Add ArgoCD bootstrapping (#2)

Co-authored-by: Marcel Straub <m@straubs.eu>
Reviewed-on: s5b-private/k8s#2

00-infrastructure/01-tofu/talos/config.tf

@@ -19,7 +19,7 @@ data "talos_client_configuration" "this" {
   endpoints            = [for k, v in var.nodes : v.ip if v.machine_type == "controlplane"]
 }
 
-resource "terraform_data" "cilium_bootstrap_inline_manifests" {
+resource "terraform_data" "bootstrap_inline_manifests" {
   input = [
     {
       name     = "cilium-bootstrap"
@@ -38,6 +38,10 @@ resource "terraform_data" "cilium_bootstrap_inline_manifests" {
           "values.yaml" = file("${path.root}/${var.cluster.cilium.values_file_path}")
         }
       })
+    },
+    {
+      name = "argocd-bootstrap"
+      contents = file("${path.root}/${var.cluster.argocd.bootstrap_manifest_path}")
     }
   ]
 }
@@ -70,7 +74,7 @@ data "talos_machine_configuration" "this" {
       vip              = var.cluster.vip
       extra_manifests  = jsonencode(local.extra_manifests)
       api_server       = var.cluster.api_server
-      inline_manifests = jsonencode(terraform_data.cilium_bootstrap_inline_manifests.output)
+      inline_manifests = jsonencode(terraform_data.bootstrap_inline_manifests.output)
     }) :
     templatefile("${path.module}/machine-config/worker.yaml.tftpl", {
       mac_address = lower(each.value.mac_address)

00-infrastructure/01-tofu/talos/inline-manifests/argocd_install.yaml

@@ -0,0 +1,51 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: argocd
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: argocd-installer
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  name: argocd-installer
+  namespace: kube-system
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: argocd-installer
+  namespace: kube-system
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: argocd-installer
+  namespace: kube-system
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: argocd-installer
+  namespace: kube-system
+spec:
+  template:
+    spec:
+      serviceAccountName: argocd-installer
+      containers:
+      - name: installer
+        image: bitnami/kubectl:latest
+        command:
+        - /bin/sh
+        - -c
+        - |
+          kubectl apply -n argocd -f https://git.straubintra.net/marcel/argo-cd/raw/tag/stable/manifests/ha/install.yaml
+      restartPolicy: OnFailure
+  backoffLimit: 3
+

00-infrastructure/01-tofu/talos/variables.tf

@@ -34,6 +34,9 @@ variable "cluster" {
       bootstrap_manifest_path = string
       values_file_path        = string
     })
+    argocd = object({
+      bootstrap_manifest_path = string
+    })
   })
 }
 

00-infrastructure/01-tofu/talos_cluster.auto.tfvars

@@ -17,6 +17,10 @@ talos_cluster_config  = {
         values_file_path        = "../../02-k8s/infra/network/cilium/values.yaml"
     }
 
+    argocd = {
+        bootstrap_manifest_path = "talos/inline-manifests/argocd_install.yaml"
+    }
+
     registry_mirrors = {
       "docker.io" = "https://harbor.prod.eis-mk8.de.s5b.org/v2/proxy-docker.io"
       "ghcr.io" = "https://harbor.prod.eis-mk8.de.s5b.org/v2/proxy-ghcr.io"
@@ -24,5 +28,6 @@ talos_cluster_config  = {
       "registry.k8s.io" = "https://harbor.prod.eis-mk8.de.s5b.org/v2/proxy-registry.k8s.io"
       "mcr.microsoft.com" = "https://harbor.prod.eis-mk8.de.s5b.org/v2/proxy-mcr.microsoft.com"
       "quay.io" = "https://harbor.prod.eis-mk8.de.s5b.org/v2/proxy-quay.io"
+      "public.ecr.aws" = "https://harbor.prod.eis-mk8.de.s5b.org/v2/proxy-public.ecr.aws"
     }
 }

00-infrastructure/01-tofu/variables.tf

@@ -51,6 +51,9 @@ variable "talos_cluster_config" {
       bootstrap_manifest_path = string
       values_file_path        = string
     })
+    argocd = object({
+      bootstrap_manifest_path = string
+    })
   })
 }