From 9365ba1dd248b703c25c3ec365092fb436dd7904 Mon Sep 17 00:00:00 2001
From: "Marco Maurer (-Kilchhofer)" <mkilchhofer@users.noreply.github.com>
Date: Wed, 2 Apr 2025 12:45:24 +0200
Subject: [PATCH] fix(argo-cd): Make code clearer when Redis Secret is optional
 (#3228)

---
 charts/argo-cd/Chart.yaml                     |  4 +-
 charts/argo-cd/templates/_helpers.tpl         | 38 +++++++++++++++++++
 .../deployment.yaml                           | 12 +-----
 .../statefulset.yaml                          | 12 +-----
 .../argocd-repo-server/deployment.yaml        | 12 +-----
 .../templates/argocd-server/deployment.yaml   | 12 +-----
 6 files changed, 48 insertions(+), 42 deletions(-)

diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml
index 0b0b8aa2..4f8b8a37 100644
--- a/charts/argo-cd/Chart.yaml
+++ b/charts/argo-cd/Chart.yaml
@@ -3,7 +3,7 @@ appVersion: v2.14.8
 kubeVersion: ">=1.25.0-0"
 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 7.8.20
+version: 7.8.21
 home: https://github.com/argoproj/argo-helm
 icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
 sources:
@@ -27,4 +27,4 @@ annotations:
     url: https://argoproj.github.io/argo-helm/pgp_keys.asc
   artifacthub.io/changes: |
     - kind: fixed
-      description: Correct oliver006/redis_exporter image tag
+      description: Make code clearer when Redis Secret is optional
diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl
index 5aecb5fd..f365dde2 100644
--- a/charts/argo-cd/templates/_helpers.tpl
+++ b/charts/argo-cd/templates/_helpers.tpl
@@ -275,3 +275,41 @@ ipFamilyPolicy: {{ . }}
 ipFamilies: {{ toYaml . | nindent 4 }}
 {{- end }}
 {{- end }}
+
+{{/*
+secretKeyRef of env variable REDIS_USERNAME
+*/}}
+{{- define "argo-cd.redisUsernameSecretRef" -}}
+    {{- if and .Values.externalRedis.host -}}
+name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
+key: redis-username
+optional: true
+    {{- else -}}
+name: {{ include "argo-cd.redis.fullname" . }}
+key: redis-username
+optional: true
+    {{- end -}}
+{{- end -}}
+
+{{/*
+secretKeyRef of env variable REDIS_PASSWORD
+*/}}
+{{- define "argo-cd.redisPasswordSecretRef" -}}
+    {{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) -}}
+    {{- /* Default case where Secret is generated by the Job with Helm pre-install hooks */ -}}
+name: "argocd-redis" # hard-coded in Job command "argocd admin redis-initial-password"
+key: auth
+optional: false # Secret is not optional in this case !
+    {{- else if .Values.externalRedis.host -}}
+    {{- /* External Redis use case */ -}}
+    {{- /* Secret is required when specifying existingSecret, otherwise it is optional */ -}}
+name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
+key: redis-password
+optional: {{ if .Values.externalRedis.existingSecret }}false{{ else }}true{{ end }}
+    {{- else -}}
+    {{- /* All other use cases (e.g. disabled pre-install Job) */ -}}
+name: {{ include "argo-cd.redis.fullname" . }}
+key: redis-password
+optional: true
+    {{- end -}}
+{{- end -}}
diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml
index 0b8285b7..2f6abd43 100644
--- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml
@@ -226,19 +226,11 @@ spec:
           - name: REDIS_USERNAME
             valueFrom:
               secretKeyRef:
-                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
-                key: redis-username
-                optional: true
+                {{- include "argo-cd.redisUsernameSecretRef" . | nindent 16 }}
           - name: REDIS_PASSWORD
             valueFrom:
               secretKeyRef:
-                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
-                {{- if .Values.externalRedis.host }}
-                key: redis-password
-                {{- else }}
-                key: auth
-                {{- end }}
-                optional: true
+                {{- include "argo-cd.redisPasswordSecretRef" . | nindent 16 }}
           - name: REDIS_SENTINEL_USERNAME
             valueFrom:
               secretKeyRef:
diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
index 733290d1..6c03426c 100644
--- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
@@ -225,19 +225,11 @@ spec:
           - name: REDIS_USERNAME
             valueFrom:
               secretKeyRef:
-                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
-                key: redis-username
-                optional: true
+                {{- include "argo-cd.redisUsernameSecretRef" . | nindent 16 }}
           - name: REDIS_PASSWORD
             valueFrom:
               secretKeyRef:
-                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
-                {{- if .Values.externalRedis.host }}
-                key: redis-password
-                {{- else }}
-                key: auth
-                {{- end }}
-                optional: true
+                {{- include "argo-cd.redisPasswordSecretRef" . | nindent 16 }}
           - name: REDIS_SENTINEL_USERNAME
             valueFrom:
               secretKeyRef:
diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
index f12332e9..2abc4adb 100755
--- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
@@ -178,19 +178,11 @@ spec:
           - name: REDIS_USERNAME
             valueFrom:
               secretKeyRef:
-                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
-                key: redis-username
-                optional: true
+                {{- include "argo-cd.redisUsernameSecretRef" . | nindent 16 }}
           - name: REDIS_PASSWORD
             valueFrom:
               secretKeyRef:
-                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
-                {{- if .Values.externalRedis.host }}
-                key: redis-password
-                {{- else }}
-                key: auth
-                {{- end }}
-                optional: true
+                {{- include "argo-cd.redisPasswordSecretRef" . | nindent 16 }}
           - name: REDIS_SENTINEL_USERNAME
             valueFrom:
               secretKeyRef:
diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml
index 0b75f062..74d67376 100755
--- a/charts/argo-cd/templates/argocd-server/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-server/deployment.yaml
@@ -246,19 +246,11 @@ spec:
           - name: REDIS_USERNAME
             valueFrom:
               secretKeyRef:
-                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
-                key: redis-username
-                optional: true
+                {{- include "argo-cd.redisUsernameSecretRef" . | nindent 16 }}
           - name: REDIS_PASSWORD
             valueFrom:
               secretKeyRef:
-                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
-                {{- if .Values.externalRedis.host }}
-                key: redis-password
-                {{- else }}
-                key: auth
-                {{- end }}
-                optional: true
+                {{- include "argo-cd.redisPasswordSecretRef" . | nindent 16 }}
           - name: REDIS_SENTINEL_USERNAME
             valueFrom:
               secretKeyRef: