From 73bb74ece2152a1db41f1202e6d9be4cb39d47d2 Mon Sep 17 00:00:00 2001
From: Peter Kurfer <peter@icb4dc0.de>
Date: Wed, 26 Mar 2025 08:03:25 +0100
Subject: [PATCH] feat(argo): add individual listener

---
 argocd/kustomization.yaml              | 11 ++++++
 argocd/resources/http_routes.yaml      | 53 ++++++++++++++++++--------
 contour/resources/default_gateway.yaml | 15 ++++++++
 3 files changed, 63 insertions(+), 16 deletions(-)

diff --git a/argocd/kustomization.yaml b/argocd/kustomization.yaml
index 323e3c2..f50e571 100644
--- a/argocd/kustomization.yaml
+++ b/argocd/kustomization.yaml
@@ -31,3 +31,14 @@ helmCharts:
     valuesFile: config/values.argo-cd.yaml
     apiVersions:
       - monitoring.coreos.com/v1
+
+patches:
+  - target:
+      group: ""
+      version: v1
+      kind: Service
+      name: argo-cd-argocd-server
+    patch: |
+      - op: add
+        path: /spec/ports/0/appProtocol
+        value: kubernetes.io/h2c
diff --git a/argocd/resources/http_routes.yaml b/argocd/resources/http_routes.yaml
index 01ffa4b..d026e9c 100644
--- a/argocd/resources/http_routes.yaml
+++ b/argocd/resources/http_routes.yaml
@@ -5,17 +5,17 @@ metadata:
   name: argo-cd-http
 spec:
   parentRefs:
-  - name: contour
-    sectionName: http
-    namespace: projectcontour
+    - name: contour
+      sectionName: http
+      namespace: projectcontour
   hostnames:
-  - argocd.icb4dc0.de
+    - argocd.icb4dc0.de
   rules:
-  - filters:
-    - type: RequestRedirect
-      requestRedirect:
-        scheme: https
-        statusCode: 301
+    - filters:
+        - type: RequestRedirect
+          requestRedirect:
+            scheme: https
+            statusCode: 301
 ---
 apiVersion: gateway.networking.k8s.io/v1
 kind: HTTPRoute
@@ -23,12 +23,33 @@ metadata:
   name: argo-cd-https
 spec:
   parentRefs:
-  - name: contour
-    sectionName: https
-    namespace: projectcontour
+    - name: contour
+      sectionName: argocd
+      namespace: projectcontour
   hostnames:
-  - argocd.icb4dc0.de
+    - argocd.icb4dc0.de
   rules:
-  - backendRefs:
-    - name: argo-cd-argocd-server
-      port: 443
\ No newline at end of file
+    - backendRefs:
+        - name: argo-cd-argocd-server
+          port: 443
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: GRPCRoute
+metadata:
+  name: argo-cd-grpc
+spec:
+  parentRefs:
+    - name: contour
+      sectionName: argocd
+      namespace: projectcontour
+  hostnames:
+    - argocd.icb4dc0.de
+  rules:
+    - matches:
+        - headers:
+            - name: Content-Type
+              type: RegularExpression
+              value: .*application/grpc.*
+      backendRefs:
+        - name: argo-cd-argocd-server
+          port: 80
diff --git a/contour/resources/default_gateway.yaml b/contour/resources/default_gateway.yaml
index aff722d..0fe1a7b 100644
--- a/contour/resources/default_gateway.yaml
+++ b/contour/resources/default_gateway.yaml
@@ -52,6 +52,21 @@ spec:
         certificateRefs:
           - name: forgejo-tls
 
+    - name: argocd
+      hostname: "argocd.icb4dc0.de"
+      port: 443
+      protocol: HTTPS
+      allowedRoutes:
+        namespaces:
+          from: Selector
+          selector:
+            matchLabels:
+              kubernetes.io/metadata.name: argo-system
+      tls:
+        mode: Terminate
+        certificateRefs:
+          - name: argocd-tls
+
     - name: ssh
       protocol: TCP
       port: 22