feat(argo-cd): add authentication for builtin Redis

Signed-off-by: André Frimberger <andre@intellisoft.de>

charts/argo-cd/README.md

@@ -1155,9 +1155,9 @@ NAME: my-release
 |-----|------|---------|-------------|
 | redis.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment |
 | redis.auth.configAnnotations | object | `{}` | Annotations to be added to Redis config secret |
-| redis.auth.enabled | bool | `false` | enable authentication for Redis. Passwords are auto-generated and stored in argocd-redis |
+| redis.auth.enabled | bool | `false` | Enable authentication for Redis. Passwords are auto-generated and stored in the Secret `argocd-redis`. If you're managing ArgoCD via ArgoCD you need to ignore the auto-generated password fields in `ignoreDifferences` , e.g. with ``` ignoreDifferences: - kind: Secret   name: argocd-redis   jsonPointers:     - /data/redis-password     - /data/redis-password-admin     - /data/redis-password-default ``` |
 | redis.auth.secretAnnotations | object | `{}` | Annotations to be added to Redis secret |
-| redis.auth.username | string | `"argocd"` | username for connecting to Redis |
+| redis.auth.username | string | `"argocd"` | Username for connecting to Redis |
 | redis.containerPorts.metrics | int | `9121` | Metrics container port |
 | redis.containerPorts.redis | int | `6379` | Redis container port |
 | redis.containerSecurityContext | object | See [values.yaml] | Redis container-level security context |

charts/argo-cd/templates/redis/secret.yaml

@@ -1,4 +1,22 @@
-# lookup existing secret
+# lookup existing secret with Helm's `lookup` function.
+# At first, it might seem strange to use this function in the ArgoCD ecosystem.
+# However, the purpose of this Helm Chart is to bootstrap ArgoCD. For this use-case
+# you don't have necessarily ArgoCD available, yet.
+#
+# Basically, ArgoCD can be installed with two approaches:
+# 1. Via Helm -> Helm's `lookup` function works as expected
+# 2. Via ArgoCD -> `lookup` will always return an empty value because ArgoCD
+#    calls `helm template` internally. In this case, you need to ignore the password
+#    fields of the secret in `ignoreDifferences`:
+#    ```yaml
+#    ignoreDifferences:
+#    - kind: Secret
+#      name: argocd-redis
+#      jsonPointers:
+#        - /data/redis-password
+#        - /data/redis-password-admin
+#        - /data/redis-password-default
+#    ```
 {{- $secretName :=  include "argo-cd.redis.fullname" . -}}
 {{- $secretObj := (lookup "v1" "Secret" .Release.Namespace $secretName) | default dict }}
 {{- $secretData := (get $secretObj "data") | default dict }}

charts/argo-cd/values.yaml

@@ -1168,9 +1168,20 @@ redis:
 
   ## Redis authentication
   auth:
-    # -- enable authentication for Redis. Passwords are auto-generated and stored in argocd-redis
+    # -- Enable authentication for Redis. Passwords are auto-generated and stored in the Secret `argocd-redis`.
+    # If you're managing ArgoCD via ArgoCD you need to ignore the auto-generated password fields in `ignoreDifferences`
+    # , e.g. with
+    # ```
+    # ignoreDifferences:
+    # - kind: Secret
+    #   name: argocd-redis
+    #   jsonPointers:
+    #     - /data/redis-password
+    #     - /data/redis-password-admin
+    #     - /data/redis-password-default
+    # ```
     enabled: false
-    # -- username for connecting to Redis
+    # -- Username for connecting to Redis
     username: argocd
     # -- Annotations to be added to Redis secret
     secretAnnotations: {}