feat(infrastructure): add cloudflare, argocd

tofu/modules/argocd/argocd-ui.yaml

@@ -0,0 +1,14 @@
+apiVersion: networking.cfargotunnel.com/v1alpha1
+kind: TunnelBinding
+metadata:
+  name: argocd-tunnel-binding
+  namespace: argocd
+subjects:
+  - name: argocd-server
+    spec:
+      target: https://argocd-server.argocd.svc.cluster.local
+      fqdn: argocd.${base_domain}
+      noTlsVerify: true
+tunnelRef:
+  kind: ClusterTunnel
+  name: cluster-tunnel

tofu/modules/argocd/main.tf

@@ -0,0 +1,43 @@
+terraform {
+  required_providers {
+    kubectl = {
+      source  = "gavinbunney/kubectl"
+      version = "1.19.0"
+    }
+    helm = {
+      source  = "hashicorp/helm"
+      version = "3.0.2"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "2.38.0"
+    }
+  }
+}
+
+resource "kubernetes_namespace" "argocd" {
+  metadata {
+    name = "argocd"
+  }
+}
+
+resource "helm_release" "argocd" {
+  name       = "argocd"
+  namespace  = "argocd"
+  repository = "https://argoproj.github.io/argo-helm"
+  chart      = "argo-cd"
+  depends_on = [kubernetes_namespace.argocd]
+
+  set = [
+    { name = "configs.secret.argocdServerAdminPassword", value = bcrypt(var.argocd_admin_password) },
+  ]
+}
+
+resource "kubectl_manifest" "argocd-tunnel-bind" {
+  depends_on = [helm_release.argocd]
+
+  yaml_body = templatefile("${path.module}/argocd-ui.yaml", {
+    base_domain = var.cloudflare_domain
+  })
+}
+

tofu/modules/argocd/variables.tf

@@ -0,0 +1,12 @@
+variable "argocd_admin_password" {
+  type = string
+  nullable = false
+  sensitive = true
+  description = "ArgoCD admin password"
+}
+
+variable "cloudflare_domain" {
+  type = string
+  default = "Base cloudflare domain, e.g. example.com"
+  nullable = false
+}