feat(argo-cd): Support custom TLS certificates for Dex (#1477)

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>
2022-10-30 21:44:13 +01:00 · 2022-10-30 21:44:13 +01:00 · 9819da3434
commit 9819da3434
parent 3d9e2f35a6
6 changed files with 55 additions and 7 deletions
--- a/charts/argo-cd/templates/_helpers.tpl
+++ b/charts/argo-cd/templates/_helpers.tpl
@ -198,7 +198,8 @@ repo.server: "{{ include "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServe
 redis.server: {{ . | quote }}
 {{- end }}
 {{- if .Values.dex.enabled }}
-server.dex.server: {{ include "argo-cd.dex.server" . }}
+server.dex.server: {{ include "argo-cd.dex.server" . | quote }}
+server.dex.server.strict.tls: {{ .Values.dex.certificateSecret.enabled | toString }}
 {{- end }}
 {{- range $component := tuple "controller" "server" "reposerver" }}
 {{ $component }}.log.format: {{ $.Values.global.logging.format | quote }}
--- a/charts/argo-cd/templates/argocd-configs/argocd-dex-server-tls-secret.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-dex-server-tls-secret.yaml
@ -0,0 +1,24 @@
+{{- if and .Values.dex.enabled .Values.dex.certificateSecret.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: argocd-dex-server-tls
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" "dex-server-tls") | nindent 4 }}
+    {{- with .Values.dex.certificateSecret.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.dex.certificateSecret.annotations }}
+  annotations:
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
+type: kubernetes.io/tls
+data:
+  {{- with .Values.dex.certificateSecret.ca }}
+  ca.crt: {{ . | b64enc | quote }}
+  {{- end }}
+  tls.crt: {{ .Values.dex.certificateSecret.crt | b64enc | quote }}
+  tls.key: {{ .Values.dex.certificateSecret.key | b64enc | quote }}
+{{- end }}
--- a/charts/argo-cd/templates/dex/deployment.yaml
+++ b/charts/argo-cd/templates/dex/deployment.yaml
@ -13,6 +13,9 @@ spec:
    metadata:
      annotations:
        checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }}
+        {{- if .Values.dex.certificateSecret.enabled }}
+        checksum/dex-server-tls: {{ include (print $.Template.BasePath "/argocd-configs/argocd-dex-server-tls.yaml") . | sha256sum }}
+        {{- end }}
        {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.dex.podAnnotations) }}
        {{- range $key, $value := . }}
        {{ $key }}: {{ $value | quote }}