update secret manager example

Signed-off-by: Carlos Santana <csantana23@gmail.com>

Author: csantanapr

argocd/iac/terraform/examples/eks/aws-secrets-manager/README.md

@@ -9,11 +9,16 @@ terraform init
 terraform apply
 ```
 
-Access Terraform output to configure `kubectl` and `argocd`
+Access Terraform output to configure `kubectl` and `argocd` (it includes argocd password)
 ```shell
 terraform output
 ```
 
+To get the argocd `admin` password stored in AWS Secret Manager
+```shell
+aws secretsmanager get-secret-value --secret-id argocd --output json | jq -r .SecretString
+```
+
 Destroy EKS Cluster
 ```shell
 cd hub

argocd/iac/terraform/examples/eks/aws-secrets-manager/bootstrap/addons.yaml

@@ -1,19 +1,33 @@
+---
 apiVersion: argoproj.io/v1alpha1
-kind: Application
+kind: ApplicationSet
 metadata:
   name: bootstrap-addons
-  namespace: 'argocd'
+  namespace: argocd
 spec:
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: 'argocd'
-  project: default
-  source:
-    path: ${path}
-    repoURL: ${repoURL}
-    targetRevision: ${targetRevision}
-    directory:
-      recurse: true
-      exclude: exclude/*
   syncPolicy:
-    automated: {}
+    preserveResourcesOnDeletion: true
+  generators:
+    - clusters:
+        selector:
+          matchExpressions:
+            - key: akuity.io/argo-cd-cluster-name
+              operator: NotIn
+              values: [in-cluster]
+  template:
+    metadata:
+      name: 'bootstrap-addons'
+    spec:
+      project: default
+      source:
+        repoURL: '{{metadata.annotations.addons_repo_url}}'
+        path: '{{metadata.annotations.addons_repo_basepath}}{{metadata.annotations.addons_repo_path}}'
+        targetRevision: '{{metadata.annotations.addons_repo_revision}}'
+        directory:
+          recurse: true
+          exclude: exclude/*
+      destination:
+        namespace: 'argocd'
+        name: '{{name}}'
+      syncPolicy:
+        automated: {}

argocd/iac/terraform/examples/eks/aws-secrets-manager/main.tf

@@ -45,13 +45,15 @@ provider "kubernetes" {
 }
 
 locals {
-  name            = "ex-${replace(basename(path.cwd), "_", "-")}"
-  environment     = "dev"
-  region          = "us-west-2"
-  cluster_version = "1.27"
-  gitops_url      = var.gitops_url
-  gitops_revision = var.gitops_revision
-  gitops_path     = var.gitops_path
+  name                   = "ex-${replace(basename(path.cwd), "_", "-")}"
+  environment            = "dev"
+  region                 = "us-west-2"
+  cluster_version        = "1.27"
+  gitops_addons_url      = "${var.gitops_addons_org}/${var.gitops_addons_repo}"
+  gitops_addons_basepath = var.gitops_addons_basepath
+  gitops_addons_path     = var.gitops_addons_path
+  gitops_addons_revision = var.gitops_addons_revision
+
 
   aws_addons = {
     enable_cert_manager = true
@@ -98,17 +100,15 @@ locals {
       aws_vpc_id       = module.vpc.vpc_id
     },
     {
-      gitops_bridge_repo_url      = local.gitops_url
-      gitops_bridge_repo_revision = local.gitops_revision
+      addons_repo_url      = local.gitops_addons_url
+      addons_repo_basepath = local.gitops_addons_basepath
+      addons_repo_path     = local.gitops_addons_path
+      addons_repo_revision = local.gitops_addons_revision
     }
   )
 
   argocd_bootstrap_app_of_apps = {
-    addons = templatefile("${path.module}/bootstrap/addons.yaml", {
-      repoURL        = local.gitops_url
-      targetRevision = local.gitops_revision
-      path           = local.gitops_path
-    })
+    addons    = file("${path.module}/bootstrap/addons.yaml")
     workloads = file("${path.module}/bootstrap/workloads.yaml")
   }
 

argocd/iac/terraform/examples/eks/aws-secrets-manager/outputs.tf

@@ -13,9 +13,9 @@ output "configure_argocd" {
     aws eks --region ${local.region} update-kubeconfig --name ${module.eks.cluster_name}
     export ARGOCD_OPTS="--port-forward --port-forward-namespace argocd --grpc-web"
     kubectl config set-context --current --namespace argocd
-    argocd login --port-forward --username admin --password $(argocd admin initial-password | head -1)
+    argocd login --port-forward --username admin --password $(aws secretsmanager get-secret-value --secret-id argocd --output json | jq -r .SecretString)
     echo "ArgoCD Username: admin"
-    echo "ArgoCD Password: $(kubectl get secrets argocd-initial-admin-secret -n argocd --template="{{index .data.password | base64decode}}")"
+    echo "ArgoCD Password: $(aws secretsmanager get-secret-value --secret-id argocd --output json | jq -r .SecretString)"
     echo Port Forward: http://localhost:8080
     kubectl port-forward -n argocd svc/argo-cd-argocd-server 8080:80
     EOT

argocd/iac/terraform/examples/eks/aws-secrets-manager/variables.tf

@@ -1,12 +1,20 @@
-variable "gitops_url" {
+variable "gitops_addons_org" {
+  description = "Git repository org/user contains for addons"
+  default     = "https://github.com/gitops-bridge-dev"
+}
+variable "gitops_addons_repo" {
   description = "Git repository contains for addons"
-  default     = "https://github.com/gitops-bridge-dev/gitops-bridge-argocd-control-plane-template"
+  default     = "gitops-bridge-argocd-control-plane-template"
 }
-variable "gitops_revision" {
-  description = "Git repository revision/branch/ref for addons"
-  default     = "HEAD"
+variable "gitops_addons_basepath" {
+  description = "Git repository base path for addons"
+  default     = ""
 }
-variable "gitops_path" {
+variable "gitops_addons_path" {
   description = "Git repository path for addons"
   default     = "bootstrap/control-plane/addons"
 }
+variable "gitops_addons_revision" {
+  description = "Git repository revision/branch/ref for addons"
+  default     = "HEAD"
+}