From cb2ea398c1d0176e2b9c829935a7a43237ff9c8e Mon Sep 17 00:00:00 2001
From: Wei He <hewei.com@gmail.com>
Date: Tue, 17 May 2022 17:25:56 +0800
Subject: [PATCH] route /argocd to argocd-server

---
 INSTALL.md                         | 10 +---------
 argocd/cmd-params-cm.yaml          |  1 +
 argocd/ingressroute-server.yaml.sh |  8 +++-----
 deploy_jitsi.sh                    | 13 +++++--------
 4 files changed, 10 insertions(+), 22 deletions(-)

diff --git a/INSTALL.md b/INSTALL.md
index 2f87b6a..6bb31d1 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -25,18 +25,11 @@ curl -sL https://raw.githubusercontent.com/shanghailug/jitsi-deploy/main/deploy_
   bash -s - <PROD_HOSTNAME> <ACME_EMAIL>
 ```
 
-Alternatively, an additional environment variable `ARGOCD_FQDN` can be provided to enable ArgoCD web server's ingress, so that it can be accessed post installation, for future operations: 
-
-```bash
-curl -sL https://raw.githubusercontent.com/shanghailug/jitsi-deploy/main/deploy_jitsi.sh | 
-  ARGOCD_FQDN=<CD_HOSTNAME> bash -s - <PROD_HOSTNAME> <ACME_EMAIL>
-```
-
 Before committing to a prod installation, the whole setup can be tested by using a test hostname, only requesting certificates from staging instance of Let's Encrypt, and installing into `test` k8s namespace. This can be done by setting `TEST_INSTALL` and `STAGING_CERT` environment variable and giving test hostname as command argument, like this: 
 
 ```bash
 curl -sL https://raw.githubusercontent.com/shanghailug/jitsi-deploy/main/deploy_jitsi.sh | 
-  TEST_INSTALL=1 STAGING_CERT=1 ARGOCD_FQDN=<CD_HOSTNAME> bash -s - <TEST_HOSTNAME> <ACME_EMAIL>
+  TEST_INSTALL=1 STAGING_CERT=1 bash -s - <TEST_HOSTNAME> <ACME_EMAIL>
 ```
 
 The installed applications can then be updated/upgraded by rerunning exactly the same command, when the git repo is updated or it's desirable to enable ArgoCD web after initial installation is done. The already installed components will usually be kept as-is if their versions match, or be upgraded otherwise. If k3s needs to be upgraded, however, it's probably a better idea to [tear down](#tear-down) the whole setup before-hand. 
@@ -56,7 +49,6 @@ The following list of environment variables can be used to customize or alter th
 
 Environment Variable | Description | Default Value | Default behaviour
 --- | --- | --- | ---
-`ARGOCD_FQDN` | fully-qualified hostname for accessing ArgoCD web UI | "" | don't enable web ingress for ArgoCD server
 `ARGOCD_VERSION` | argocd release to install | "v2.3.3" | 
 `DEPLOY_GIT_REPO` | the git repo url for retrieving artifacts | `https://github.com/shanghailug/jitsi-deploy.git` |
 `DEPLOY_GIT_VERSION` | the revision of artifacts to checkout and use from the repo | "" | use the default branch when git repo is cloned locally
diff --git a/argocd/cmd-params-cm.yaml b/argocd/cmd-params-cm.yaml
index 9016764..431029c 100644
--- a/argocd/cmd-params-cm.yaml
+++ b/argocd/cmd-params-cm.yaml
@@ -8,3 +8,4 @@ metadata:
     app.kubernetes.io/part-of: argocd
 data:
   server.insecure: "true"
+  server.rootpath: "/argocd"
diff --git a/argocd/ingressroute-server.yaml.sh b/argocd/ingressroute-server.yaml.sh
index 2eeaaff..1f52d1c 100755
--- a/argocd/ingressroute-server.yaml.sh
+++ b/argocd/ingressroute-server.yaml.sh
@@ -9,18 +9,16 @@ spec:
     - websecure
   routes:
     - kind: Rule
-      match: Host(\`${ARGOCD_FQDN}\`)
-      priority: 10
+      match: Host(\`${FQDN}\`) && PathPrefix(\`/argocd\`)
       services:
         - name: argocd-server
           port: 80
     - kind: Rule
-      match: Host(\`${ARGOCD_FQDN}\`) && Headers(\`Content-Type\`, \`application/grpc\`)
-      priority: 11
+      match: Host(\`${FQDN}\`) && PathPrefix(\`/argocd\`) && Headers(\`Content-Type\`, \`application/grpc\`)
       services:
         - name: argocd-server
           port: 80
           scheme: h2c
   tls:
-    certResolver: le-prod
+    certResolver: ${CERT_RESOLVER}
 EOF
diff --git a/deploy_jitsi.sh b/deploy_jitsi.sh
index 5577cb9..037249b 100755
--- a/deploy_jitsi.sh
+++ b/deploy_jitsi.sh
@@ -122,14 +122,11 @@ function do_argocd {
   cd ${SRC_DIR}/
 
   kubectl create ns argocd --dry-run=client -o yaml | kubectl apply -f -
-  kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
-  if [ -n "${ARGOCD_FQDN}" ]; then
-    export ARGOCD_FQDN
-    kubectl apply -f argocd/cmd-params-cm.yaml
-    kubectl -n argocd rollout restart deploy/argocd-server
-    argocd/ingressroute-server.yaml.sh | kubectl apply -f -
-    # ARGOCD_PASSWD=$(kubectl -n argocd get secret/argocd-initial-admin-secret -o jsonpath='{.data.password}' | base64 -d)
-  fi
+  kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/${ARGOCD_VERSION}/manifests/install.yaml
+  kubectl apply -f argocd/cmd-params-cm.yaml
+  kubectl -n argocd rollout restart deploy/argocd-server
+  argocd/ingressroute-server.yaml.sh | kubectl apply -f -
+  # ARGOCD_PASSWD=$(kubectl -n argocd get secret/argocd-initial-admin-secret -o jsonpath='{.data.password}' | base64 -d)
 
   echo -n "waiting for argocd to become ready ."
   while [ $(kubectl -n argocd get pods | grep -c '1/1') -ne 7 ]; do