From 327c169015545908b84b23b86a92e72ec4b7b5e7 Mon Sep 17 00:00:00 2001
From: Marco Kilchhofer <marco@kilchhofer.info>
Date: Wed, 17 Mar 2021 17:33:32 +0100
Subject: [PATCH] feat(argo-cd): Add ability to handle cluster credentials

Signed-off-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com>
---
 charts/argo-cd/Chart.yaml                     |  2 +-
 charts/argo-cd/README.md                      |  1 +
 .../argocd-configs/cluster-secrets.yaml       | 23 +++++++++++++++++++
 charts/argo-cd/values.yaml                    | 23 +++++++++++++++++++
 4 files changed, 48 insertions(+), 1 deletion(-)
 create mode 100644 charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml

diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml
index 38c19b15..431300ff 100644
--- a/charts/argo-cd/Chart.yaml
+++ b/charts/argo-cd/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: 1.8.4
 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 2.17.4
+version: 2.18.0
 home: https://github.com/argoproj/argo-helm
 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
 keywords:
diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md
index 75a57d67..e67fda8d 100644
--- a/charts/argo-cd/README.md
+++ b/charts/argo-cd/README.md
@@ -76,6 +76,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
 | global.hostAliases | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | `[]` |
 | nameOverride | Provide a name in place of `argocd` | `"argocd"` |
 | installCRDs | Install CRDs if you are using Helm2. | `true` |
+| configs.clusterCredentials | [External Cluster Credentials](https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters)| `[]` (See [values.yaml](values.yaml)) |
 | configs.knownHostsAnnotations | Known Hosts configmap annotations | `{}` |
 | configs.knownHosts.data.ssh_known_hosts | Known Hosts | See [values.yaml](values.yaml) |
 | configs.secret.annotations | Annotations for argocd-secret | `{}` |
diff --git a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml
new file mode 100644
index 00000000..0951313c
--- /dev/null
+++ b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml
@@ -0,0 +1,23 @@
+{{- range .Values.configs.clusterCredentials }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "argo-cd.name" $ }}-cluster-{{ .name }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}
+    argocd.argoproj.io/secret-type: cluster
+  {{- with .annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+type: Opaque
+data:
+  name: {{ required "A valid .Values.configs.clusterCredentials[].name entry is required!" .name }}
+  server: {{ required "A valid .Values.configs.clusterCredentials[].server entry is required!" .server }}
+  {{- with .namespaces }}
+  namespaces: {{ . }}
+  {{- end }}
+  config: |
+    {{- required "A valid .Values.configs.clusterCredentials[].config entry is required!" .config | toPrettyJson | nindent 4 }}
+{{- end }}
diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml
index 2a6ce24f..dee89c64 100755
--- a/charts/argo-cd/values.yaml
+++ b/charts/argo-cd/values.yaml
@@ -872,6 +872,29 @@ repoServer:
 
 ## Argo Configs
 configs:
+  ## External Cluster Credentials
+  ## reference:
+  ## - https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters
+  ## - https://argoproj.github.io/argo-cd/operator-manual/security/#external-cluster-credentials
+  clusterCredentials: []
+    # - name: mycluster
+    #   server: https://mycluster.com
+    #   annotations: {}
+    #   config:
+    #     bearerToken: "<authentication token>"
+    #     tlsClientConfig:
+    #       insecure: false
+    #       caData: "<base64 encoded certificate>"
+    # - name: mycluster2
+    #   server: https://mycluster2.com
+    #   annotations: {}
+    #   namespaces: namespace1,namespace2
+    #   config:
+    #     bearerToken: "<authentication token>"
+    #     tlsClientConfig:
+    #       insecure: false
+    #       caData: "<base64 encoded certificate>"
+
   knownHostsAnnotations: {}
   knownHosts:
     data: