From 1d8528b31260c1d044c504893aae9dabcb28169c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lauri=20V=C3=B5sandi?= <lauri.vosandi@gmail.com>
Date: Tue, 27 Aug 2024 12:41:04 +0300
Subject: [PATCH] argocd: Move to DragonflyDB and add resource customizations

---
 argocd/redis.yaml  | 50 ++++++++++++++++++++++++++++++++++++++++++++++
 argocd/values.yaml | 32 ++++++++++++++---------------
 2 files changed, 66 insertions(+), 16 deletions(-)
 create mode 100644 argocd/redis.yaml

diff --git a/argocd/redis.yaml b/argocd/redis.yaml
new file mode 100644
index 0000000..075c308
--- /dev/null
+++ b/argocd/redis.yaml
@@ -0,0 +1,50 @@
+---
+apiVersion: codemowers.cloud/v1beta1
+kind: SecretClaim
+metadata:
+  name: argocd-redis
+  namespace: argocd
+spec:
+  size: 32
+  mapping:
+    - key: redis-password
+      value: "%(plaintext)s"
+    - key: REDIS_URI
+      value: "redis://:%(plaintext)s@argocd-redis"
+---
+apiVersion: dragonflydb.io/v1alpha1
+kind: Dragonfly
+metadata:
+  name: argocd-redis
+  namespace: argocd
+spec:
+  authentication:
+    passwordFromSecret:
+      key: redis-password
+      name: argocd-redis
+  replicas: 3
+  resources:
+    limits:
+      cpu: 1000m
+      memory: 1Gi
+  topologySpreadConstraints:
+    - maxSkew: 1
+      topologyKey: topology.kubernetes.io/zone
+      whenUnsatisfiable: DoNotSchedule
+      labelSelector:
+        matchLabels:
+          app: argocd-redis
+          app.kubernetes.io/part-of: dragonfly
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: argocd-redis
+  namespace: argocd
+spec:
+  selector:
+    matchLabels:
+      app: argocd-redis
+      app.kubernetes.io/part-of: dragonfly
+  podMetricsEndpoints:
+    - port: admin
diff --git a/argocd/values.yaml b/argocd/values.yaml
index 9b632e3..eafa19d 100644
--- a/argocd/values.yaml
+++ b/argocd/values.yaml
@@ -5,9 +5,13 @@ global:
 dex:
   enabled: false
 
-# Maybe one day switch to Redis HA?
+redis:
+  enabled: false
 redis-ha:
   enabled: false
+externalRedis:
+  host: argocd-redis
+  existingSecret: argocd-redis
 
 server:
   # HTTPS is implemented by Traefik
@@ -23,20 +27,6 @@ server:
      - hosts:
        - "*.k-space.ee"
 
-  configfucked:
-    resource.customizations: |
-      # https://github.com/argoproj/argo-cd/issues/1704
-      networking.k8s.io/Ingress:
-          health.lua: |
-            hs = {}
-            hs.status = "Healthy"
-            return hs
-      apiextensions.k8s.io/CustomResourceDefinition:
-          ignoreDifferences: |
-            jsonPointers:
-              - "x-kubernetes-validations"
-
-
   metrics:
     enabled: true
 
@@ -81,7 +71,17 @@ configs:
       p, role:developers, applications, update, default/camtiler, allow
   cm:
     admin.enabled: "false"
-
+    resource.customizations: |
+      # https://github.com/argoproj/argo-cd/issues/1704
+      networking.k8s.io/Ingress:
+          health.lua: |
+            hs = {}
+            hs.status = "Healthy"
+            return hs
+      apiextensions.k8s.io/CustomResourceDefinition:
+          ignoreDifferences: |
+            jsonPointers:
+              - "x-kubernetes-validations"
     oidc.config: |
        name: OpenID Connect
        issuer: https://auth.k-space.ee/