Add Argo Workflows

2024-05-08 21:42:08 +02:00 · 2024-05-08 21:42:08 +02:00 · 7831696834
commit 7831696834
parent fd0a7e2cee
3 changed files with 61 additions and 0 deletions
--- a/kubenix-modules/all.nix
+++ b/kubenix-modules/all.nix
@ -26,5 +26,6 @@
    ./traefik.nix
    ./blog.nix
    ./atticd.nix
+    ./argo.nix
  ];
 }
--- a/kubenix-modules/argo.nix
+++ b/kubenix-modules/argo.nix
@ -0,0 +1,55 @@
+{
+  kubernetes.resources = {
+    ingresses.argo-workflows = {
+      metadata.annotations = {
+        "cert-manager.io/cluster-issuer" = "letsencrypt";
+        "traefik.ingress.kubernetes.io/router.entrypoints" = "localsecure";
+      };
+
+      spec = {
+        ingressClassName = "traefik";
+
+        rules = [{
+          host = "workflows.kun.is";
+
+          http.paths = [{
+            path = "/";
+            pathType = "Prefix";
+
+            backend.service = {
+              name = "argo-workflows-server";
+              port.number = 2746;
+            };
+          }];
+        }];
+
+        tls = [{
+          secretName = "argo-workflows-tls";
+          hosts = [ "workflows.kun.is" ];
+        }];
+      };
+    };
+
+    clusterRoles.argo-admin.rules = [{
+      apiGroups = [ "argoproj.io" ];
+      verbs = [ "*" ];
+      resources = [ "*" ];
+    }];
+
+    serviceAccounts.argo-admin = { };
+
+    clusterRoleBindings.argo-admin = {
+      subjects = [{
+        kind = "ServiceAccount";
+        name = "argo-admin";
+        namespace = "default";
+      }];
+
+      roleRef = {
+        kind = "ClusterRole";
+        name = "argo-admin";
+        apiGroup = "rbac.authorization.k8s.io";
+      };
+    };
+  };
+}
--- a/kubenix-modules/base.nix
+++ b/kubenix-modules/base.nix
@ -35,6 +35,11 @@
          chart = nixhelm.chartsDerivations.${system}.jetstack.cert-manager;
          includeCRDs = false;
        };
+
+        argo-workflows = {
+          chart = nixhelm.chartsDerivations.${system}.argoproj.argo-workflows;
+          includeCRDs = true;
+        };
      };
    };
  };