Refactor ArgoCD and monitoring setup: update kubeconfig, delete monitoring stack, and enhance Helm chart configurations; add secrets management for MongoDB

karimzakzouk · karimzakzouk · commit 699a3f031075 · 2025-08-24T01:14:37.000+03:00
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -81,7 +81,12 @@ jobs:
           git add helm/values.yaml
           git commit -m "Update image tag to ${{ inputs.image-tag || github.sha }}" || exit 0
           git push https://${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.git
-
+      
+      - name: Deploy ArgoCD Applications
+        if: ${{ inputs.terraform-action == 'apply' || inputs.terraform-action == '' }}
+        run: |
+          kubectl apply -f ./argocd/application.yml
+          
       - name: Get Application URL
         run: |
           echo "Application URL: http://$(kubectl get svc solar-system-svc -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')"
diff --git a/.github/workflows/destroy.yml b/.github/workflows/destroy.yml
@@ -24,14 +24,18 @@ jobs:
         with:
           terraform_version: 1.5.7
 
-      - name: Delete LoadBalancer Services
+      - name: Update kubeconfig
+        run: aws eks update-kubeconfig --name otel-cluster --region us-east-1
+
+      - name: Delete Monitoring Stack
         run: |
-          aws eks update-kubeconfig --name otel-cluster --region us-east-1 || true
+          kubectl delete application kube-prometheus-stack -n argocd || true
+          kubectl delete namespace monitoring || true
 
+      - name: Uninstall ArgoCD
+        run: |
           helm uninstall argocd -n argocd || true
-
-          kubectl delete svc argocd-server -n argocd || true
-          kubectl delete svc solar-system-svc -n default || true
+          kubectl delete namespace argocd || true
 
       - name: Terraform Init
         run: terraform init
diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
@@ -76,11 +76,13 @@ jobs:
         run: |
           kubectl create namespace monitoring --dry-run=client -o yaml | kubectl apply -f -
           kubectl create secret generic grafana-admin-secret \
+            --from-literal=admin-user=admin \
             --from-literal=admin-password='${{ secrets.GRAFANA_ADMIN_PASSWORD }}' \
             --namespace monitoring \
             --dry-run=client -o yaml | kubectl apply -f -
 
       - name: Deploy Monitoring
         if: ${{ inputs.terraform-action == 'apply' || inputs.terraform-action == '' }}
         run: |
-          kubectl apply -f ./argocd/monitoring-stack.yaml
+          kubectl apply -f ./argocd/monitoring.yml
+
diff --git a/argocd/application.yml b/argocd/application.yml
@@ -0,0 +1,28 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: my-app
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: 'https://github.com/KarimZakzouk/Graduation-Project-Devops'
+    targetRevision: main
+    path: helm
+    helm:
+      valueFiles:
+        - values.yaml
+      parameters:
+        - name: mongo.uri
+          value: <secret>
+        - name: mongo.username
+          value: <secret>
+        - name: mongo.password
+          value: <secret>
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: my-app-namespace
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
diff --git a/argocd/monitoring.yml b/argocd/monitoring.yml
@@ -10,7 +10,10 @@ spec:
     chart: kube-prometheus-stack
     targetRevision: "45.7.1"
     helm:
+      skipCrds: false
       values: |
+        crds:
+          enabled: true  # Enable CRD installation
         prometheus:
           service:
             type: LoadBalancer
@@ -31,4 +34,6 @@ spec:
       prune: true
       selfHeal: true
     syncOptions:
-      - CreateNamespace=true
+      - CreateNamespace=true
+      - ServerSideApply=true
+      - SkipDryRunOnMissingResource=true
diff --git a/helm/templates/secrets.yaml b/helm/templates/secrets.yaml
@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mongo-secrets
+  namespace: {{ .Release.Namespace }}
+type: Opaque
+stringData:
+  MONGO_URI: {{ .Values.mongo.uri }}
+  MONGO_USERNAME: {{ .Values.mongo.username }}
+  MONGO_PASSWORD: {{ .Values.mongo.password }}
+env:
+  - name: MONGO_URI
+    valueFrom:
+      secretKeyRef:
+        name: mongo-secrets
+        key: MONGO_URI
+  - name: MONGO_USERNAME
+    valueFrom:
+      secretKeyRef:
+        name: mongo-secrets
+        key: MONGO_USERNAME
+  - name: MONGO_PASSWORD
+    valueFrom:
+      secretKeyRef:
+        name: mongo-secrets
+        key: MONGO_PASSWORD
diff --git a/helm/templates/servicemonitor.yaml b/helm/templates/servicemonitor.yaml
@@ -0,0 +1,13 @@
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ .Release.Name }}-monitor
+  namespace: monitoring
+spec:
+  selector:
+    matchLabels:
+      app: {{ .Release.Name }}
+  endpoints:
+    - port: http
+      path: /metrics
+      interval: 30s
diff --git a/helm/values.yaml b/helm/values.yaml
@@ -9,3 +9,8 @@ service:
   type: LoadBalancer
   port: 80
   targetPort: 3000
+
+mongo:
+  uri: "YOUR_URI"
+  username: "YOUR_USERNAME"
+  password: "YOUR_PASSWORD"
diff --git a/kubernetes/deployment.template.yml b/kubernetes/deployment.template.yml
diff --git a/kubernetes/service.yml b/kubernetes/service.yml
