-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathmain.tf
55 lines (45 loc) · 1.43 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
resource "kubernetes_namespace" "argo_namespace" {
metadata {
name = var.argocd_namespace
}
}
resource "helm_release" "argocd" {
name = "argocd"
namespace = kubernetes_namespace.argo_namespace.metadata[0].name
repository = var.argocd_repository
chart = var.argocd_chart
version = var.argocd_chart_version
values = var.argocd_values_path != "" ? [file(var.argocd_values_path)] : []
set {
name = format("server.config.accounts\\.%s", var.argocd_kerberus_service_account)
value = "apiKey"
}
set {
name = format("server.config.accounts\\.%s\\.enabled", var.argocd_kerberus_service_account)
value = "true"
type = "string"
}
set {
name = "server.rbacConfig.policy\\.default"
value = var.argocd_rbacConfig_policy_default
}
set {
name = "server.extraArgs"
value = format("{%s}", join(",", var.argocd_server_extra_args))
}
}
data "kubernetes_secret" "retreive_argocd_password" {
depends_on = [helm_release.argocd]
metadata {
name = "argocd-initial-admin-secret"
namespace = helm_release.argocd.namespace
}
}
data "external" "generate_argocd_token" {
program = ["/bin/bash", join("/", [path.module, "files", "generate-token.sh"])]
query = {
argo_password = data.kubernetes_secret.retreive_argocd_password.data["password"]
argo_hostname = var.argocd_url
argocd_service_account = var.argocd_kerberus_service_account
}
}