- name: Check if this is a hub cluster ansible.builtin.set_fact: is_hub_cluster: "{{ vars[cluster_region][cluster_name]['is_hub'] | default(false) }}" - name: Create ArgoCD namespace kubernetes.core.k8s: kubeconfig: /auth/kubeconfig state: present src: "{{ role_path }}/files/argocd-namespace.yaml" - name: Generate random OAuth client secret ansible.builtin.set_fact: oauth_client_secret: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=32') }}" - name: Create OAuth client template ansible.builtin.template: src: "{{ role_path }}/templates/oauth-client.yaml.j2" dest: "/tmp/oauth-client-{{ cluster_name }}.yaml" mode: '0600' vars: client_name: "{{ cluster_name }}-oauth-client" client_secret: "{{ oauth_client_secret }}" redirect_uri: "https://argocd.apps.{{ cluster_name }}.{{ cluster_region }}.container.mom/api/dex/callback" - name: Create OpenShift OAuth client for ArgoCD kubernetes.core.k8s: kubeconfig: /auth/kubeconfig state: present src: "/tmp/oauth-client-{{ cluster_name }}.yaml" - name: Store OAuth client details as facts ansible.builtin.set_fact: argocd_client_id: "{{ cluster_name }}-oauth-client" argocd_client_secret: "{{ oauth_client_secret }}" - name: Deploy ArgoCD using Helm kubernetes.core.helm: kubeconfig: /auth/kubeconfig name: argocd release_namespace: argocd create_namespace: true chart_ref: "https://github.com/argoproj/argo-helm/releases/download/argo-cd-7.8.11/argo-cd-7.8.11.tgz" values: openshift: enabled: true server: route: enabled: true hostname: argocd.apps.{{ cluster_name }}.{{ cluster_region }}.container.mom dex: enabled: true config: | connectors: - type: openshift id: openshift name: OpenShift config: clientID: "{{ argocd_client_id }}" clientSecret: "{{ argocd_client_secret }}" redirectURI: "https://argocd.apps.{{ cluster_name }}.{{ cluster_region }}.container.mom/api/dex/callback" configs: cm: oidc.config: | name: openshift issuer: {{ openshift_cluster_api }}/oauth2/default clientID: "{{ argocd_client_id }}" clientSecret: "{{ argocd_client_secret }}" redirectURI: "https://argocd.apps.{{ cluster_name }}.{{ cluster_region }}.container.mom/api/dex/callback" - name: Create ArgoCD ClusterRoleBinding template ansible.builtin.template: src: "{{ role_path }}/templates/argocd-clusterrolebinding.yaml.j2" dest: "/tmp/argocd-clusterrolebinding-{{ cluster_name }}.yaml" mode: '0600' - name: Create a ClusterRoleBinding to grant ArgoCD cluster-admin privileges kubernetes.core.k8s: kubeconfig: /auth/kubeconfig state: present src: "/tmp/argocd-clusterrolebinding-{{ cluster_name }}.yaml" - name: Create container-mom AppProject for hub cluster kubernetes.core.k8s: kubeconfig: /auth/kubeconfig state: present src: "{{ role_path }}/files/container-mom-appproject.yaml" when: is_hub_cluster | bool - name: Create app-of-apps template ansible.builtin.template: src: "{{ role_path }}/templates/app-of-apps.yaml.j2" dest: "/tmp/app-of-apps-{{ cluster_name }}.yaml" mode: '0600' vars: git_repo_url: "{{ gitops_repo_url | default('https://github.com/pfeifferj/container-mom-gitops.git') }}" git_repo_branch: "{{ gitops_repo_branch | default('main') }}" when: is_hub_cluster | bool - name: Configure app-of-apps from monorepo for hub cluster kubernetes.core.k8s: kubeconfig: /auth/kubeconfig state: present src: "/tmp/app-of-apps-{{ cluster_name }}.yaml" when: is_hub_cluster | bool - name: Inform the user about ArgoCD deployment ansible.builtin.debug: msg: - "ArgoCD has been deployed and configured successfully." - "It can be accessed at: https://argocd.apps.{{ cluster_name }}.{{ cluster_region }}.container.mom" - "Authentication is configured through OpenShift OAuth."