From 231198da1e4b3a9d6e64191968ee94bbdf5298ec Mon Sep 17 00:00:00 2001
From: guipguia <guilherme@pguia.com>
Date: Fri, 16 Jan 2026 18:37:03 +0000
Subject: [PATCH] =?UTF-8?q?feat:=20=F0=9F=8E=B8=20add=20argocd=20dns?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 roles/argocd/tasks/main.yml          | 26 +++++++++++++++++++++++++-
 roles/cert_manager/tasks/main.yml    | 16 ++++++++++++++++
 roles/traefik_gateway/tasks/main.yml | 11 +++++++++++
 3 files changed, 52 insertions(+), 1 deletion(-)

diff --git a/roles/argocd/tasks/main.yml b/roles/argocd/tasks/main.yml
index db362b9..3f6c10a 100644
--- a/roles/argocd/tasks/main.yml
+++ b/roles/argocd/tasks/main.yml
@@ -14,8 +14,32 @@
     /snap/bin/helm upgrade --install argocd argo/argo-cd
     --namespace argocd
     --create-namespace
-    --set server.service.type=NodePort
+    --set configs.params."server\.insecure"=true
     --wait
   become: false
   register: argocd_install
   changed_when: "'Release \"argocd\" does not exist' in argocd_install.stdout or 'Happy Helming' in argocd_install.stdout"
+
+- name: Create HTTPRoute for ArgoCD
+  kubernetes.core.k8s:
+    definition:
+      apiVersion: gateway.networking.k8s.io/v1
+      kind: HTTPRoute
+      metadata:
+        name: argocd-route
+        namespace: argocd
+      spec:
+        parentRefs:
+        - name: main-gateway
+          namespace: traefik
+          sectionName: argocd-https
+        hostnames:
+        - "argocd.svc.pguia.com"
+        rules:
+        - matches:
+          - path:
+              type: PathPrefix
+              value: /
+          backendRefs:
+          - name: argocd-server
+            port: 80
diff --git a/roles/cert_manager/tasks/main.yml b/roles/cert_manager/tasks/main.yml
index 696770e..4012de9 100644
--- a/roles/cert_manager/tasks/main.yml
+++ b/roles/cert_manager/tasks/main.yml
@@ -64,3 +64,19 @@
           kind: ClusterIssuer
         dnsNames:
         - git.svc.pguia.com
+
+- name: Create Certificate for ArgoCD
+  kubernetes.core.k8s:
+    definition:
+      apiVersion: cert-manager.io/v1
+      kind: Certificate
+      metadata:
+        name: argocd-svc-pguia-com-tls
+        namespace: traefik
+      spec:
+        secretName: argocd-svc-pguia-com-tls
+        issuerRef:
+          name: letsencrypt-prod
+          kind: ClusterIssuer
+        dnsNames:
+        - argocd.svc.pguia.com
diff --git a/roles/traefik_gateway/tasks/main.yml b/roles/traefik_gateway/tasks/main.yml
index 9491bca..c6714b9 100644
--- a/roles/traefik_gateway/tasks/main.yml
+++ b/roles/traefik_gateway/tasks/main.yml
@@ -100,3 +100,14 @@
           allowedRoutes:
             namespaces:
               from: All
+        - name: argocd-https
+          port: 443
+          protocol: HTTPS
+          hostname: argocd.svc.pguia.com
+          tls:
+            mode: Terminate
+            certificateRefs:
+            - name: argocd-svc-pguia-com-tls
+          allowedRoutes:
+            namespaces:
+              from: All