diff --git a/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/app-of-other-apps/seichi-debug-minecrafts-on-seichiassist-prs.yaml b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/app-of-other-apps/seichi-debug-minecrafts-on-seichiassist-prs.yaml index 6863f7652..ed30c596d 100644 --- a/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/app-of-other-apps/seichi-debug-minecrafts-on-seichiassist-prs.yaml +++ b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/app-of-other-apps/seichi-debug-minecrafts-on-seichiassist-prs.yaml @@ -11,6 +11,7 @@ spec: repo: SeichiAssist labels: - ready-for-review + appSecretName: argocd-applicationset-controller-github-app-secret requeueAfterSeconds: 120 template: metadata: diff --git a/terraform/main.tf b/terraform/main.tf index b6f613e91..7e0672c82 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -162,6 +162,26 @@ variable "onp_k8s_argocd_github_oauth_app_secret" { sensitive = true } +variable "onp_k8s_argocd_applicationset_controller_github_app_id" { + description = "App ID of the GitHub App used to avoid GitHub rate limit on the ApplicationSet Controller" + type = string + sensitive = true +} + +# Found at +# https://github.com/organizations/GiganticMinecraft/settings/installations/:installation_id +variable "onp_k8s_argocd_applicationset_controller_github_app_installation_id" { + description = "Client installation ID of the GitHub App used to avoid GitHub rate limit on the ApplicationSet Controller" + type = string + sensitive = true +} + +variable "onp_k8s_argocd_applicationset_controller_github_app_pem" { + description = "Client private key of the GitHub App used to avoid GitHub rate limit on the ApplicationSet Controller" + type = string + sensitive = true +} + #endregion #region on-premise Grafana to GitHub integration diff --git a/terraform/onp_cluster_secrets.tf b/terraform/onp_cluster_secrets.tf index 41c9499f6..d4d55be20 100644 --- a/terraform/onp_cluster_secrets.tf +++ b/terraform/onp_cluster_secrets.tf @@ -18,6 +18,30 @@ resource "kubernetes_secret" "onp_argocd_github_oauth_app_secret" { type = "Opaque" } +resource "kubernetes_secret" "onp_argocd_applicationset_controller_github_app_secret" { + depends_on = [kubernetes_namespace.onp_argocd] + + metadata { + name = "argocd-applicationset-controller-github-app-secret" + namespace = "argocd" + labels = { + # seichi_infra 向けのアクセストークンであると決め打ちする 必要に応じて repo-creds にするなどすると良い + # repo-creds の詳細: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repository-credentials + "argocd.argoproj.io/secret-type" = "repository" + } + } + + data = { + type = "git" + url = "https://github.com/GiganticMinecraft/seichi_infra" + githubAppID = var.onp_k8s_argocd_applicationset_controller_github_app_id + githubAppInstallationID = var.onp_k8s_argocd_applicationset_controller_github_app_installation_id + githubAppPrivateKey = var.onp_k8s_argocd_applicationset_controller_github_app_pem + } + + type = "Opaque" +} + resource "kubernetes_secret" "onp_grafana_github_oauth_app_secret" { depends_on = [kubernetes_namespace.onp_monitoring]