gitops-bridge metadata as module

Signed-off-by: Carlos Santana <[email protected]>

Author: csantanapr

.gitignore

@@ -0,0 +1,45 @@
+local/
+build/
+plan.out
+plan.out.json
+
+# Local .terraform directories
+.terraform/
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Exclude all .tfvars files, which are likely to contain sentitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+#
+*.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+.terraform.lock.hcl
+
+go.mod
+go.sum
+
+.DS_Store

.pre-commit-config.yaml

@@ -0,0 +1,35 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.4.0
+    hooks:
+      - id: trailing-whitespace
+        args: ['--markdown-linebreak-ext=md']
+      - id: end-of-file-fixer
+      - id: check-merge-conflict
+      - id: detect-private-key
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.77.1
+    hooks:
+      - id: terraform_fmt
+      - id: terraform_docs
+        args:
+          - '--args=--lockfile=false'
+      - id: terraform_tflint
+        args:
+          - '--args=--only=terraform_deprecated_interpolation'
+          - '--args=--only=terraform_deprecated_index'
+          - '--args=--only=terraform_unused_declarations'
+          - '--args=--only=terraform_comment_syntax'
+          - '--args=--only=terraform_documented_outputs'
+          - '--args=--only=terraform_documented_variables'
+          - '--args=--only=terraform_typed_variables'
+          - '--args=--only=terraform_module_pinned_source'
+          - '--args=--only=terraform_naming_convention'
+          - '--args=--only=terraform_required_version'
+          - '--args=--only=terraform_required_providers'
+          - '--args=--only=terraform_standard_module_structure'
+          - '--args=--only=terraform_workspace_remote'
+          - '--args=--only=terraform_empty_list_equality'
+          - '--args=--only=terraform_unused_required_providers'
+      - id: terraform_validate
+

README.md

@@ -1,2 +1,42 @@
 # gitops-bridge-argocd-metadata-terraform
 Terraform module for gitops-bridge argocd metadata
+
+It generates the argocd cluster secret that contains the metadata for argocd application sets
+
+To be use with [gitops-bridge](https://github.com/gitops-bridge-dev/) project, see example [here](https://github.com/gitops-bridge-dev/gitops-bridge/blob/main/argocd/iac/terraform/examples/eks/hello-world/main.tf)
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+
+## Providers
+
+No providers.
+
+## Modules
+
+No modules.
+
+## Resources
+
+No resources.
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_addons"></a> [addons](#input\_addons) | ArgoCD cluster additional addons labels to be extracted by application sets | `map(string)` | `{}` | no |
+| <a name="input_argocd"></a> [argocd](#input\_argocd) | Overrides for ArgoCD cluster secret like name, namespace, data server, data config, take a look at main.tf | `map(string)` | `{}` | no |
+| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | ArgoCD cluster name | `string` | `"in-cluster"` | no |
+| <a name="input_environment"></a> [environment](#input\_environment) | ArgoCD cluster label environment | `string` | `"dev"` | no |
+| <a name="input_metadata"></a> [metadata](#input\_metadata) | ArgoCD cluster additional metadata annotations to be extracted by application sets | `map(string)` | `{}` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_argocd"></a> [argocd](#output\_argocd) | Argocd cluster secret |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

main.tf

@@ -0,0 +1,44 @@
+
+locals {
+
+  argocd_labels = merge({
+    cluster_name                     = var.cluster_name
+    environment                      = var.environment
+    enable_argocd                    = true
+    "argocd.argoproj.io/secret-type" = "cluster"
+    },
+    var.addons
+  )
+  argocd_annotations = merge(
+    {
+      cluster_name = var.cluster_name
+      environment  = var.environment
+    },
+    var.metadata
+  )
+}
+
+locals {
+  argocd_server_config = <<-EOT
+    {
+      "tlsClientConfig": {
+        "insecure": false
+      }
+    }
+  EOT
+  argocd = {
+    apiVersion = "v1"
+    kind       = "Secret"
+    metadata = {
+      name        = try(var.argocd.secret_name, var.cluster_name)
+      namespace   = try(var.argocd.secret_namespace, "argocd")
+      annotations = local.argocd_annotations
+      labels      = local.argocd_labels
+    }
+    stringData = {
+      name   = var.cluster_name
+      server = try(var.argocd.server, "https://kubernetes.default.svc")
+      config = try(var.argocd.argocd_server_config, local.argocd_server_config)
+    }
+  }
+}

outputs.tf

@@ -0,0 +1,4 @@
+output "argocd" {
+  description = "Argocd cluster secret"
+  value       = local.argocd
+}

variables.tf

@@ -0,0 +1,25 @@
+variable "cluster_name" {
+  description = "ArgoCD cluster name"
+  type        = string
+  default     = "in-cluster"
+}
+variable "environment" {
+  description = "ArgoCD cluster label environment"
+  type        = string
+  default     = "dev"
+}
+variable "metadata" {
+  description = "ArgoCD cluster additional metadata annotations to be extracted by application sets"
+  type        = map(string)
+  default     = {}
+}
+variable "addons" {
+  description = "ArgoCD cluster additional addons labels to be extracted by application sets"
+  type        = map(string)
+  default     = {}
+}
+variable "argocd" {
+  description = "Overrides for ArgoCD cluster secret like name, namespace, data server, data config, take a look at main.tf"
+  type        = map(string)
+  default     = {}
+}

versions.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.0"
+
+  # ##  Used for end-to-end testing on project; update to suit your needs
+  # backend "s3" {
+  #   bucket = "terraform-ssp-github-actions-state"
+  #   region = "us-west-2"
+  #   key    = "e2e/ipv4-prefix-delegation/terraform.tfstate"
+  # }
+}