feat: support for multiple Argo CD service types (cloudposse/terraform-aws-components#1020)

Co-authored-by: Andriy Knysh <[email protected]>

Author: RoseSecurity

src/README.md

@@ -580,6 +580,7 @@ Reference: https://stackoverflow.com/questions/75046330/argo-cd-error-server-sec
 | <a name="input_saml_enabled"></a> [saml\_enabled](#input\_saml\_enabled) | Toggles SAML integration in the deployed chart | `bool` | `false` | no |
 | <a name="input_saml_rbac_scopes"></a> [saml\_rbac\_scopes](#input\_saml\_rbac\_scopes) | SAML RBAC scopes to request | `string` | `"[email,groups]"` | no |
 | <a name="input_saml_sso_providers"></a> [saml\_sso\_providers](#input\_saml\_sso\_providers) | SAML SSO providers components | <pre>map(object({<br>    component   = string<br>    environment = optional(string, null)<br>  }))</pre> | `{}` | no |
+| <a name="input_service_type"></a> [service\_type](#input\_service\_type) | Service type for exposing the ArgoCD service. The available type values and their behaviors are:<br>  ClusterIP: Exposes the Service on a cluster-internal IP. Choosing this value makes the Service only reachable from within the cluster.<br>  NodePort: Exposes the Service on each Node's IP at a static port (the NodePort).<br>  LoadBalancer: Exposes the Service externally using a cloud provider's load balancer. | `string` | `"NodePort"` | no |
 | <a name="input_slack_notifications"></a> [slack\_notifications](#input\_slack\_notifications) | ArgoCD Slack notification configuration. Requires Slack Bot created with token stored at the given SSM Parameter path.<br><br>See: https://argocd-notifications.readthedocs.io/en/stable/services/slack/ | <pre>object({<br>    token_ssm_path = optional(string, "/argocd/notifications/notifiers/slack/token")<br>    api_url        = optional(string, null)<br>    username       = optional(string, "ArgoCD")<br>    icon           = optional(string, null)<br>  })</pre> | `{}` | no |
 | <a name="input_slack_notifications_enabled"></a> [slack\_notifications\_enabled](#input\_slack\_notifications\_enabled) | Whether or not to enable Slack notifications. See `var.slack_notifications.` | `bool` | `false` | no |
 | <a name="input_ssm_github_api_key"></a> [ssm\_github\_api\_key](#input\_ssm\_github\_api\_key) | SSM path to the GitHub API key | `string` | `"/argocd/github/api_key"` | no |

src/main.tf

@@ -162,6 +162,7 @@ module "argocd" {
         oidc_rbac_scopes    = var.oidc_rbac_scopes
         saml_enabled        = local.saml_enabled
         saml_rbac_scopes    = var.saml_rbac_scopes
+        service_type        = var.service_type
         rbac_default_policy = var.argocd_rbac_default_policy
         rbac_policies       = var.argocd_rbac_policies
         rbac_groups         = var.argocd_rbac_groups

src/resources/argocd-values.yaml.tpl

@@ -66,7 +66,7 @@ server:
     https: false
 
   service:
-    type: NodePort
+    type: ${service_type}
 
   secret:
     create: true

src/variables-argocd.tf

@@ -143,6 +143,17 @@ variable "saml_rbac_scopes" {
   default     = "[email,groups]"
 }
 
+variable "service_type" {
+  type        = string
+  default     = "NodePort"
+  description = <<-EOT
+  Service type for exposing the ArgoCD service. The available type values and their behaviors are:
+    ClusterIP: Exposes the Service on a cluster-internal IP. Choosing this value makes the Service only reachable from within the cluster.
+    NodePort: Exposes the Service on each Node's IP at a static port (the NodePort).
+    LoadBalancer: Exposes the Service externally using a cloud provider's load balancer.
+  EOT
+}
+
 variable "argocd_rbac_policies" {
   type        = list(string)
   default     = []