137343066
+63393738663238626130376535303132646563323637373734376465376263396334633637616465
+36363139626537366434303438393934666366623937316231643331646337386330653137626536
+65356639323937316363393234326532396539353833613132393532306362393637666637366238
+63616134633930303836663736613938346331353834653135373030366631383137333061666563
+633237346234376434313763626130626536

roles/goldentooth.install_argocd/defaults/main.yaml

@@ -7,13 +7,6 @@ argocd_chart_repo_url: 'https://argoproj.github.io/argo-helm'
 # Argo CD default domain.
 argocd_domain: 'argocd.{{ cluster.fqdn }}'
 
-# Argo CD Repositories.
-argocd_repositories:
-  gitops:
-    type: 'git'
-    name: 'gitops'
-    url: "https://github.com/{{ cluster.name }}/gitops.git"
-
 argocd_release_values:
   nameOverride: 'argocd'
   global:
@@ -31,7 +24,6 @@ argocd_release_values:
     secret:
       createSecret: true
       argocdServerAdminPassword: "{{ argocd_password }}"
-    repositories: "{{ argocd_repositories }}"
 
   redis-ha:
     # Enable Redis high availability.
@@ -47,7 +39,7 @@ argocd_release_values:
     extraArgs:
       - '--insecure'
     service:
-      type: 'ClusterIP'
+      type: 'LoadBalancer'
 
   repoServer:
     autoscaling:

roles/goldentooth.install_argocd/tasks/main.yaml

@@ -10,10 +10,24 @@
 
 - name: 'Install the Argo CD command-line interface.'
   ansible.builtin.get_url:
-    url: 'https://github.com/argoproj/argo-cd/releases/download/v2.8.6/argocd-linux-arm64'
+    url: 'https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-arm64'
     dest: '/usr/local/bin/argocd'
     mode: '0555'
 
+- name: 'Create a Kubernetes secret for the GitHub token.'
+  kubernetes.core.k8s:
+    state: 'present'
+    definition:
+      apiVersion: 'v1'
+      kind: 'Secret'
+      metadata:
+        name: 'github-token'
+        namespace: 'argocd'
+      type: 'Opaque'
+      data:
+        token: "{{ vault.github_token | b64encode }}"
+  run_once: true
+
 - name: 'Install Argo CD from Helm chart.'
   kubernetes.core.helm:
     atomic: true

roles/goldentooth.install_argocd_apps/defaults/main.yaml

@@ -19,3 +19,5 @@ argocd_default_project_options:
 argocd_generic_projects:
   - name: 'prometheus-node-exporter'
     description: 'Prometheus Node Exporter'
+  - name: 'httpbin'
+    description: 'HTTPBin'

roles/goldentooth.install_argocd_apps/tasks/app_projects/gitops_repo.yaml

@@ -0,0 +1,25 @@
+---
+- name: 'Create "GitOps Repo" project.'
+  kubernetes.core.k8s:
+    state: 'present'
+    definition:
+      apiVersion: 'argoproj.io/v1alpha1'
+      kind: 'AppProject'
+      metadata:
+        name: 'gitops-repo'
+        namespace: 'argocd'
+        finalizers:
+          - 'resources-finalizer.argocd.argoproj.io'
+      spec:
+        description: 'GoldenTooth GitOps-Repo project'
+        sourceRepos:
+          - '*'
+        destinations:
+          - namespace: '!kube-system'
+            server: '*'
+          - namespace: '*'
+            server: '*'
+        clusterResourceWhitelist:
+          - group: '*'
+            kind: '*'
+  run_once: true

roles/goldentooth.install_argocd_apps/tasks/application_sets/gitops_repo.yaml

@@ -0,0 +1,50 @@
+---
+- name: 'Create a Kubernetes secret for the GitHub token.'
+  kubernetes.core.k8s:
+    state: 'present'
+    definition:
+      apiVersion: 'v1'
+      kind: 'Secret'
+      metadata:
+        name: 'github-token'
+        namespace: 'argocd'
+      type: 'Opaque'
+      data:
+        token: "{{ vault.github_token | b64encode }}"
+  run_once: true
+
+- name: 'Create the "GitOps Repo" ApplicationSet.'
+  kubernetes.core.k8s:
+    state: 'present'
+    definition:
+      apiVersion: 'argoproj.io/v1alpha1'
+      kind: 'ApplicationSet'
+      metadata:
+        name: 'gitops-repo'
+        namespace: 'argocd'
+      spec:
+        goTemplate: true
+        goTemplateOptions: ["missingkey=error"]
+        generators:
+          - scmProvider:
+              cloneProtocol: 'https'
+              github:
+                organization: "{{ cluster.name }}"
+                tokenRef:
+                  secretName: 'github-token'
+                  key: 'token'
+              filters:
+                - labelMatch: 'gitops-repo'
+        template:
+          metadata:
+            name: "gitops-repo-{{ '{{' }} .repository {{ '}}' }}"
+          spec:
+            source:
+              repoURL: "{{ '{{' }} .url {{ '}}' }}"
+              targetRevision: "{{ '{{' }} .branch {{ '}}' }}"
+              path: './'
+            project: 'gitops-repo'
+            destination:
+              server: https://kubernetes.default.svc
+              namespace: "{{ '{{' }} .repository {{ '}}' }}"
+  run_once: true

roles/goldentooth.install_argocd_apps/tasks/applications/httpbin.yaml

@@ -0,0 +1,39 @@
+---
+- name: 'Create "HTTPBin" application.'
+  kubernetes.core.k8s:
+    state: 'present'
+    definition:
+      apiVersion: 'argoproj.io/v1alpha1'
+      kind: 'Application'
+      metadata:
+        name: 'httpbin'
+        namespace: 'argocd'
+        labels:
+          name: 'httpbin'
+          managed-by: 'argocd'
+      spec:
+        project: 'httpbin'
+        source:
+          repoURL: 'https://matheusfm.dev/charts'
+          chart: 'httpbin'
+          targetRevision: '0.1.1'
+          helm:
+            releaseName: 'httpbin'
+            valuesObject:
+              service:
+                type: 'LoadBalancer'
+        destination:
+          server: 'https://kubernetes.default.svc'
+          namespace: 'httpbin'
+        syncPolicy:
+          automated:
+            prune: true
+            selfHeal: true
+          syncOptions:
+            - Validate=true
+            - CreateNamespace=true
+            - PrunePropagationPolicy=foreground
+            - PruneLast=true
+            - RespectIgnoreDifferences=true
+            - ApplyOutOfSyncOnly=true
+  run_once: true

roles/goldentooth.install_argocd_apps/tasks/main.yaml

@@ -4,19 +4,22 @@
   loop:
     - 'app_projects/incubator.yaml'
     - 'app_projects/generic.yaml'
+    - 'app_projects/gitops_repo.yaml'
   loop_control:
     loop_var: 'project_file'
 
 - name: 'Create Argo CD Application resources.'
   ansible.builtin.include_tasks: "{{ application_file }}"
   loop:
+    - 'applications/httpbin.yaml'
     - 'applications/incubator.yaml'
     - 'applications/prometheus_node_exporter.yaml'
   loop_control:
     loop_var: 'application_file'
 
 - name: 'Create Argo CD ApplicationSet resources.'
   ansible.builtin.include_tasks: "{{ application_set_file }}"
-  loop: []
+  loop:
+    - 'application_sets/gitops_repo.yaml'
   loop_control:
     loop_var: 'application_set_file'