Simplifies the deployment and management of ArgoCD on a Kubernetes cluster.
New in v1.0.0:
- No longer relies on the
banzaicloud/k8sprovider. - Can be deployed alongside any ingress controller.
- Deployable without SSL (if you're into that kind of thing...)
- This module no longer relies on external modules.
If you're currently on version v0.0.5 or older the following steps need to be followed to prevent potential disruption. The following steps assume the root ArgoCD module was created with the name my_argocd
# Import the ArgoCD CRDs
terraform import -var-file=secrets.tfvars 'module.my_argocd.kubernetes_manifest.app_projects' "apiVersion=apiextensions.k8s.io/v1,kind=CustomResourceDefinition,name=appprojects.argoproj.io"
terraform import -var-file=secrets.tfvars 'module.my_argocd.kubernetes_manifest.applications' "apiVersion=apiextensions.k8s.io/v1,kind=CustomResourceDefinition,name=applications.argoproj.io"
# Delete the old ArgoCD CRD references from the statefile
terraform state rm 'module.my_argocd.k8s_manifest.app_projects'
terraform state rm 'module.my_argocd.k8s_manifest.applications'
# Lastly, run a Terraform apply to make sure the states are synced up.
terraform apply -var-file secrets.tfvarsmodule "argocd" {
source = "project-octal/argocd/kubernetes"
version = "1.0.0"
namespace = "kube-argocd"
argocd_server_replicas = 2
argocd_repo_replicas = 2
enable_dex = false
ingress_enabled = true
ingress_host = "argocd.arroyo.turnbros.app"
ingress_path = "/"
ingress_class_name = module.traefik.ingress_class
ingress_annotations = {
"traefik.ingress.kubernetes.io/router.entrypoints" : "websecure"
"traefik.ingress.kubernetes.io/router.tls" : "true"
}
ingress_cert_issuer_annotation = {
"cert-manager.io/cluster-issuer" : module.cert_manager.cert_issuer
}
argocd_server_requests = {
cpu = "300m"
memory = "256Mi"
}
argocd_server_limits = {
cpu = "600m"
memory = "512Mi"
}
repo_server_exec_timeout = "300"
argocd_repo_requests = {
cpu = "300m"
memory = "256Mi"
}
argocd_repo_limits = {
cpu = "600m"
memory = "512Mi"
}
argocd_repositories = [
{
name = "Helm-Main"
type = "helm"
url = "https://charts.helm.sh/stable"
}
]
oidc_config = {
name = var.argocd_oidc_name
issuer = var.argocd_oidc_issuer
client_id = var.argocd_oidc_client_id
client_secret = var.argocd_oidc_client_secret
requested_scopes = var.argocd_oidc_requested_scopes
requested_id_token_claims = var.argocd_oidc_requested_id_token_claims
}
}
| Name | Version |
|---|---|
| terraform | >= 0.14, < 2.0.0 |
| kubernetes | >= 2.8.0 |
| Name | Version |
|---|---|
| kubernetes | 2.8.0 |
| Name | Source | Version |
|---|---|---|
| argocd_application_controller | ./argocd-application-controller | n/a |
| argocd_dex | ./argocd-dex | n/a |
| argocd_redis | ./argocd-redis | n/a |
| argocd_repo_server | ./argocd-repo-server | n/a |
| argocd_server | ./argocd-server | n/a |
| Name | Type |
|---|---|
| kubernetes_config_map.argocd_cm | resource |
| kubernetes_config_map.argocd_gpg_keys_cm | resource |
| kubernetes_config_map.argocd_rbac_cm | resource |
| kubernetes_config_map.argocd_redis_ha_configmap | resource |
| kubernetes_config_map.argocd_ssh_known_hosts_cm | resource |
| kubernetes_config_map.argocd_tls_certs_cm | resource |
| kubernetes_manifest.app_projects | resource |
| kubernetes_manifest.applications | resource |
| kubernetes_namespace.argocd_namespace | resource |
| kubernetes_secret.argocd_secret | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| argocd_git_repositories | A list of credentials that ArgoCD will use when pulling from configured repositories. | list(map(any)) |
[] |
no |
| argocd_image_name | The image to use when deploying ArgoCD | string |
"argoproj/argocd" |
no |
| argocd_image_repository | The image repository to use when pulling images. | string |
"docker.io" |
no |
| argocd_image_tag | The version of ArgoCD to deploy. | string |
"v2.2.2" |
no |
| argocd_repo_limits | n/a | object({ |
{ |
no |
| argocd_repo_replicas | ##################################### # ArgoCD Repo Server Configuration ## ##################################### | number |
2 |
no |
| argocd_repo_requests | n/a | object({ |
{ |
no |
| argocd_repositories | A list of repositories that ArgoCD might pull from. | list(map(any)) |
[] |
no |
| argocd_repository_credentials | A list of repositories that ArgoCD might pull from. | list(map(any)) |
[] |
no |
| argocd_server_limits | n/a | object({ |
{ |
no |
| argocd_server_replicas | #################################### # ArgoCD App Server Configuration ## #################################### | number |
2 |
no |
| argocd_server_requests | n/a | object({ |
{ |
no |
| dex_image_name | The name of the Dex image to use | string |
"dexidp/dex" |
no |
| dex_image_repository | The repository that the dex image will be obtained from | string |
"docker.io" |
no |
| dex_image_tag | The version of the Dex Docker image to deploy. | string |
"2.30.0" |
no |
| enable_anonymous_access | Enables anonymous user access. The anonymous users get default role permissions specified argocd-rbac-cm.yaml. | bool |
false |
no |
| enable_dex | Determines whether or not to deploy Dex alongside ArgoCD | bool |
true |
no |
| enable_ha_redis | n/a | bool |
false |
no |
| enable_status_badge | Enables application status badge feature | bool |
false |
no |
| haproxy_image_name | n/a | string |
"haproxy" |
no |
| haproxy_image_repository | n/a | string |
"docker.io" |
no |
| haproxy_image_tag | Defines which docker image tag to use for HAProxy | string |
"2.4.8-alpine" |
no |
| helm_chat_text | The text for getting chat help | string |
"Chat now!" |
no |
| help_chat_url | The URL for getting chat help, this will typically be your Slack channel for support | string |
null |
no |
| image_pull_policy | Determines when the image should be pulled prior to starting the container. Always: Always pull the image. | IfNotPresent: Only pull the image if it does not already exist on the node. | Never: Never pull the image |
string |
"Always" |
no |
| ingress_annotations | A map of annotations to add to the ingress resource | map(string) |
{} |
no |
| ingress_cert_issuer_annotation | The cluster certificate issuer to use when creating a TLS certificate for the ingress. needs to be set here so the tls block is defined on the ingress resource. | map(string) |
{} |
no |
| ingress_class_name | The ingress class that the ArgoCD ingress record should reference. | string |
null |
no |
| ingress_enabled | If set to true an ingress route will be created for ArgoCD |
bool |
true |
no |
| ingress_host | Argo CD's externally facing host. Required when configuring SSO | string |
null |
no |
| ingress_path | A string or an extended POSIX regular expression as defined by IEEE Std 1003.1 | string |
"/" |
no |
| labels | Extra Kubernetes labels to include with the resources created by this module | map(string) |
{} |
no |
| namespace | The namespace this ArgoCD deployment will reside in. | string |
"argocd" |
no |
| namespace_annotations | Additional ArgoCD namespace annotations (e.g. for linkerd.io/inject: enabled for mesh things) |
map(string) |
{} |
no |
| oidc_config | OIDC authorization provider settings. For more information please refer to: https://argoproj.github.io/argo-cd/operator-manual/user-management/#existing-oidc-provider | object({ |
null |
no |
| oidc_group_claim | The name of the claim that contains the list of groups a user belongs to | string |
null |
no |
| pod_affinity_topology_key | n/a | string |
"topology.kubernetes.io/zone" |
no |
| redis_image_name | n/a | string |
"redis" |
no |
| redis_image_repository | n/a | string |
"docker.io" |
no |
| redis_image_tag | The version of the Redis Docker image to deploy. | string |
"6.2.6-alpine" |
no |
| repo_server_exec_timeout | n/a | string |
"300s" |
no |
| repository_credentials | A list of git repositories that ArgoCD will be configured to use. | list(map(any)) |
[] |
no |
| Name | Description |
|---|---|
| namespace | n/a |