# ArgoCD Deployment Role This role deploys and configures ArgoCD in an OpenShift cluster for GitOps-based deployments. It sets up the necessary resources for both standard ArgoCD and workload-specific ArgoCD instances. ## Overview ArgoCD is a declarative, GitOps continuous delivery tool for Kubernetes. This role: 1. Creates dedicated namespaces for ArgoCD instances 2. Installs ArgoCD via Operator Hub 3. Configures ArgoCD instances with appropriate settings 4. Sets up the Application-of-Applications pattern for managing deployments 5. Configures authentication and access control ## Prerequisites - Access to an OpenShift cluster with admin privileges - Operator Hub and OLM accessible in the cluster - Git credentials configured in the Ansible vault ## Role Variables | Variable | Description | Default | |----------|-------------|---------| | argocd_namespace | Namespace for standard ArgoCD installation | "argocd" | | argocd_workload_namespace | Namespace for workload ArgoCD installation | "wkl-argocd" | | argocd_repo_url | Git repository URL for ArgoCD configuration | "" | | argocd_repo_username | Git repository username | "" | | argocd_repo_password | Git repository password/token | "" | | argocd_apps_path | Path to the apps directory in the Git repo | "manifests/argocd-apps" | ## Role Tasks The role is organized into separate task files: - **main.yml**: Main entry point that includes other task files - **argocd_standard.yml**: Sets up the standard ArgoCD instance - **argocd_workload.yml**: Sets up the workload-specific ArgoCD instance - **argocd_app_of_apps.yml**: Configures the Application-of-Applications pattern ## Dependencies This role depends on: - **kubernetes_auth**: For cluster authentication - **namespace_setup**: For creating required namespaces ## Example Usage ```yaml - name: Deploy ArgoCD hosts: localhost roles: - role: argocd_deployment vars: argocd_namespace: "argocd" argocd_workload_namespace: "wkl-argocd" argocd_repo_url: "https://github.com/org/repo.git" argocd_repo_username: "git-user" # Password is fetched from vault ``` ## ArgoCD App of Apps Pattern This role implements the App of Apps pattern, which is a best practice for managing multiple applications with ArgoCD: 1. A root Application (app-of-apps) points to a Git repository with application definitions 2. Each application definition is itself an ArgoCD Application CR 3. This creates a hierarchy that makes it easy to manage many applications The pattern is configured in `argocd_app_of_apps.yml` and uses the `app_of_apps_path` variable to locate the application definitions in the Git repository. ## Authentication Configuration ArgoCD instances are configured with: - Git repository credentials from the vault - OpenShift OAuth integration for user authentication - RBAC for access control ## Troubleshooting Common issues: - **ArgoCD Operator not installing**: Verify OpenShift Operator Hub is working correctly - **Repository connectivity issues**: Check Git credentials in the vault - **Permission issues**: Ensure proper RBAC setup and that ArgoCD ServiceAccount has required permissions ## Notes - The workload ArgoCD instance is separate from the standard instance to isolate customer workloads - Standard ArgoCD manages cluster-level configuration - Workload ArgoCD manages customer applications - Both instances are configured with automatic sync by default