From 62b5450f17c0f1710efef9163314855a1ac367d2 Mon Sep 17 00:00:00 2001
From: 0m1xa <43731080+0m1xa@users.noreply.github.com>
Date: Tue, 1 Mar 2022 11:26:13 +0100
Subject: [PATCH] feat(argocd-image-updater): Add k8s secret generation for
 ArgoCD API token (#1144)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* [image-updater] appVersion has been changed

* Reword changelog

Signed-off-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com>

* Added argocd api key secret generation option

Signed-off-by: Mikhail Alekseev <mikhailalekseev1@gmail.com>

* changed docs

Signed-off-by: Mikhail Alekseev <mikhailalekseev1@gmail.com>

* Fix in README

Signed-off-by: Mikhail Alekseev <mikhailalekseev1@gmail.com>

* fix in values file

Signed-off-by: Mikhail Alekseev <mikhailalekseev1@gmail.com>

* fix README

* Apply suggestions from code review

Signed-off-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com>

* Fix changelog annotation

Signed-off-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com>

* Also add default labels to the newly created Secret

Signed-off-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com>

Co-authored-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com>
Co-authored-by: Oliver Bähler <oliverbaehler@hotmail.com>
---
 charts/argocd-image-updater/Chart.yaml         |  4 ++--
 charts/argocd-image-updater/README.md          | 18 ++++++++++++++----
 charts/argocd-image-updater/README.md.gotmpl   | 17 +++++++++++++----
 .../argocd-image-updater/templates/secret.yaml | 11 +++++++++++
 charts/argocd-image-updater/values.yaml        |  2 ++
 5 files changed, 42 insertions(+), 10 deletions(-)
 create mode 100644 charts/argocd-image-updater/templates/secret.yaml

diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml
index 35e97708..03ff8d96 100644
--- a/charts/argocd-image-updater/Chart.yaml
+++ b/charts/argocd-image-updater/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: argocd-image-updater
 description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD
 type: application
-version: 0.6.3
+version: 0.7.0
 appVersion: v0.11.3
 home: https://github.com/argoproj-labs/argocd-image-updater
 icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png
@@ -15,4 +15,4 @@ maintainers:
     url: https://argoproj.github.io/
 annotations:
   artifacthub.io/changes: |
-    - "[Changed]: Update to app version v0.11.3"
+    - "[Added]: Ability to manage secret containing the ArgoCD API token"
diff --git a/charts/argocd-image-updater/README.md b/charts/argocd-image-updater/README.md
index 0f246edd..a5697096 100644
--- a/charts/argocd-image-updater/README.md
+++ b/charts/argocd-image-updater/README.md
@@ -16,10 +16,6 @@ helm install argocd-image-updater argo/argocd-image-updater
 
 You will also need to run through the [secret setup documentation](https://argocd-image-updater.readthedocs.io/en/stable/install/start/#connect-using-argo-cd-api-server) so ArgoCD ImageUpdater can talk to the ArgoCD API (until its automated in this chart).
 
-## TODO
-
-- Automate setting up the ArgoCD API Authentication user/secret using a Helm Hook or something.
-
 ## Prerequisites
 
 * Helm v3.0.0+
@@ -41,6 +37,19 @@ config:
 
 Any additional arguments mentioned on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags) can be configured using the `extraArgs` value, like so.
 
+### ArgoCD API key
+
+If you are unable to install Argo CD Image Updater into the same Kubernetes cluster you might configure it to use API of your Argo CD installation.
+Please also read [the documentation](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/).
+
+```yaml
+config:
+  argocd:
+    token: <your_secret_here>
+```
+
+If you specify a token value the secret will be created.
+
 ### Registries
 
 ArgoCD Image Updater natively supports the following registries (as mentioned in [the documentation](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/)):
@@ -67,6 +76,7 @@ The `config.registries` value can be used exactly as it looks in the documentati
 | config.argocd.insecure | bool | `false` | If specified, the certificate of the Argo CD API server is not verified. |
 | config.argocd.plaintext | bool | `false` | If specified, use an unencrypted HTTP connection to the ArgoCD API instead of TLS. |
 | config.argocd.serverAddress | string | `""` | Connect to the Argo CD API server at server address |
+| config.argocd.token | string | `""` | If specified, the secret with ArgoCD API key will be created. |
 | config.disableKubeEvents | bool | `false` | Disable kubernetes events |
 | config.gitCommitMail | string | `""` | E-Mail address to use for Git commits |
 | config.gitCommitTemplate | string | `""` | Changing the Git commit message |
diff --git a/charts/argocd-image-updater/README.md.gotmpl b/charts/argocd-image-updater/README.md.gotmpl
index 7e39f7a6..bbd2e1b5 100644
--- a/charts/argocd-image-updater/README.md.gotmpl
+++ b/charts/argocd-image-updater/README.md.gotmpl
@@ -16,10 +16,6 @@ helm install argocd-image-updater argo/argocd-image-updater
 
 You will also need to run through the [secret setup documentation](https://argocd-image-updater.readthedocs.io/en/stable/install/start/#connect-using-argo-cd-api-server) so ArgoCD ImageUpdater can talk to the ArgoCD API (until its automated in this chart).
 
-## TODO
-
-- Automate setting up the ArgoCD API Authentication user/secret using a Helm Hook or something.
-
 ## Prerequisites
 
 * Helm v3.0.0+
@@ -41,6 +37,19 @@ config:
 
 Any additional arguments mentioned on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags) can be configured using the `extraArgs` value, like so.
 
+### ArgoCD API key
+
+If you are unable to install Argo CD Image Updater into the same Kubernetes cluster you might configure it to use API of your Argo CD installation.
+Please also read [the documentation](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/).
+
+```yaml
+config:
+  argocd:
+    token: <your_secret_here>
+```
+
+If you specify a token value the secret will be created.
+
 ### Registries
 
 ArgoCD Image Updater natively supports the following registries (as mentioned in [the documentation](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/)):
diff --git a/charts/argocd-image-updater/templates/secret.yaml b/charts/argocd-image-updater/templates/secret.yaml
new file mode 100644
index 00000000..d0e7bb24
--- /dev/null
+++ b/charts/argocd-image-updater/templates/secret.yaml
@@ -0,0 +1,11 @@
+{{- if .Values.config.argocd.token }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: argocd-image-updater-secret
+  labels:
+    {{- include "argocd-image-updater.labels" . | nindent 4 }}
+type: Opaque
+data: 
+  argocd.token: {{ .Values.config.argocd.token | b64enc }}
+{{- end }}
diff --git a/charts/argocd-image-updater/values.yaml b/charts/argocd-image-updater/values.yaml
index 460006dc..bca186ca 100644
--- a/charts/argocd-image-updater/values.yaml
+++ b/charts/argocd-image-updater/values.yaml
@@ -53,6 +53,8 @@ config:
     insecure: false
     # -- If specified, use an unencrypted HTTP connection to the ArgoCD API instead of TLS.
     plaintext: false
+    # -- If specified, the secret with ArgoCD API key will be created.
+    token: ""
 
   # -- Disable kubernetes events
   disableKubeEvents: false