Skip to content

Commit

Permalink
feat: ApplicationSet controller の rate limit 回避のために GitHub App を使う
Browse files Browse the repository at this point in the history
  • Loading branch information
kory33 committed Sep 18, 2023
1 parent 771cda8 commit d82694b
Show file tree
Hide file tree
Showing 3 changed files with 45 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ spec:
repo: SeichiAssist
labels:
- ready-for-review
appSecretName: argocd-applicationset-controller-github-app-secret
requeueAfterSeconds: 120
template:
metadata:
Expand Down
20 changes: 20 additions & 0 deletions terraform/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -162,6 +162,26 @@ variable "onp_k8s_argocd_github_oauth_app_secret" {
sensitive = true
}

variable "onp_k8s_argocd_applicationset_controller_github_app_id" {
description = "App ID of the GitHub App used to avoid GitHub rate limit on the ApplicationSet Controller"
type = string
sensitive = true
}

# Found at
# https://github.com/organizations/GiganticMinecraft/settings/installations/:installation_id
variable "onp_k8s_argocd_applicationset_controller_github_app_installation_id" {
description = "Client installation ID of the GitHub App used to avoid GitHub rate limit on the ApplicationSet Controller"
type = string
sensitive = true
}

variable "onp_k8s_argocd_applicationset_controller_github_app_pem" {
description = "Client private key of the GitHub App used to avoid GitHub rate limit on the ApplicationSet Controller"
type = string
sensitive = true
}

#endregion

#region on-premise Grafana to GitHub integration
Expand Down
24 changes: 24 additions & 0 deletions terraform/onp_cluster_secrets.tf
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,30 @@ resource "kubernetes_secret" "onp_argocd_github_oauth_app_secret" {
type = "Opaque"
}

resource "kubernetes_secret" "onp_argocd_applicationset_controller_github_app_secret" {
depends_on = [kubernetes_namespace.onp_argocd]

metadata {
name = "argocd-applicationset-controller-github-app-secret"
namespace = "argocd"
labels = {
# seichi_infra 向けのアクセストークンであると決め打ちする 必要に応じて repo-creds にするなどすると良い
# repo-creds の詳細: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repository-credentials
"argocd.argoproj.io/secret-type" = "repository"
}
}

data = {
type = "git"
url = "https://github.com/GiganticMinecraft/seichi_infra"
githubAppID = var.onp_k8s_argocd_applicationset_controller_github_app_id
githubAppInstallationID = var.onp_k8s_argocd_applicationset_controller_github_app_installation_id
githubAppPrivateKey = var.onp_k8s_argocd_applicationset_controller_github_app_pem
}

type = "Opaque"
}

resource "kubernetes_secret" "onp_grafana_github_oauth_app_secret" {
depends_on = [kubernetes_namespace.onp_monitoring]

Expand Down

0 comments on commit d82694b

Please sign in to comment.