From d82694bd68a54c26ede3e7e76357f39b02359b0a Mon Sep 17 00:00:00 2001 From: Kory Date: Mon, 18 Sep 2023 11:36:03 +0900 Subject: [PATCH] =?UTF-8?q?feat:=20ApplicationSet=20controller=20=E3=81=AE?= =?UTF-8?q?=20rate=20limit=20=E5=9B=9E=E9=81=BF=E3=81=AE=E3=81=9F=E3=82=81?= =?UTF-8?q?=E3=81=AB=20GitHub=20App=20=E3=82=92=E4=BD=BF=E3=81=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...-debug-minecrafts-on-seichiassist-prs.yaml | 1 + terraform/main.tf | 20 ++++++++++++++++ terraform/onp_cluster_secrets.tf | 24 +++++++++++++++++++ 3 files changed, 45 insertions(+) diff --git a/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/app-of-other-apps/seichi-debug-minecrafts-on-seichiassist-prs.yaml b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/app-of-other-apps/seichi-debug-minecrafts-on-seichiassist-prs.yaml index 6863f7652..ed30c596d 100644 --- a/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/app-of-other-apps/seichi-debug-minecrafts-on-seichiassist-prs.yaml +++ b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/app-of-other-apps/seichi-debug-minecrafts-on-seichiassist-prs.yaml @@ -11,6 +11,7 @@ spec: repo: SeichiAssist labels: - ready-for-review + appSecretName: argocd-applicationset-controller-github-app-secret requeueAfterSeconds: 120 template: metadata: diff --git a/terraform/main.tf b/terraform/main.tf index b6f613e91..7e0672c82 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -162,6 +162,26 @@ variable "onp_k8s_argocd_github_oauth_app_secret" { sensitive = true } +variable "onp_k8s_argocd_applicationset_controller_github_app_id" { + description = "App ID of the GitHub App used to avoid GitHub rate limit on the ApplicationSet Controller" + type = string + sensitive = true +} + +# Found at +# https://github.com/organizations/GiganticMinecraft/settings/installations/:installation_id +variable "onp_k8s_argocd_applicationset_controller_github_app_installation_id" { + description = "Client installation ID of the GitHub App used to avoid GitHub rate limit on the ApplicationSet Controller" + type = string + sensitive = true +} + +variable "onp_k8s_argocd_applicationset_controller_github_app_pem" { + description = "Client private key of the GitHub App used to avoid GitHub rate limit on the ApplicationSet Controller" + type = string + sensitive = true +} + #endregion #region on-premise Grafana to GitHub integration diff --git a/terraform/onp_cluster_secrets.tf b/terraform/onp_cluster_secrets.tf index 41c9499f6..d4d55be20 100644 --- a/terraform/onp_cluster_secrets.tf +++ b/terraform/onp_cluster_secrets.tf @@ -18,6 +18,30 @@ resource "kubernetes_secret" "onp_argocd_github_oauth_app_secret" { type = "Opaque" } +resource "kubernetes_secret" "onp_argocd_applicationset_controller_github_app_secret" { + depends_on = [kubernetes_namespace.onp_argocd] + + metadata { + name = "argocd-applicationset-controller-github-app-secret" + namespace = "argocd" + labels = { + # seichi_infra 向けのアクセストークンであると決め打ちする 必要に応じて repo-creds にするなどすると良い + # repo-creds の詳細: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repository-credentials + "argocd.argoproj.io/secret-type" = "repository" + } + } + + data = { + type = "git" + url = "https://github.com/GiganticMinecraft/seichi_infra" + githubAppID = var.onp_k8s_argocd_applicationset_controller_github_app_id + githubAppInstallationID = var.onp_k8s_argocd_applicationset_controller_github_app_installation_id + githubAppPrivateKey = var.onp_k8s_argocd_applicationset_controller_github_app_pem + } + + type = "Opaque" +} + resource "kubernetes_secret" "onp_grafana_github_oauth_app_secret" { depends_on = [kubernetes_namespace.onp_monitoring]