devops-stack-module-application

A DevOps Stack module to deploy a simple Application in Argo CD.

The module creates an Argo CD AppProject using the name given on declaration and then creates an Argo CD Application using the chart that is inside the path for the Git repository that is declared.

Inside that folder, the module expects an Helm chart with a folder structure similar to the following (as is standard practice):

application_folder
  ├── Chart.yaml
  ├── charts
  │   ├── dependency1.tar.gz
  │   └── dependency2.tar.gz
  ├── secrets.yaml
  ├── templates
  │   ├── template1.yaml
  │   ├── template2.yaml
  │   ├── template3.yaml
  │   └── _helpers.tpl
  └── values.yaml

By default, the created AppProject can only create an Application within a Namespace of the same name or within a Namespace declared on the module declaration. Besides that, the AppProject has the permission to create any kind of Kubernetes resources inside the destination cluster, but you can restrict the allowed resources if you need to.

Usage

This module can be declared by adding the following block on your Terraform configuration:

module "module_name" {
  source = "git::https://github.com/camptocamp/devops-stack-module-application.git?ref=<RELEASE>"

  name             = "application-name"
  argocd_namespace = local.argocd_namespace

  source_repo            = "https://github.com/owner/repository.git"
  source_repo_path       = "path/to/chart"
  source_target_revision = "branch"

  depends_on = [module.argocd]
}

A more complex declaration, that defines the Namespace and also the AppProject allowed resources, would look like this:

module "module_name" {
  source = "git::https://github.com/camptocamp/devops-stack-module-application.git?ref=<RELEASE>"

  name             = "application-name"
  argocd_namespace = local.argocd_namespace

  source_repo            = "https://github.com/owner/repository.git"
  source_repo_path       = "path/to/chart"
  source_target_revision = "branch"

  destination_namespace = "namespace"

  project_cluster_resource_whitelist = [
    {
      group = "*"
      kind = "Namespace"
    },
  ]

  project_namespace_resource_whitelist = [
    {
      group = "apps"
      kind = "Deployment"
    },
    {
      group = "*"
      kind = "Service"
    },
  ]

  depends_on = [module.argocd]
}

Furthermore, you can customize the chart’s values.yaml by adding an Helm configuration as an HCL structure:

module "module_name" {
  source = "git::https://github.com/camptocamp/devops-stack-module-application.git?ref=<RELEASE>"

  name             = "application-name"
  argocd_namespace = local.argocd_namespace

  source_repo            = "https://github.com/owner/repository.git"
  source_repo_path       = "path/to/chart"
  source_target_revision = "branch"

  helm_values = [{ # Note the curly brackets here
    map = {
      string = "string"
      bool   = true
    }
    sequence = [
      {
        key1 = "value1"
        key2 = "value2"
      },
      {
        key1 = "value1"
        key2 = "value2"
      },
    ]
    sequence2 = [
      "string1",
      "string2"
    ]
  }]

  depends_on = [module.argocd]
}

Technical Reference

Dependencies

`module.argocd`

As this is an application, it needs to be deployed after the deployment of Argo CD and consequently this module needs to have this explicit dependency.

Requirements

No requirements.

Providers

The following providers are used by this module:

argocd
null
utils

Modules

No modules.

Resources

The following resources are used by this module:

argocd_application.this (resource)
argocd_project.this (resource)
null_resource.this (resource)
utils_deep_merge_yaml.values (data source)

Required Inputs

The following input variables are required:

argocd_namespace

Description: Namespace used by Argo CD where the Application and AppProject resources should be created.

Type: string

name

Description: Name to give the to the AppProject and Application.

Type: string

source_repo

Description: Repository where to retrieve the application’s chart.

Type: string

source_repo_path

Description: Path for the application’s chart in the source repository.

Type: string

source_target_revision

Description: Git target revision for the application chart.

Type: string

Optional Inputs

The following input variables are optional (have default values):

dependency_ids

Description: IDs of the other modules on which this module depends on.

Type: map(string)

Default: {}

destination_namespace

Description: Namespace where the application will be deployed. By default it is the same as the application’s name defined by var.name. We use a ternary operator to conditionally define the Namespace only if it is defined on the module’s instantiation: namespace = var.destination_namespace == null ? var.name : var.destination_namespace.

Type: string

Default: null

helm_values

Description: Helm values, passed as a list of HCL structures. These values are concatenated with the default ones and then passed to the application’s charts.

Type: any

Default: []

project_cluster_resource_whitelist

Description: Cluster-scoped resources allowed to be deployed in the Argo CD AppProject created by the module. The group must be a Kubernetes API group such as core or apps and the kind must be a Kubernetes Kinds/Object Schemas such as Namespace or ClusterRole (note that only resources like these ones are compatible with this setting, the other resources are only Namespace-scoped). You can see the API Groups here.

Type:

list(object({
    group = string
    kind  = string
  }))

Default:

[
  {
    "group": "*",
    "kind": "*"
  }
]

project_namespace_resource_whitelist

Description: Namespace-scoped resources allowed to be deployed in the Argo CD AppProject created by the module. The group must be a Kubernetes API group such as core or apps and the kind must be a Kubernetes Kinds/Object Schemas such as Pod, ConfigMap, DaemonSet, Deployment, etc. You can see the API Groups here.

Type:

list(object({
    group = string
    kind  = string
  }))

Default:

[
  {
    "group": "*",
    "kind": "*"
  }
]

Outputs

The following outputs are exported:

id

Description: ID to pass other modules in order to refer to this module as a dependency.

Reference in table format

Show tables

= Providers

Name	Version
argocd	n/a
null	n/a
utils	n/a

Name

Version

argocd

n/a

null

n/a

utils

n/a

= Resources

Name	Type
argocd_application.this	resource
argocd_project.this	resource
null_resource.this	resource
utils_deep_merge_yaml.values	data source

Name

Type

argocd_application.this

resource

argocd_project.this

resource

null_resource.this

resource

utils_deep_merge_yaml.values

data source

= Inputs

Name Description Type Default Required

Name	Description	Type	Default	Required
argocd_namespace	Namespace used by Argo CD where the Application and AppProject resources should be created.	`string`	n/a	yes
dependency_ids	IDs of the other modules on which this module depends on.	`map(string)`	`{}`	no
destination_namespace	Namespace where the application will be deployed. By default it is the same as the application’s name defined by `var.name`. We use a ternary operator to conditionally define the Namespace only if it is defined on the module’s instantiation: `namespace = var.destination_namespace == null ? var.name : var.destination_namespace`.	`string`	`null`	no
helm_values	Helm values, passed as a list of HCL structures. These values are concatenated with the default ones and then passed to the application’s charts.	`any`	`[]`	no
name	Name to give the to the AppProject and Application.	`string`	n/a	yes
project_cluster_resource_whitelist	Cluster-scoped resources allowed to be deployed in the Argo CD AppProject created by the module. The `group` must be a Kubernetes API group such as `core` or `apps` and the `kind` must be a Kubernetes Kinds/Object Schemas such as `Namespace` or `ClusterRole` (note that only resources like these ones are compatible with this setting, the other resources are only Namespace-scoped). You can see the API Groups here.	`list(object({ group = string kind = string }))`	`[ { "group": "", "kind": "" } ]`	no
project_namespace_resource_whitelist	Namespace-scoped resources allowed to be deployed in the Argo CD AppProject created by the module. The `group` must be a Kubernetes API group such as `core` or `apps` and the `kind` must be a Kubernetes Kinds/Object Schemas such as `Pod`, `ConfigMap`, `DaemonSet`, `Deployment`, etc. You can see the API Groups here.	`list(object({ group = string kind = string }))`	`[ { "group": "", "kind": "" } ]`	no
source_repo	Repository where to retrieve the application’s chart.	`string`	n/a	yes
source_repo_path	Path for the application’s chart in the source repository.	`string`	n/a	yes
source_target_revision	Git target revision for the application chart.	`string`	n/a	yes

argocd_namespace

Namespace used by Argo CD where the Application and AppProject resources should be created.

string

n/a

yes

dependency_ids

IDs of the other modules on which this module depends on.

map(string)

{}

destination_namespace

Namespace where the application will be deployed. By default it is the same as the application’s name defined by var.name. We use a ternary operator to conditionally define the Namespace only if it is defined on the module’s instantiation: namespace = var.destination_namespace == null ? var.name : var.destination_namespace.

string

null

helm_values

Helm values, passed as a list of HCL structures. These values are concatenated with the default ones and then passed to the application’s charts.

any

[]

name

Name to give the to the AppProject and Application.

string

n/a

yes

project_cluster_resource_whitelist

Cluster-scoped resources allowed to be deployed in the Argo CD AppProject created by the module. The group must be a Kubernetes API group such as core or apps and the kind must be a Kubernetes Kinds/Object Schemas such as Namespace or ClusterRole (note that only resources like these ones are compatible with this setting, the other resources are only Namespace-scoped). You can see the API Groups here.

list(object({
    group = string
    kind  = string
  }))

[
  {
    "group": "*",
    "kind": "*"
  }
]

project_namespace_resource_whitelist

Namespace-scoped resources allowed to be deployed in the Argo CD AppProject created by the module. The group must be a Kubernetes API group such as core or apps and the kind must be a Kubernetes Kinds/Object Schemas such as Pod, ConfigMap, DaemonSet, Deployment, etc. You can see the API Groups here.

list(object({
    group = string
    kind  = string
  }))

[
  {
    "group": "*",
    "kind": "*"
  }
]

source_repo

Repository where to retrieve the application’s chart.

string

n/a

yes

source_repo_path

Path for the application’s chart in the source repository.

string

n/a

yes

source_target_revision

Git target revision for the application chart.

string

n/a

yes

= Outputs

Name	Description
id	ID to pass other modules in order to refer to this module as a dependency.