Add Argo Workflows

2024-12-14 11:37:37 +00:00 · 2023-11-23 15:37:18 -08:00 · 2023-11-23 15:37:18 -08:00 · 94615ae400
commit 94615ae400
parent a4d0c01066
5 changed files with 73 additions and 6 deletions
--- a/charts/argo/workflows/default.nix
+++ b/charts/argo/workflows/default.nix
@ -0,0 +1,6 @@
+{
+  repo = "https://argoproj.github.io/argo-helm";
+  chart = "argo-workflows";
+  version = "0.39.3";
+  chartHash = "sha256-Br26UWBbmG+Pws+CWzEiva1R7WUo9tXEiPj/e9kGA00=";
+}
--- a/lib/eureka/default.nix
+++ b/lib/eureka/default.nix
@ -21,8 +21,9 @@
    };
  };
 in {
-  resources = import ./resources.nix {inherit vars;};
  inherit vars;
+  resources = import ./resources.nix {inherit vars;};
+  goorzhelCA = builtins.readFile ./goorzhel-ca.crt;

  appTemplate = {
    namespace,
--- a/lib/eureka/goorzhel-ca.crt
+++ b/lib/eureka/goorzhel-ca.crt
@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWjCCAkKgAwIBAgIURf9A6WTFAb/D5dZ5cO/NkXntSY0wDQYJKoZIhvcNAQEL
+BQAwGzEZMBcGA1UEAwwQR29vcnpoZWwgUm9vdCBDQTAeFw0yMjEyMDgwNzA1Mjha
+Fw0zMjEyMDUwNzA1MjhaMBsxGTAXBgNVBAMMEEdvb3J6aGVsIFJvb3QgQ0EwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNjr4dk8rYrpMk0BF7xryMdAI4
+5rulXeAle8w6+rWfRcXSMRNEaxDs4tvtiTsl6gSNnnJ5CiJyaZLE530hrLg0FlFb
+zK+oueYV3NZfSYi6OA9VcKWF85PXYmsziJNiFVqsdWUnW+Gid0WN+Z0AsP1dy4iP
+V4U++XhYImIJEJe8d5SyCbfJGKbG6VnlT0NybSFO/YnHRwnxwczpnS8Sah+bNX4h
+ktRJi2xQLGBPdW7J9xkDwwOhUiMHZqVvyf/M7ha1DjzRoHVAloujHtTez7EGVmW8
+QrRXHCVNOhcJ9ebbqT+X+5+ROiKIRvxd7l8PNH+tOXZp00TyYYeSSQKH3wzFAgMB
+AAGjgZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUBcoGv7fPEHe1J0zeD/3W
+PtK5imUwVgYDVR0jBE8wTYAUBcoGv7fPEHe1J0zeD/3WPtK5imWhH6QdMBsxGTAX
+BgNVBAMMEEdvb3J6aGVsIFJvb3QgQ0GCFEX/QOlkxQG/w+XWeXDvzZF57UmNMAsG
+A1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAINL+3PxtRm8k9s0h7cWJpbdt
+SjtsHuqewVVs3uN6s0AjYpURAb7JHNiQZtIzS7KMR/0iM5TYmNYeCrv2lB3Pnr5J
+qwC4sgAc0NIaQg/WROYn91szZz2pGPBAr035GLTgRPTbOclkRoF006wrsIuee7zt
+l3xU0o1Uq1eQvlcncwOhzGHxRCEMDGMJIQcWWgdF7uEbDsSq8oEw4FhLG4RGdOD5
+ME664naDuXma0wekPN0whCgvC5iPwEd5Qng3EK7w79uJ07t6A7T0uPoq8kWHxXSa
+/+1VjA89oqlq1uIG1191YdBUVX/d6JIjm7plT6OBq5CmB3koLohzdtuzbU63CA==
+-----END CERTIFICATE-----
--- a/lib/eureka/resources.nix
+++ b/lib/eureka/resources.nix
@ -17,13 +17,10 @@
    };
  };

-  svcHTTPRoute = {
-    name,
-    backendName,
-    backendPort,
-  }: {
+  mkSvcHTTPRoute = name: backendName: backendPort: {
    apiVersion = "gateway.networking.k8s.io/v1beta1";
    kind = "HTTPRoute";
+    metadata.name = name;
    spec = {
      parentRefs = vars.svcGateway.parentRef 443;
      hostnames = ["${name}.${vars.svcGateway.domainName}"];
--- a/system/argo/workflows/default.nix
+++ b/system/argo/workflows/default.nix
@ -0,0 +1,43 @@
+{
+  charts,
+  lib,
+  ...
+}: {
+  builder = lib.builders.helmChart;
+  args = {
+    chart = charts.argo.workflows;
+    values = {
+      server = {
+        extraArgs = ["--auth-mode" "server" "--auth-mode" "client"];
+        secure = false; # I have Istio and an HTTPS gateway
+      };
+      controller = {
+        metricsConfig.enabled = true;
+        workflowNamespaces = ["argo"];
+        volumeMounts = [
+          {
+            name = "goorzhel-ca";
+            mountPath = "/etc/ssl/certs/goorzhel.crt";
+            subPath = "cert";
+          }
+        ];
+        volumes = [
+          {
+            name = "goorzhel-ca";
+            configMap.name = "goorzhel-ca";
+          }
+        ];
+      };
+    };
+  };
+
+  extraObjects = [
+    {
+      apiVersion = "v1";
+      kind = "ConfigMap";
+      metadata.name = "goorzhel-ca";
+      data.cert = lib.eureka.goorzhelCA;
+    }
+    (lib.eureka.resources.mkSvcHTTPRoute "argo" "argo-server" 2746)
+  ];
+}