arcodange-org/factory
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

deploy argo cd

Browse Source
This commit is contained in:
Gabriel Radureau
2024-08-21 00:42:49 +02:00
parent 95f365dbb5
commit 3b4140a0c1
7 changed files with 214 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

147
ansible/arcodange/factory/playbooks/03_cicd.yml
View File

@@ -164,9 +164,18 @@
loop_control: loop_control:
loop_var: gitea_owner_type # Peut être "user" ou "organization" loop_var: gitea_owner_type # Peut être "user" ou "organization"
- name: Deploy Argo CD post_tasks:
run_once: true - include_role:
block: name: arcodange.factory.gitea_token
vars:
gitea_token_delete: true
- name: Deploy Gitea Action
hosts: localhost
roles:
- arcodange.factory.gitea_token # generate gitea_api_token used to replace generated token with set name if required
tasks:
- name: Set factory repo - name: Set factory repo
include_role: include_role:
name: arcodange.factory.gitea_repo name: arcodange.factory.gitea_repo
@@ -175,7 +184,137 @@
- name: Sync other repos - name: Sync other repos
include_role: include_role:
name: arcodange.factory.gitea_sync name: arcodange.factory.gitea_sync
- name: Generate Argo CD token
include_role:
name: arcodange.factory.gitea_token
vars:
gitea_token_name: ARGOCD_TOKEN
gitea_token_fact_name: argocd_token
gitea_token_scopes: read:repository,read:package
gitea_token_replace: true
- name: Figure out k3s master node
shell:
kubectl get nodes -l node-role.kubernetes.io/master=true -o name | sed s'#node/##'
register: get_k3s_master_node
changed_when: false
- name: Get kubernetes server internal url
command: >-
echo https://kubernetes.default.svc
# {%raw%}
# kubectl get svc/kubernetes -o template="{{.spec.clusterIP}}:{{(index .spec.ports 0).port}}"
# {%endraw%}
register: get_k3s_internal_server_url
changed_when: false
- set_fact:
k3s_master_node: "{{ get_k3s_master_node.stdout }}"
k3s_internal_server_url: "{{ get_k3s_internal_server_url.stdout }}"
- name: Install Argo CD
become: true
delegate_to: "{{ k3s_master_node }}"
vars:
gitea_credentials:
username: arcodange
password: "{{ argocd_token }}"
argocd_helm_values:
global:
domain: argocd.arcodange.duckdns.org
configs:
params:
server.insecure: true # let k3s traefik do TLS termination
ansible.builtin.copy:
dest: /var/lib/rancher/k3s/server/manifests/argocd.yaml
content: |-
apiVersion: v1
kind: Namespace
metadata:
name: argocd
---
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: argocd
namespace: kube-system
spec:
repo: https://argoproj.github.io/argo-helm
chart: argo-cd
targetNamespace: argocd
valuesContent: |-
{{ argocd_helm_values | to_nice_yaml | indent( width=4 ) }}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: argocd-server-ingress
namespace: argocd
annotations:
# For Traefik v2.x
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
traefik.ingress.kubernetes.io/router.tls.certresolver: letsencrypt
traefik.ingress.kubernetes.io/router.tls.domains.0.main: arcodange.duckdns.org
traefik.ingress.kubernetes.io/router.tls.domains.0.sans: argocd.arcodange.duckdns.org
traefik.ingress.kubernetes.io/router.middlewares: localIp@file
spec:
rules:
- host: argocd.arcodange.duckdns.org
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: argocd-server
port:
number: 80 #TLS is terminated at Traefik
---
apiVersion: v1
kind: Secret
metadata:
name: gitea-arcodangeorg-factory-repo
namespace: argocd
labels:
argocd.argoproj.io/secret-type: repository
stringData:
type: git
url: https://gitea.arcodange.duckdns.org/arcodange-org/factory
---
apiVersion: v1
kind: Secret
metadata:
name: gitea-arcodangeorg-repo-creds
namespace: argocd
labels:
argocd.argoproj.io/secret-type: repo-creds
stringData:
type: git
url: https://gitea.arcodange.duckdns.org/arcodange-org
password: {{ gitea_credentials.password }}
username: {{ gitea_credentials.username }}
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: factory
namespace: argocd
spec:
project: default
source:
repoURL: https://gitea.arcodange.duckdns.org/arcodange-org/factory
targetRevision: HEAD
path: argocd
destination:
server: {{ k3s_internal_server_url }}
namespace: argocd
syncPolicy:
automated:
prune: true
selfHeal: true
- name: touch manifests/argocd.yaml to trigger update
delegate_to: "{{ k3s_master_node }}"
ansible.builtin.file:
path: /var/lib/rancher/k3s/server/manifests/argocd.yaml
state: touch
become: true
post_tasks: post_tasks:
- include_role: - include_role:
name: arcodange.factory.gitea_token name: arcodange.factory.gitea_token

9
ansible/arcodange/factory/roles/gitea_token/tasks/main.yml
View File

@@ -5,7 +5,7 @@
block: block:
- &createTokenTask - &createTokenTask
name: Create new token for ansible name: Create new token {{ gitea_token_name }} as {{ gitea_token_fact_name }}
when: not gitea_token_delete when: not gitea_token_delete
delegate_to: "{{ groups.gitea[0] }}" delegate_to: "{{ groups.gitea[0] }}"
delegate_facts: true delegate_facts: true
@@ -38,6 +38,13 @@
ignore_errors: false ignore_errors: false
register: gitea_api_token_cmd_bis register: gitea_api_token_cmd_bis
- name: warn
when:
- gitea_api_token is not defined
- gitea_token_delete or gitea_token_replace
debug:
msg: 'WARN: gitea_api_token required when gitea_token_delete or gitea_token_replace is true'
- ansible.builtin.set_fact: - ansible.builtin.set_fact:
'{{ gitea_token_fact_name }}': '{{ (gitea_api_token_cmd.rc == 0) | ternary(gitea_api_token_cmd.stdout, gitea_api_token_cmd_bis.stdout) }}' '{{ gitea_token_fact_name }}': '{{ (gitea_api_token_cmd.rc == 0) | ternary(gitea_api_token_cmd.stdout, gitea_api_token_cmd_bis.stdout) }}'
when: not gitea_token_delete when: not gitea_token_delete

25
argocd/.helmignore Normal file
View File

@@ -0,0 +1,25 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
README.md
.keep

24
argocd/Chart.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: v2
name: factory
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "0.1.0"

3
argocd/README.md Normal file
View File

@@ -0,0 +1,3 @@
# Argo CD Apps
- [Argo CD App Of Apps Pattern](https://argo-cd.readthedocs.io/en/stable/operator-manual/cluster-bootstrapping/)

0
argocd/templates/.keep Normal file
View File

3
argocd/values.yaml Normal file
View File

@@ -0,0 +1,3 @@
# Default values for argocd.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.