From ed824adc429b37768d510d72ca0218c8d0148c55 Mon Sep 17 00:00:00 2001
From: Ultradesu <ultradesu@hexor.cy>
Date: Sun, 6 Apr 2025 17:24:01 +0100
Subject: [PATCH] Added Argocd

---
 k8s/core/argocd/kustomization.yaml |  15 ++++
 k8s/core/argocd/values.yaml        | 124 +++++++++++++++++++++++++++++
 k8s/state/core/argocd.yaml         |  21 +++++
 3 files changed, 160 insertions(+)
 create mode 100644 k8s/core/argocd/kustomization.yaml
 create mode 100644 k8s/core/argocd/values.yaml
 create mode 100644 k8s/state/core/argocd.yaml

diff --git a/k8s/core/argocd/kustomization.yaml b/k8s/core/argocd/kustomization.yaml
new file mode 100644
index 0000000..1f50427
--- /dev/null
+++ b/k8s/core/argocd/kustomization.yaml
@@ -0,0 +1,15 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources: []
+# - external-secrets.yaml
+
+helmCharts:
+  - name: argo-cd
+    repo: https://argoproj.github.io/argo-helm
+    version: 7.8.23
+    releaseName: argocd
+    namespace: argocd
+    valuesFile: values.yaml
+    includeCRDs: true
+
diff --git a/k8s/core/argocd/values.yaml b/k8s/core/argocd/values.yaml
new file mode 100644
index 0000000..c9b18bd
--- /dev/null
+++ b/k8s/core/argocd/values.yaml
@@ -0,0 +1,124 @@
+# Argo CD Helm Chart Values
+# Includes Redis HA, Ingress for Traefik/cert-manager, and global Kustomize Helm support.
+
+global:
+  # Default domain (can be overridden in ingress)
+  domain: ag.hexor.cy
+  logging:
+    format: text
+    level: info
+
+crds:
+  install: true
+  keep: true # Recommended to keep true so CRDs are not deleted on uninstall
+
+configs:
+  # Settings for argocd-cm ConfigMap
+  cm:
+    create: true
+    # --- GLOBAL KUSTOMIZE OPTION ---
+    # Enables --enable-helm flag for all Kustomize builds managed by this Argo CD instance
+    kustomize.buildOptions: --enable-helm
+    # ----------------------------------
+    # Standard/recommended values:
+    application.instanceLabelKey: argocd.argoproj.io/instance
+    admin.enabled: true
+    timeout.reconciliation: 180s
+    # Add other necessary keys for argocd-cm here
+
+  # Settings for argocd-rbac-cm ConfigMap
+  rbac:
+    create: true
+    policy.default: ""
+    # policy.csv: |
+    #   p, role:org-admin, applications, *, */*, allow
+    #   g, your-github-group, role:org-admin
+
+  # Settings for argocd-secret Secret
+  secret:
+    createSecret: true
+    # IMPORTANT: Set admin password hash below or manage the secret externally.
+    # How to generate hash: htpasswd -nbBC 10 "" PASSWORD | tr -d ':\n' | sed 's/$2y/$2a/'
+    argocdServerAdminPassword: "" # <--- SET BCRYPT HASH HERE OR MANAGE EXTERNALLY
+    # Add other secrets like webhook secrets, OIDC client secrets etc. if needed
+    # githubSecret: ""
+    # gitlabSecret: ""
+
+# Application Controller
+controller:
+  replicas: 1
+  # Add resources (requests/limits), PDB etc. if needed
+
+# Dex OIDC provider
+dex:
+  enabled: true # Keep enabled unless using external OIDC/SAML directly
+  # Add resources, PDB etc. if needed
+
+# Standard Redis disabled because Redis HA is enabled
+redis:
+  enabled: false
+
+# Redis HA (replaces standard Redis)
+redis-ha:
+  enabled: true
+  # Default settings usually work, including auth via 'argocd-redis' secret.
+  # Assumes 'redisSecretInit' job is enabled (default) to create the secret.
+  haproxy:
+    enabled: true
+  redis:
+    config:
+      # Disable Redis disk persistence for cache performance (Argo CD uses it as a cache)
+      save: '""'
+
+# Argo CD Server (API and UI)
+server:
+  replicas: 1
+
+  # Ingress settings
+  ingress:
+    enabled: true
+    ingressClassName: traefik
+    annotations:
+      # For cert-manager
+      cert-manager.io/cluster-issuer: letsencrypt
+      # For Traefik middleware (ensure it exists)
+      traefik.ingress.kubernetes.io/router.middlewares: kube-system-https-redirect@kubernetescrd
+      # For cert-manager HTTP01 challenge
+      acme.cert-manager.io/http01-edit-in-place: "true"
+    hostname: ag.hexor.cy
+    path: /
+    pathType: Prefix
+    # --- TLS Settings ---
+    # Disable default chart TLS mechanism
+    tls: false
+    # Use extraTls for custom secret name
+    extraTls:
+      - secretName: argocd-tls # Secret name for Ingress to use (must be created by cert-manager)
+        hosts:
+          - ag.hexor.cy
+
+  # --- Certificate Settings ---
+  # Disable automatic Certificate resource creation by the chart.
+  # IMPORTANT: You MUST create a Certificate resource manually or via extraObjects
+  #            that uses the 'letsencrypt' ClusterIssuer and targets 'secretName: argocd-tls'.
+  certificate:
+    enabled: false
+  certificateSecret:
+    enabled: false
+  # Add resources (requests/limits), PDB etc. if needed
+
+# Repository Server
+repoServer:
+  replicas: 1
+  # Add resources (requests/limits), PDB etc. if needed
+
+# ApplicationSet Controller
+applicationSet:
+  enabled: true # Enabled by default
+  replicas: 1
+  # Add resources (requests/limits), PDB etc. if needed
+
+# Notifications Controller
+notifications:
+  enabled: true # Enabled by default
+  # Add notifiers, triggers, templates configurations if needed
diff --git a/k8s/state/core/argocd.yaml b/k8s/state/core/argocd.yaml
new file mode 100644
index 0000000..c72b3df
--- /dev/null
+++ b/k8s/state/core/argocd.yaml
@@ -0,0 +1,21 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: argocd
+  namespace: argocd
+spec:
+  project: homelab
+  destination:
+    namespace: argocd
+    server: https://kubernetes.default.svc
+  source:
+    repoURL: ssh://git@gt.hexor.cy:30022/ab/homelab.git
+    targetRevision: HEAD
+    path: k8s/core/argocd
+  syncPolicy:
+    automated:
+      selfHeal: true
+      prune: true
+    syncOptions:
+      - CreateNamespace=true
+