fix(argo): handle sensitive values correctly

Signed-off-by: Michele Palazzi <sysdadmin@m1k.cloud>
ironashram · Dec 8, 2024 · a926d2f · a926d2f
1 parent 4092bb8
commit a926d2f
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 48 deletions.
diff --git a/terraform/modules/apps/argocd.tf b/terraform/modules/apps/argocd.tf
@@ -14,7 +14,47 @@ resource "helm_release" "argocd" {
 
   max_history = 0
 
-  values = [<<EOF
+  values = [data.template_file.argocd_values.rendered]
+
+  set_sensitive {
+    name  = "configs.secret.argocdServerAdminPassword"
+    value = var.argocd_admin_password
+  }
+
+  set_sensitive {
+    name  = "configs.repositories.${terraform.workspace}.name"
+    value = var.git_repo_name
+  }
+
+  set_sensitive {
+    name  = "configs.repositories.${terraform.workspace}.url"
+    value = var.git_repo
+  }
+
+  set_sensitive {
+    name  = "configs.repositories.${terraform.workspace}.username"
+    value = var.git_user
+  }
+
+  set_sensitive {
+    name  = "configs.repositories.${terraform.workspace}.password"
+    value = var.git_token
+  }
+
+  set {
+    name  = "configs.repositories.${terraform.workspace}.type"
+    value = "git"
+  }
+}
+
+/****************
+  ArgoCD values
+****************/
+
+data "template_file" "argocd_values" {
+  template = <<EOF
+global:
+  domain: argocd.lab.m1k.cloud
 applicationSet:
   enabled: false
 redis-ha:
@@ -28,8 +68,6 @@ configs:
     application.resourceTrackingMethod: annotation
   params:
     server.insecure: true
-  secret:
-    argocdServerAdminPassword: ${var.argocd_admin_password}
 controller:
   enableStatefulSet: true
   metrics:
@@ -43,42 +81,12 @@ server:
   ingress:
     enabled: true
     ingressClassName: nginx
-    hostname: argocd.lab.m1k.cloud
     tls: true
   certificate:
     enabled: true
-    domain: argocd.lab.m1k.cloud
     issuer:
       group: cert-manager.io
       kind: ClusterIssuer
       name: letsencrypt-prod
 EOF
-  ]
-
-  set_sensitive {
-    name  = "configs.repositories.${terraform.workspace}.name"
-    value = var.git_repo_name
-  }
-
-  set_sensitive {
-    name  = "configs.repositories.${terraform.workspace}.url"
-    value = var.git_repo
-  }
-
-  set_sensitive {
-    name  = "configs.repositories.${terraform.workspace}.username"
-    value = var.git_user
-  }
-
-  set_sensitive {
-    name  = "configs.repositories.${terraform.workspace}.password"
-    value = var.git_token
-  }
-
-  set {
-    name  = "configs.repositories.${terraform.workspace}.type"
-    value = "git"
-  }
 }
-
-
diff --git a/terraform/modules/apps/nginx.tf b/terraform/modules/apps/nginx.tf
@@ -1,18 +1,3 @@
-/****************
-  Nginx values
-****************/
-
-data "template_file" "nginx_values" {
-  template = <<EOF
-controller:
-  ingressClassResource:
-    name: nginx
-    enabled: true
-    default: false
-    controllerValue: "k8s.io/ingress-nginx"
-EOF
-}
-
 /*********
   Nginx
 *********/
@@ -32,3 +17,18 @@ resource "helm_release" "ingress_nginx" {
 
   values = [data.template_file.nginx_values.rendered]
 }
+
+/****************
+  Nginx values
+****************/
+
+data "template_file" "nginx_values" {
+  template = <<EOF
+controller:
+  ingressClassResource:
+    name: nginx
+    enabled: true
+    default: false
+    controllerValue: "k8s.io/ingress-nginx"
+EOF
+}