feat(argo-cd): Support manually managed TLS certificate for Server (#1534)

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>
2022-10-30 23:03:30 +01:00 · 2022-10-30 23:03:30 +01:00 · caf1f4de02
commit caf1f4de02
parent 9819da3434
6 changed files with 81 additions and 38 deletions
--- a/charts/argo-cd/templates/NOTES.txt
+++ b/charts/argo-cd/templates/NOTES.txt
@ -40,6 +40,9 @@ DEPRECATED option server.config - Use configs.cm
 {{- if or .Values.server.rbacConfig (hasKey .Values.server "rbacConfigCreate") .Values.server.rbacConfigAnnotations }}
 DEPRECATED option server.rbacConfig - Use configs.rbac
 {{- end }}
+{{- if .Values.configs.secret.argocdServerTlsConfig }}
+DEPRECATED option config.secret.argocdServerTlsConfig - Use server.certificate or server.certificateSecret
+{{- end }}
 {{- if .Values.controller.service }}
 REMOVED option controller.service - Use controller.metrics
 {{- end }}
--- a/charts/argo-cd/templates/argocd-configs/argocd-server-tls.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-server-tls.yaml
@ -0,0 +1,21 @@
+{{- if and .Values.server.certificateSecret.enabled (not .Values.server.certificate.enabled) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: argocd-server-tls
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "server-tls") | nindent 4 }}
+    {{- with .Values.server.certificateSecret.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.server.certificateSecret.annotations }}
+  annotations:
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ .Values.server.certificateSecret.crt | b64enc | quote }}
+  tls.key: {{ .Values.server.certificateSecret.key | b64enc | quote }}
+{{- end }}
--- a/charts/argo-cd/templates/argocd-server/certificate.yaml
+++ b/charts/argo-cd/templates/argocd-server/certificate.yaml
@ -2,10 +2,11 @@
 apiVersion: {{ include "argo-cd.apiVersion.cert-manager" . }}
 kind: Certificate
 metadata:
-  name: {{ template "argo-cd.server.fullname" . }}
+  name: {{ include "argo-cd.server.fullname" . }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
 spec:
+  secretName: {{ .Values.server.certificate.secretName }}
  commonName: {{ .Values.server.certificate.domain | quote }}
  dnsNames:
    - {{ .Values.server.certificate.domain | quote }}
@ -15,6 +16,9 @@ spec:
  {{- with .Values.server.certificate.duration }}
  duration: {{ . | quote }}
  {{- end }}
+  {{- with .Values.server.certificate.renewBefore }}
+  renewBefore: {{ . | quote }}
+  {{- end }}
  issuerRef:
    {{- with .Values.server.certificate.issuer.group }}
    group: {{ . | quote }}
@ -25,8 +29,4 @@ spec:
  privateKey:
    {{- toYaml . | nindent 4 }}
  {{- end }}
-  {{- with .Values.server.certificate.renewBefore }}
-  renewBefore: {{ . | quote }}
-  {{- end }}
-  secretName: {{ .Values.server.certificate.secretName | quote }}
 {{- end }}