init argocd

Max Glotov · Max Glotov · commit 48a3c3826428 · 2025-04-18T16:25:27.000+06:00
diff --git a/.gitignore b/.gitignore
@@ -116,3 +116,4 @@ $RECYCLE.BIN/
 *.lnk
 
 **/temp/*
+argocd/**/charts
diff --git a/argocd/applications/argocd.yaml b/argocd/applications/argocd.yaml
@@ -0,0 +1,17 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: argocd
+  namespace: argocd
+spec:
+  source:
+    repoURL: 'https://github.com/maddevsio/aws-eks-base.git'
+    path: argocd/k8s-addons/argocd
+    targetRevision: main
+  destination:
+    name: in-cluster
+    namespace: argocd
+  project: k8s-addons
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
diff --git a/argocd/applications/aws-load-balancer-controller.yaml b/argocd/applications/aws-load-balancer-controller.yaml
@@ -0,0 +1,17 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: argocd/applications/aws-load-balancer-controller.yaml
+  namespace: argocd
+spec:
+  source:
+    repoURL: 'https://github.com/maddevsio/aws-eks-base.git'
+    path: argocd/k8s-addons/aws-load-balancer-controller
+    targetRevision: main
+  destination:
+    name: in-cluster
+    namespace: argocd
+  project: k8s-addons
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
diff --git a/argocd/applications/ingress-nginx.yaml b/argocd/applications/ingress-nginx.yaml
@@ -0,0 +1,17 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: ingress-nginx
+  namespace: argocd
+spec:
+  source:
+    repoURL: 'https://github.com/maddevsio/aws-eks-base.git'
+    path: argocd/k8s-addons/ingress-nginx
+    targetRevision: main
+  destination:
+    name: in-cluster
+    namespace: argocd
+  project: k8s-addons
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
diff --git a/argocd/applications/karpenter.yaml b/argocd/applications/karpenter.yaml
@@ -0,0 +1,17 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: karpenter
+  namespace: argocd
+spec:
+  source:
+    repoURL: 'https://github.com/maddevsio/aws-eks-base.git'
+    path: argocd/k8s-addons/karpenter
+    targetRevision: main
+  destination:
+    name: in-cluster
+    namespace: argocd
+  project: k8s-addons
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
diff --git a/argocd/k8s-addons/argocd/base/application-k8s-addons.yaml b/argocd/k8s-addons/argocd/base/application-k8s-addons.yaml
@@ -0,0 +1,27 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: k8s-addons
+  namespace: argocd
+spec:
+  project: k8s-addons
+  source:
+    repoURL: 'https://github.com/maddevsio/aws-eks-base.git'
+    path: argocd/applications
+    targetRevision: argocd
+  destination:
+    server: 'https://kubernetes.default.svc'
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - RespectIgnoreDifferences=true
+  ignoreDifferences:
+    - group: "*"
+      kind: "Application"
+      namespace: "*"
+      jsonPointers:
+        # Allow manually disabling auto sync for apps, useful for debugging.
+        - /spec/syncPolicy/automated
+        # These are automatically updated on a regular basis. Not ignoring last applied configuration since it's used for computing diffs after normalization.
+        - /metadata/annotations/argocd.argoproj.io~1refresh
+        - /operation
diff --git a/argocd/k8s-addons/argocd/base/helm-values.yaml b/argocd/k8s-addons/argocd/base/helm-values.yaml
@@ -0,0 +1,55 @@
+server:
+  ingress:
+    enabled: true
+    ingressClassName: nginx
+    hostname: argocd.example.com
+  # Configure RBAC
+  rbacConfig:
+    policy.default: role:readonly
+    policy.csv: |
+      p, role:org-admin, applications, *, */*, allow
+      p, role:org-admin, clusters, get, *, allow
+      p, role:org-admin, repositories, get, *, allow
+      p, role:org-admin, repositories, create, *, allow
+      p, role:org-admin, repositories, update, *, allow
+      p, role:org-admin, repositories, delete, *, allow
+
+configs:
+  cm:
+    application.resourceTrackingMethod: annotation
+    kustomize.buildOptions: --enable-helm
+  params:
+    server.insecure: "true"
+    server.log.level: "warn"
+    controller.log.level: "warn"
+    reposerver.log.level: "warn"
+
+extraObjects:
+  - apiVersion: argoproj.io/v1alpha1
+    kind: AppProject
+    metadata:
+      name: k8s-addons
+      namespace: argocd
+      labels:
+        app.kubernetes.io/name: argocd
+        app.kubernetes.io/part-of: argocd
+      finalizers:
+        - resources-finalizer.argocd.argoproj.io
+    spec:
+      clusterResourceWhitelist:
+      - group: '*'
+        kind: '*'
+      destinations:
+      - namespace: '*'
+        server: '*'
+      sourceRepos:
+      - '*'
+global:
+  tolerations:
+    - key: CriticalAddonsOnly
+      operator: Exists
+
+controller:
+  tolerations:
+    - key: CriticalAddonsOnly
+      operator: Exists
diff --git a/argocd/k8s-addons/argocd/base/kustomization.yaml b/argocd/k8s-addons/argocd/base/kustomization.yaml
@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - application-k8s-addons.yaml
+
+helmCharts:
+  - name: argo-cd
+    repo: https://argoproj.github.io/argo-helm
+    version: 7.8.26
+    releaseName: argocd
+    namespace: argocd
+    valuesFile: helm-values.yaml
diff --git a/argocd/k8s-addons/argocd/kustomization.yaml b/argocd/k8s-addons/argocd/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./base
diff --git a/argocd/k8s-addons/aws-loadbalancer-controller/kustomization.yaml b/argocd/k8s-addons/aws-loadbalancer-controller/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ../base
diff --git a/argocd/k8s-addons/ingress-nginx/kustomization.yaml b/argocd/k8s-addons/ingress-nginx/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ../base
diff --git a/argocd/k8s-addons/karpenter/kustomization.yaml b/argocd/k8s-addons/karpenter/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ../base
diff --git a/terraform/modules/aws-eks/main.tf b/terraform/modules/aws-eks/main.tf
@@ -1,7 +1,7 @@
 #tfsec:ignore:aws-vpc-no-public-egress-sgr tfsec:ignore:aws-eks-enable-control-plane-logging tfsec:ignore:aws-eks-encrypt-secrets tfsec:ignore:aws-eks-no-public-cluster-access tfsec:ignore:aws-eks-no-public-cluster-access-to-cidr
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "20.20.0"
+  version = "20.35.0"
 
   cluster_name             = var.name
   cluster_version          = var.eks_cluster_version
@@ -20,6 +20,9 @@ module "eks" {
     kube-proxy = {
       most_recent = true
     }
+    eks-pod-identity-agent = {
+      most_recent = true
+    }
     vpc-cni = {
       most_recent              = true
       service_account_role_arn = module.vpc_cni_irsa.iam_role_arn
diff --git a/terragrunt/ACCOUNT_ID/us-east-1/demo/common/aws-eks/.terraform.lock.hcl b/terragrunt/ACCOUNT_ID/us-east-1/demo/common/aws-eks/.terraform.lock.hcl
diff --git a/terragrunt/ACCOUNT_ID/us-east-1/demo/common/aws-vpc/.terraform.lock.hcl b/terragrunt/ACCOUNT_ID/us-east-1/demo/common/aws-vpc/.terraform.lock.hcl
diff --git a/terragrunt/terragrunt.hcl b/terragrunt/terragrunt.hcl

Original file line number	Diff line number	Diff line change
`@@ -116,3 +116,4 @@ $RECYCLE.BIN/`
`116`	`116`	`*.lnk`
`117`	`117`
`118`	`118`	`*/temp/`
	`119`	`+argocd/**/charts`