diff --git a/modules/eks/argocd/README.md b/modules/eks/argocd/README.md
index 47bc24a74..0ea68f4b7 100644
--- a/modules/eks/argocd/README.md
+++ b/modules/eks/argocd/README.md
@@ -580,6 +580,7 @@ Reference: https://stackoverflow.com/questions/75046330/argo-cd-error-server-sec
| [saml\_enabled](#input\_saml\_enabled) | Toggles SAML integration in the deployed chart | `bool` | `false` | no |
| [saml\_rbac\_scopes](#input\_saml\_rbac\_scopes) | SAML RBAC scopes to request | `string` | `"[email,groups]"` | no |
| [saml\_sso\_providers](#input\_saml\_sso\_providers) | SAML SSO providers components | map(object({
component = string
environment = optional(string, null)
})) | `{}` | no |
+| [service\_type](#input\_service\_type) | Service type for exposing the ArgoCD service. The available type values and their behaviors are:
ClusterIP: Exposes the Service on a cluster-internal IP. Choosing this value makes the Service only reachable from within the cluster.
NodePort: Exposes the Service on each Node's IP at a static port (the NodePort).
LoadBalancer: Exposes the Service externally using a cloud provider's load balancer. | `string` | `"NodePort"` | no |
| [slack\_notifications](#input\_slack\_notifications) | ArgoCD Slack notification configuration. Requires Slack Bot created with token stored at the given SSM Parameter path.
See: https://argocd-notifications.readthedocs.io/en/stable/services/slack/ | object({
token_ssm_path = optional(string, "/argocd/notifications/notifiers/slack/token")
api_url = optional(string, null)
username = optional(string, "ArgoCD")
icon = optional(string, null)
}) | `{}` | no |
| [slack\_notifications\_enabled](#input\_slack\_notifications\_enabled) | Whether or not to enable Slack notifications. See `var.slack_notifications.` | `bool` | `false` | no |
| [ssm\_github\_api\_key](#input\_ssm\_github\_api\_key) | SSM path to the GitHub API key | `string` | `"/argocd/github/api_key"` | no |
diff --git a/modules/eks/argocd/main.tf b/modules/eks/argocd/main.tf
index fbbec8a2c..2249cd38d 100644
--- a/modules/eks/argocd/main.tf
+++ b/modules/eks/argocd/main.tf
@@ -162,6 +162,7 @@ module "argocd" {
oidc_rbac_scopes = var.oidc_rbac_scopes
saml_enabled = local.saml_enabled
saml_rbac_scopes = var.saml_rbac_scopes
+ service_type = var.service_type
rbac_default_policy = var.argocd_rbac_default_policy
rbac_policies = var.argocd_rbac_policies
rbac_groups = var.argocd_rbac_groups
diff --git a/modules/eks/argocd/resources/argocd-values.yaml.tpl b/modules/eks/argocd/resources/argocd-values.yaml.tpl
index 26d3ae928..0b869d6f4 100644
--- a/modules/eks/argocd/resources/argocd-values.yaml.tpl
+++ b/modules/eks/argocd/resources/argocd-values.yaml.tpl
@@ -66,7 +66,7 @@ server:
https: false
service:
- type: NodePort
+ type: ${service_type}
secret:
create: true
diff --git a/modules/eks/argocd/variables-argocd.tf b/modules/eks/argocd/variables-argocd.tf
index cda437076..43d9f5dc1 100644
--- a/modules/eks/argocd/variables-argocd.tf
+++ b/modules/eks/argocd/variables-argocd.tf
@@ -143,6 +143,17 @@ variable "saml_rbac_scopes" {
default = "[email,groups]"
}
+variable "service_type" {
+ type = string
+ default = "NodePort"
+ description = <<-EOT
+ Service type for exposing the ArgoCD service. The available type values and their behaviors are:
+ ClusterIP: Exposes the Service on a cluster-internal IP. Choosing this value makes the Service only reachable from within the cluster.
+ NodePort: Exposes the Service on each Node's IP at a static port (the NodePort).
+ LoadBalancer: Exposes the Service externally using a cloud provider's load balancer.
+ EOT
+}
+
variable "argocd_rbac_policies" {
type = list(string)
default = []