Skip to content

Commit

Permalink
feat(TPLAT-339): added argocd applicationSet bootstrap (#2)
Browse files Browse the repository at this point in the history
# Description

We created this module to create applicationSets in ArgoCD.

Ticket: TPLAT-339

## Checklist

- [x] My code follows the style guidelines of this project
- [x] I have performed a self-review of my own code
- [x] I have commented my code, particularly in hard-to-understand areas
- [x] I have made corresponding changes to the documentation
- [x] My changes generate no new warnings

Signed-off-by: tom-hauschke <[email protected]>
Co-authored-by: leonsteinhaeuser <[email protected]>
  • Loading branch information
tom-hauschke and leonsteinhaeuser authored Sep 14, 2023
1 parent 92bab09 commit 0f99ff3
Show file tree
Hide file tree
Showing 7 changed files with 408 additions and 37 deletions.
19 changes: 19 additions & 0 deletions .terraform.lock.hcl

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

118 changes: 83 additions & 35 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,42 +1,90 @@
# terraform-module-template

A template repository to provide a basic setup for Terraform modules.

## Module structure

The module structure is based on the [Terraform module documentation](https://www.terraform.io/docs/modules/index.html#standard-module-structure). The following tree shows the structure of the module.

```txt
├── .gitignore
├── LICENSE
├── README.md
├── docs
│ └── README.md
├── examples
│ ├── complete
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ ├── variables.tf
│ │ └── versions.tf
│ ├── minimal
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ ├── variables.tf
│ │ └── versions.tf
├── main.tf
├── outputs.tf
├── variables.tf
└── versions.tf
# ArgoCD Application Set

This module creates an applicationSet in an ArgoCD instance.

## Config schema for ApplicationSet

Required fields:

```yaml
values: |
# Here you can define the values for the chart
```
Optional fields:
```yaml
namespace_overwrite: <namespace> # e.g. default (default: generated based on the project name + git folder name). Must be set if more than one environment is deployed in the same cluster.
chart:
repo: <chart_repo_url> # e.g. registry.hub.docker.com/tagesspiegel
name: <chart_name> # e.g. background
version: <chart_version> # e.g. 1.0.0
release_name: <chart_release_name> # e.g. background-develop
```
## Working with this template
## Usage
```hcl
provider "argocd" {
server_addr = "argo.example.com"
auth_token = "my-token"
grpc_web = true
}

module "namespace-management" {
source = "tagesspiegel/application-set/argocd"
version = "1.0.0"
# insert the required variable here
}
```

## Cluster selection

The cluster selection is based on the ``

<!-- BEGIN_TF_DOCS -->
## Requirements

| Name | Version |
|------|---------|
| <a name="requirement_argocd"></a> [argocd](#requirement\_argocd) | 6.0.1 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_argocd"></a> [argocd](#provider\_argocd) | 6.0.1 |

## Modules

No modules.

## Resources

In order to use this template, you can use the GitHub template feature. This will create a new repository based on this template. After that, you can clone the repository and start working on it.
| Name | Type |
|------|------|
| [argocd_application_set.this](https://registry.terraform.io/providers/oboukili/argocd/6.0.1/docs/resources/application_set) | resource |

### Creating a new repository based on this template
## Inputs

To get started with this template, you have to navigate https://github.com/new and select the Tagesspiegel organization. After that, you can select the `terraform-module-template` repository, enter a name for your new repository and click on `Create repository`. Please note that you have to define a name for your new repository that is not already taken and follows the naming conventions (`terraform-<provider>-<name>`).
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_annotations"></a> [annotations](#input\_annotations) | Annotations to apply to the application set | `map(string)` | `{}` | no |
| <a name="input_generator"></a> [generator](#input\_generator) | The generator configuration. Only one generator can be used at a time. | <pre>object({<br> git = optional(object({<br> repo_url = string<br> revision = string<br> files = optional(list(string))<br> directories = optional(list(object({<br> path = string<br> exclude = bool<br> })))<br> }))<br> pull_request = optional(list(object({<br> requeue_after_seconds = number<br> repo = string<br> labels = list(string)<br> })))<br> })</pre> | n/a | yes |
| <a name="input_generator_segment_index_overwrite"></a> [generator\_segment\_index\_overwrite](#input\_generator\_segment\_index\_overwrite) | Optional generator setting to override the index path segment during path selection. This option should only be set if generator.git.directories is used. Otherwise it should be left empty as it may affect the behavior. If this option is set in combination with generator.git.directories and your repository contains the cluster folder name in its root directory, this option should be set to 0. In all other cases, this option should reflect the index segment level to the directory corresponding to the cluster name. | `number` | `null` | no |
| <a name="input_labels"></a> [labels](#input\_labels) | Labels to apply to the application set | `map(string)` | `{}` | no |
| <a name="input_manifest_source"></a> [manifest\_source](#input\_manifest\_source) | n/a | <pre>object({<br> helm = optional(object({<br> chart = string<br> repo_url = string<br> target_revision = string<br> release_name = string<br> }))<br> directory = optional(object({<br> repo = object({<br> url = string<br> revision = string<br> path = string<br> })<br> glob_path = optional(string)<br> }))<br> })</pre> | n/a | yes |
| <a name="input_name"></a> [name](#input\_name) | The name of the application set | `string` | n/a | yes |
| <a name="input_namespace"></a> [namespace](#input\_namespace) | The namespace the application set should be deployed to. | `string` | `"argo-system"` | no |
| <a name="input_namespace_annotations"></a> [namespace\_annotations](#input\_namespace\_annotations) | Annotations to apply to the namespace. Only used if create\_namespace is set to true. | `map(string)` | `{}` | no |
| <a name="input_namespace_labels"></a> [namespace\_labels](#input\_namespace\_labels) | Labels to apply to the namespace. Only used if sync\_options.* CreateNamespace=true is set. | `map(string)` | `{}` | no |
| <a name="input_project_name"></a> [project\_name](#input\_project\_name) | The name of the ArgoCD project to use for this application set. If not set, this application set is special. Special application sets are managed by the platform team and therefore the ArgoCD project reference is handled differently to normal application sets. A major difference is that the ArgoCD project is not statically defined as reference but dynamically via the config directory name. | `string` | n/a | yes |
| <a name="input_sync_options"></a> [sync\_options](#input\_sync\_options) | The sync options to use | `list(string)` | <pre>[<br> "Validate=false",<br> "ApplyOutOfSyncOnly=true",<br> "CreateNamespace=true"<br>]</pre> | no |
| <a name="input_sync_policy"></a> [sync\_policy](#input\_sync\_policy) | ArgoCD sync policy configuration | <pre>object({<br> prune = bool<br> self_heal = bool<br> allow_empty = bool<br> })</pre> | `null` | no |
| <a name="input_sync_retries"></a> [sync\_retries](#input\_sync\_retries) | The retry configuration for the sync policy | <pre>object({<br> duration = string<br> max_duration = string<br> factor = number<br> limit = number<br> })</pre> | <pre>{<br> "duration": "30s",<br> "factor": 2,<br> "limit": 5,<br> "max_duration": "2m"<br>}</pre> | no |
| <a name="input_target_namespace_overwrite"></a> [target\_namespace\_overwrite](#input\_target\_namespace\_overwrite) | The target namespace to use. If not set, the namespace is derived from the application set and git folder name. | `string` | `""` | no |

![Create GitHub repository based on template](docs/github_create_repository.png)
## Outputs

If everything worked as expected, you should now have a new repository based on this template. You can now clone the repository and start working on it.
No outputs.
<!-- END_TF_DOCS -->
Binary file removed docs/github_create_repository.png
Binary file not shown.
151 changes: 151 additions & 0 deletions main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,151 @@
locals {
generator_selector = var.generator_segment_index_overwrite == null ? ".path.basenameNormalized" : "(index .path.segments ${var.generator_segment_index_overwrite})"
}

resource "argocd_application_set" "this" {
metadata {
name = "${var.project_name}-${var.name}"
namespace = var.namespace
}

spec {
go_template = true

generator {
// if the git block is not null, then we want to add it to the generator
dynamic "git" {
for_each = var.generator.git != null ? [var.generator.git] : []
content {
repo_url = var.generator.git.repo_url
revision = var.generator.git.revision
dynamic "file" {
for_each = var.generator.git.files != null ? var.generator.git.files : []
content {
path = file.value
}
}
dynamic "directory" {
for_each = var.generator.git.directories != null ? var.generator.git.directories : []
content {
path = directory.value.path
exclude = directory.value.exclude
}
}
}
}

// if the github block is not null, then we want to add it to the generator
dynamic "pull_request" {
for_each = var.generator.pull_request != null ? var.generator.pull_request : []
content {
requeue_after_seconds = pull_request.value.requeue_after_seconds
github {
owner = "urbanmedia"
repo = pull_request.value.repo
labels = pull_request.value.labels
}
}
}
}

template {
metadata {
// application names are in the format: <name>-<cluster>
// e.g. prometheus-staging
name = "${var.name}-{{ ${local.generator_selector} }}"
annotations = merge(
var.annotations,
{
"managed-by" = "argo-cd",
"application-set" = var.name
},
)
labels = merge(
var.labels,
{
"managed-by" = "argo-cd",
"application-set" = var.name
},
)
}

spec {
project = var.project_name

// TODO(@tagesspiegel/platform-engineers): We want to add the sync block here so we can support progressive syncs
// See: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Progressive-Syncs/

dynamic "source" {
for_each = var.manifest_source.helm != null ? ["abc"] : []
content {
chart = "{{ default \"${var.manifest_source.helm.chart}\" .chart.name }}"
repo_url = "{{ default \"${var.manifest_source.helm.repo_url}\" .chart.repo }}"
target_revision = "{{ default \"${var.manifest_source.helm.target_revision}\" .chart.version }}"
helm {
release_name = "{{ default \"${var.manifest_source.helm.release_name}\" .chart.release_name }}"
values = "{{ .values }}"
}
}
}
dynamic "source" {
for_each = var.manifest_source.directory != null ? ["abc"] : []
content {
repo_url = var.manifest_source.directory.repo.url
target_revision = var.manifest_source.directory.repo.revision
path = var.manifest_source.directory.repo.path
directory {
include = var.manifest_source.directory.glob_path
recurse = true
}
}
}

destination {
name = "{{ if (eq ${local.generator_selector} \"general-purpose\") }}in-cluster{{ else }}{{ ${local.generator_selector} }}{{ end }}"
// if the target_namespace_overwrite is not empty, then we want to use it as the namespace
// (e.g. ingress-controllers (assuming "ingress-controllers" is the target_namespace_overwrite))
// otherwise we check if the configuration provided by the developer has a namespace_overwrite
// if the namespace_overwrite is not set, then we use the namespace based on the project name and git folder name
// (e.g. background-staging (assuming "background" is the project and "staging" the folder name))
// otherwise we use the namespace_overwrite provided by the developer
// (e.g. background-staging-v2 (assuming "background" is the project and "staging-v2" the namespace_overwrite))
namespace = var.target_namespace_overwrite != "" ? var.target_namespace_overwrite : "{{ if not .namespace_overwrite }}${var.project_name}-{{ ${local.generator_selector} }}{{ else }}${var.project_name}-{{ .namespace_overwrite }}{{ end }}"
}
sync_policy {
dynamic "automated" {
for_each = var.sync_policy != null ? [var.sync_policy] : []
content {
prune = var.sync_policy.automated.prune
self_heal = var.sync_policy.automated.self_heal
allow_empty = var.sync_policy.automated.allow_empty
}
}
managed_namespace_metadata {
annotations = merge(
var.namespace_annotations,
{
"managed-by" = "argo-cd"
},
)
labels = merge(
var.namespace_labels,
{
"managed-by" = "argo-cd"
},
)
}
# Only available from ArgoCD 1.5.0 onwards
sync_options = var.sync_options
retry {
limit = var.sync_retries.limit
backoff {
duration = var.sync_retries.duration
max_duration = var.sync_retries.max_duration
factor = var.sync_retries.factor
}
}
}
}
}
}
}
Empty file removed outputs.tf
Empty file.
Loading

0 comments on commit 0f99ff3

Please sign in to comment.