kubespray/roles/kubernetes-apps/argocd/tasks/main.yml

---
- name: Kubernetes Apps | Download yq
  include_tasks: "../../../download/tasks/download_file.yml"
  vars:
    download: "{{ download_defaults | combine(downloads.yq) }}"

- name: Kubernetes Apps | Copy yq binary from download dir
  ansible.posix.synchronize:
    src: "{{ downloads.yq.dest }}"
    dest: "{{ bin_dir }}/yq"
    compress: no
    perms: yes
    owner: no
    group: no
  delegate_to: "{{ inventory_hostname }}"

- name: Kubernetes Apps | Set ArgoCD template list
  set_fact:
    argocd_templates:
      - name: namespace
        file: argocd-namespace.yml
      - name: install
        file: argocd-install.yml
        namespace: "{{ argocd_namespace }}"
        url: "{{ argocd_install_url }}"
  when:
    - "inventory_hostname == groups['kube_control_plane'][0]"

- name: Kubernetes Apps | Download ArgoCD remote manifests
  include_tasks: "../../../download/tasks/download_file.yml"
  vars:
    download_argocd:
      enabled: "{{ argocd_enabled }}"
      file: true
      dest: "{{ local_release_dir }}/{{ item.file }}"
      url: "{{ item.url }}"
      unarchive: false
      owner: "root"
      mode: 0644
      sha256: ""
    download: "{{ download_defaults | combine(download_argocd) }}"
  with_items: "{{ argocd_templates | selectattr('url', 'defined') | list }}"
  loop_control:
    label: "{{ item.file }}"
  when:
    - "inventory_hostname == groups['kube_control_plane'][0]"

- name: Kubernetes Apps | Copy ArgoCD remote manifests from download dir
  ansible.posix.synchronize:
    src: "{{ local_release_dir }}/{{ item.file }}"
    dest: "{{ kube_config_dir }}/{{ item.file }}"
    compress: no
    perms: yes
    owner: no
    group: no
  delegate_to: "{{ inventory_hostname }}"
  with_items: "{{ argocd_templates | selectattr('url', 'defined') | list }}"
  when:
    - "inventory_hostname == groups['kube_control_plane'][0]"

- name: Kubernetes Apps | Set ArgoCD namespace for remote manifests
  become: yes
  command: |
    {{ bin_dir }}/yq eval-all -i '.metadata.namespace="{{ argocd_namespace }}"' {{ kube_config_dir }}/{{ item.file }}
  with_items: "{{ argocd_templates | selectattr('url', 'defined') | list }}"
  loop_control:
    label: "{{ item.file }}"
  when:
    - "inventory_hostname == groups['kube_control_plane'][0]"

- name: Kubernetes Apps | Create ArgoCD manifests from templates
  become: yes
  template:
    src: "{{ item.file }}.j2"
    dest: "{{ kube_config_dir }}/{{ item.file }}"
    mode: 0644
  with_items: "{{ argocd_templates | selectattr('url', 'undefined') | list }}"
  loop_control:
    label: "{{ item.file }}"
  when:
    - "inventory_hostname == groups['kube_control_plane'][0]"

- name: Kubernetes Apps | Install ArgoCD
  become: yes
  kube:
    name: ArgoCD
    kubectl: "{{ bin_dir }}/kubectl"
    filename: "{{ kube_config_dir }}/{{ item.file }}"
    state: latest
  with_items: "{{ argocd_templates }}"
  when:
    - "inventory_hostname == groups['kube_control_plane'][0]"

# https://github.com/argoproj/argo-cd/blob/master/docs/faq.md#i-forgot-the-admin-password-how-do-i-reset-it
- name: Kubernetes Apps | Set ArgoCD custom admin password
  become: yes
  shell: |
    {{ bin_dir }}/kubectl --kubeconfig /etc/kubernetes/admin.conf -n {{ argocd_namespace }} patch secret argocd-secret -p \
      '{
        "stringData": {
          "admin.password": "{{ argocd_admin_password | password_hash('bcrypt') }}",
          "admin.passwordMtime": "'$(date +%FT%T%Z)'"
        }
      }'
  when:
    - argocd_admin_password is defined
    - "inventory_hostname == groups['kube_control_plane'][0]"