Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(TPLAT-339): added argocd applicationSet bootstrap #2

Merged
merged 1 commit into from
Sep 14, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 19 additions & 0 deletions .terraform.lock.hcl

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

118 changes: 83 additions & 35 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,42 +1,90 @@
# terraform-module-template

A template repository to provide a basic setup for Terraform modules.

## Module structure

The module structure is based on the [Terraform module documentation](https://www.terraform.io/docs/modules/index.html#standard-module-structure). The following tree shows the structure of the module.

```txt
├── .gitignore
├── LICENSE
├── README.md
├── docs
│ └── README.md
├── examples
│ ├── complete
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ ├── variables.tf
│ │ └── versions.tf
│ ├── minimal
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ ├── variables.tf
│ │ └── versions.tf
├── main.tf
├── outputs.tf
├── variables.tf
└── versions.tf
# ArgoCD Application Set

This module creates an applicationSet in an ArgoCD instance.

## Config schema for ApplicationSet

Required fields:

```yaml
values: |
# Here you can define the values for the chart
```

Optional fields:

```yaml
namespace_overwrite: <namespace> # e.g. default (default: generated based on the project name + git folder name). Must be set if more than one environment is deployed in the same cluster.
chart:
repo: <chart_repo_url> # e.g. registry.hub.docker.com/tagesspiegel
name: <chart_name> # e.g. background
version: <chart_version> # e.g. 1.0.0
release_name: <chart_release_name> # e.g. background-develop
```

## Working with this template
## Usage

```hcl
provider "argocd" {
server_addr = "argo.example.com"
auth_token = "my-token"
grpc_web = true
}

module "namespace-management" {
source = "tagesspiegel/application-set/argocd"
version = "1.0.0"
# insert the required variable here
}
```

## Cluster selection

The cluster selection is based on the ``

<!-- BEGIN_TF_DOCS -->
## Requirements

| Name | Version |
|------|---------|
| <a name="requirement_argocd"></a> [argocd](#requirement\_argocd) | 6.0.1 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_argocd"></a> [argocd](#provider\_argocd) | 6.0.1 |

## Modules

No modules.

## Resources

In order to use this template, you can use the GitHub template feature. This will create a new repository based on this template. After that, you can clone the repository and start working on it.
| Name | Type |
|------|------|
| [argocd_application_set.this](https://registry.terraform.io/providers/oboukili/argocd/6.0.1/docs/resources/application_set) | resource |

### Creating a new repository based on this template
## Inputs

To get started with this template, you have to navigate https://github.com/new and select the Tagesspiegel organization. After that, you can select the `terraform-module-template` repository, enter a name for your new repository and click on `Create repository`. Please note that you have to define a name for your new repository that is not already taken and follows the naming conventions (`terraform-<provider>-<name>`).
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_annotations"></a> [annotations](#input\_annotations) | Annotations to apply to the application set | `map(string)` | `{}` | no |
| <a name="input_generator"></a> [generator](#input\_generator) | The generator configuration. Only one generator can be used at a time. | <pre>object({<br> git = optional(object({<br> repo_url = string<br> revision = string<br> files = optional(list(string))<br> directories = optional(list(object({<br> path = string<br> exclude = bool<br> })))<br> }))<br> pull_request = optional(list(object({<br> requeue_after_seconds = number<br> repo = string<br> labels = list(string)<br> })))<br> })</pre> | n/a | yes |
| <a name="input_generator_segment_index_overwrite"></a> [generator\_segment\_index\_overwrite](#input\_generator\_segment\_index\_overwrite) | Optional generator setting to override the index path segment during path selection. This option should only be set if generator.git.directories is used. Otherwise it should be left empty as it may affect the behavior. If this option is set in combination with generator.git.directories and your repository contains the cluster folder name in its root directory, this option should be set to 0. In all other cases, this option should reflect the index segment level to the directory corresponding to the cluster name. | `number` | `null` | no |
| <a name="input_labels"></a> [labels](#input\_labels) | Labels to apply to the application set | `map(string)` | `{}` | no |
| <a name="input_manifest_source"></a> [manifest\_source](#input\_manifest\_source) | n/a | <pre>object({<br> helm = optional(object({<br> chart = string<br> repo_url = string<br> target_revision = string<br> release_name = string<br> }))<br> directory = optional(object({<br> repo = object({<br> url = string<br> revision = string<br> path = string<br> })<br> glob_path = optional(string)<br> }))<br> })</pre> | n/a | yes |
| <a name="input_name"></a> [name](#input\_name) | The name of the application set | `string` | n/a | yes |
| <a name="input_namespace"></a> [namespace](#input\_namespace) | The namespace the application set should be deployed to. | `string` | `"argo-system"` | no |
| <a name="input_namespace_annotations"></a> [namespace\_annotations](#input\_namespace\_annotations) | Annotations to apply to the namespace. Only used if create\_namespace is set to true. | `map(string)` | `{}` | no |
| <a name="input_namespace_labels"></a> [namespace\_labels](#input\_namespace\_labels) | Labels to apply to the namespace. Only used if sync\_options.* CreateNamespace=true is set. | `map(string)` | `{}` | no |
| <a name="input_project_name"></a> [project\_name](#input\_project\_name) | The name of the ArgoCD project to use for this application set. If not set, this application set is special. Special application sets are managed by the platform team and therefore the ArgoCD project reference is handled differently to normal application sets. A major difference is that the ArgoCD project is not statically defined as reference but dynamically via the config directory name. | `string` | n/a | yes |
| <a name="input_sync_options"></a> [sync\_options](#input\_sync\_options) | The sync options to use | `list(string)` | <pre>[<br> "Validate=false",<br> "ApplyOutOfSyncOnly=true",<br> "CreateNamespace=true"<br>]</pre> | no |
| <a name="input_sync_policy"></a> [sync\_policy](#input\_sync\_policy) | ArgoCD sync policy configuration | <pre>object({<br> prune = bool<br> self_heal = bool<br> allow_empty = bool<br> })</pre> | `null` | no |
| <a name="input_sync_retries"></a> [sync\_retries](#input\_sync\_retries) | The retry configuration for the sync policy | <pre>object({<br> duration = string<br> max_duration = string<br> factor = number<br> limit = number<br> })</pre> | <pre>{<br> "duration": "30s",<br> "factor": 2,<br> "limit": 5,<br> "max_duration": "2m"<br>}</pre> | no |
| <a name="input_target_namespace_overwrite"></a> [target\_namespace\_overwrite](#input\_target\_namespace\_overwrite) | The target namespace to use. If not set, the namespace is derived from the application set and git folder name. | `string` | `""` | no |

![Create GitHub repository based on template](docs/github_create_repository.png)
## Outputs

If everything worked as expected, you should now have a new repository based on this template. You can now clone the repository and start working on it.
No outputs.
<!-- END_TF_DOCS -->
Binary file removed docs/github_create_repository.png
Binary file not shown.
151 changes: 151 additions & 0 deletions main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,151 @@
locals {
generator_selector = var.generator_segment_index_overwrite == null ? ".path.basenameNormalized" : "(index .path.segments ${var.generator_segment_index_overwrite})"
}

resource "argocd_application_set" "this" {
metadata {
name = "${var.project_name}-${var.name}"
namespace = var.namespace
}

spec {
go_template = true

generator {
// if the git block is not null, then we want to add it to the generator
dynamic "git" {
for_each = var.generator.git != null ? [var.generator.git] : []
content {
repo_url = var.generator.git.repo_url
revision = var.generator.git.revision
dynamic "file" {
for_each = var.generator.git.files != null ? var.generator.git.files : []
content {
path = file.value
}
}
dynamic "directory" {
for_each = var.generator.git.directories != null ? var.generator.git.directories : []
content {
path = directory.value.path
exclude = directory.value.exclude
}
}
}
}

// if the github block is not null, then we want to add it to the generator
dynamic "pull_request" {
for_each = var.generator.pull_request != null ? var.generator.pull_request : []
content {
requeue_after_seconds = pull_request.value.requeue_after_seconds
github {
owner = "urbanmedia"
repo = pull_request.value.repo
labels = pull_request.value.labels
}
}
}
}

template {
metadata {
// application names are in the format: <name>-<cluster>
// e.g. prometheus-staging
name = "${var.name}-{{ ${local.generator_selector} }}"
annotations = merge(
var.annotations,
{
"managed-by" = "argo-cd",
"application-set" = var.name
},
)
labels = merge(
var.labels,
{
"managed-by" = "argo-cd",
"application-set" = var.name
},
)
}

spec {
project = var.project_name

// TODO(@tagesspiegel/platform-engineers): We want to add the sync block here so we can support progressive syncs
// See: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Progressive-Syncs/

dynamic "source" {
for_each = var.manifest_source.helm != null ? ["abc"] : []
content {
chart = "{{ default \"${var.manifest_source.helm.chart}\" .chart.name }}"
repo_url = "{{ default \"${var.manifest_source.helm.repo_url}\" .chart.repo }}"
target_revision = "{{ default \"${var.manifest_source.helm.target_revision}\" .chart.version }}"
helm {
release_name = "{{ default \"${var.manifest_source.helm.release_name}\" .chart.release_name }}"
values = "{{ .values }}"
}
}
}
dynamic "source" {
for_each = var.manifest_source.directory != null ? ["abc"] : []
content {
repo_url = var.manifest_source.directory.repo.url
target_revision = var.manifest_source.directory.repo.revision
path = var.manifest_source.directory.repo.path
directory {
include = var.manifest_source.directory.glob_path
recurse = true
}
}
}

destination {
name = "{{ if (eq ${local.generator_selector} \"general-purpose\") }}in-cluster{{ else }}{{ ${local.generator_selector} }}{{ end }}"
// if the target_namespace_overwrite is not empty, then we want to use it as the namespace
// (e.g. ingress-controllers (assuming "ingress-controllers" is the target_namespace_overwrite))
// otherwise we check if the configuration provided by the developer has a namespace_overwrite
// if the namespace_overwrite is not set, then we use the namespace based on the project name and git folder name
// (e.g. background-staging (assuming "background" is the project and "staging" the folder name))
// otherwise we use the namespace_overwrite provided by the developer
// (e.g. background-staging-v2 (assuming "background" is the project and "staging-v2" the namespace_overwrite))
namespace = var.target_namespace_overwrite != "" ? var.target_namespace_overwrite : "{{ if not .namespace_overwrite }}${var.project_name}-{{ ${local.generator_selector} }}{{ else }}${var.project_name}-{{ .namespace_overwrite }}{{ end }}"
}
sync_policy {
dynamic "automated" {
for_each = var.sync_policy != null ? [var.sync_policy] : []
content {
prune = var.sync_policy.automated.prune
self_heal = var.sync_policy.automated.self_heal
allow_empty = var.sync_policy.automated.allow_empty
}
}
managed_namespace_metadata {
annotations = merge(
var.namespace_annotations,
{
"managed-by" = "argo-cd"
},
)
labels = merge(
var.namespace_labels,
{
"managed-by" = "argo-cd"
},
)
}
# Only available from ArgoCD 1.5.0 onwards
sync_options = var.sync_options
retry {
limit = var.sync_retries.limit
backoff {
duration = var.sync_retries.duration
max_duration = var.sync_retries.max_duration
factor = var.sync_retries.factor
}
}
}
}
}
}
}
Empty file removed outputs.tf
Empty file.
Loading