Enables Argo-workflow Server UI

Enables the Argo-workflow server UI in the cluster. This will allow users to view and potentially troubleshoot workflows. Note that this work is about making the UI work but not make the Single Sign-On (SSO) login feature works, which is detailed in another [card](https://trello.com/c/hF9uauRU/587-google-sso-for-argo) The URL for the service is: https://argo-workflow.eks.<environment>.govuk.digital/ To get the authentication token: 1. install the `argo` cli using brew: `brew install argo` Must be version 3.2.5 or greater due to [bug](argoproj/argo-workflows#7175) 2. get token: `gds aws govuk-<environment>-admin -- argo auth token` 3. copy whole token, starting with `Bearer ` and paste it in website. Ref: 1. [trello card](https://trello.com/c/GHtiRMqe/781-argo-workflows-ui)
alphagov · Jan 25, 2022 · a03af3a · a03af3a
1 parent dedbd23
commit a03af3a
Showing 1 changed file with 20 additions and 2 deletions.
diff --git a/terraform/deployments/cluster-services/argo.tf b/terraform/deployments/cluster-services/argo.tf
@@ -1,6 +1,7 @@
 # Installs and configures ArgoCD for deploying GOV.UK apps
 locals {
-  argo_host = "argo.${local.external_dns_zone_name}"
+  argo_host          = "argo.${local.external_dns_zone_name}"
+  argo_workflow_host = "argo-workflow.${local.external_dns_zone_name}"
 }
 
 resource "helm_release" "argo_cd" {
@@ -97,7 +98,7 @@ resource "helm_release" "argo_workflows" {
   name       = "argo-workflows"
   namespace  = local.services_ns
   repository = "https://argoproj.github.io/argo-helm"
-  version    = "0.8.0" # TODO: Dependabot or equivalent so this doesn't get neglected.
+  version    = "0.9.5" # TODO: Dependabot or equivalent so this doesn't get neglected.
   values = [yamlencode({
     controller = {
       workflowNamespaces = concat([local.services_ns], var.argo_workflow_namespaces)
@@ -119,6 +120,23 @@ resource "helm_release" "argo_workflows" {
         create = true
       }
     }
+
+    server = {
+      vextraArgs = ["--auth-mode=client"]
+      ingress = {
+        enabled = true
+        annotations = {
+          "alb.ingress.kubernetes.io/group.name"         = "argo-workflow"
+          "alb.ingress.kubernetes.io/scheme"             = "internet-facing"
+          "alb.ingress.kubernetes.io/target-type"        = "ip"
+          "alb.ingress.kubernetes.io/load-balancer-name" = "argo-workflow"
+          "alb.ingress.kubernetes.io/listen-ports"       = jsonencode([{ "HTTP" : 80 }, { "HTTPS" : 443 }])
+          "alb.ingress.kubernetes.io/ssl-redirect"       = "443"
+        }
+        ingressClassName = "aws-alb"
+        hosts            = [local.argo_workflow_host]
+      }
+    }
   })]
 }