feat(argo-cd): Add params to override Certificate duration and renewBefore (#1209)

* feat(argo-cd): New params to override Certificate duration and renewBefore Signed-off-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com> * chore(argo-cd): Clarify existing certificate params Signed-off-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com>
2022-04-03 11:13:56 +02:00 · 2022-04-03 11:13:56 +02:00 · 3befa82210
commit 3befa82210
parent d542b1e426
4 changed files with 27 additions and 16 deletions
--- a/charts/argo-cd/Chart.yaml
+++ b/charts/argo-cd/Chart.yaml
@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v2.3.3
 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 4.4.1
+version: 4.5.0
 home: https://github.com/argoproj/argo-helm
 icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
 keywords:
@ -21,5 +21,4 @@ dependencies:
    condition: redis-ha.enabled
 annotations:
  artifacthub.io/changes: |
-    - "[Fixed]: Set 'server.config.url' to empty string so logout function can calculate the right redirect URL"
-    - "[Fixed]: Do not create slack service account when notifications controller is disabled"
+    - "[Added]: New parameters to override Certificate duration and renewBefore"
--- a/charts/argo-cd/README.md
+++ b/charts/argo-cd/README.md
@ -402,11 +402,13 @@ NAME: my-release
 | server.autoscaling.targetCPUUtilizationPercentage | int | `50` | Average CPU utilization percentage for the Argo CD server [HPA] |
 | server.autoscaling.targetMemoryUtilizationPercentage | int | `50` | Average memory utilization percentage for the Argo CD server [HPA] |
 | server.certificate.additionalHosts | list | `[]` | Certificate manager additional hosts |
-| server.certificate.domain | string | `"argocd.example.com"` | Certificate manager domain |
-| server.certificate.enabled | bool | `false` | Enables a certificate manager certificate |
-| server.certificate.issuer.kind | string | `nil` | Certificate manager issuer |
-| server.certificate.issuer.name | string | `nil` | Certificate manager name |
-| server.certificate.secretName | string | `"argocd-server-tls"` | Certificate manager secret name |
+| server.certificate.domain | string | `"argocd.example.com"` | Certificate primary domain (commonName) |
+| server.certificate.duration | string | `""` | The requested 'duration' (i.e. lifetime) of the Certificate. Value must be in units accepted by Go time.ParseDuration |
+| server.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) |
+| server.certificate.issuer.kind | string | `""` | Certificate issuer kind. Either `Issuer` or `ClusterIssuer` |
+| server.certificate.issuer.name | string | `""` | Certificate isser name. Eg. `letsencrypt` |
+| server.certificate.renewBefore | string | `""` | How long before the currently issued certificate's expiry cert-manager should renew the certificate. Value must be in units accepted by Go time.ParseDuration |
+| server.certificate.secretName | string | `"argocd-server-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource |
 | server.clusterAdminAccess.enabled | bool | `true` | Enable RBAC for local cluster deployments |
 | server.config | object | See [values.yaml] | [General Argo CD configuration] |
 | server.configAnnotations | object | `{}` | Annotations to be added to Argo CD ConfigMap |
--- a/charts/argo-cd/templates/argocd-server/certificate.yaml
+++ b/charts/argo-cd/templates/argocd-server/certificate.yaml
@ -22,8 +22,14 @@ spec:
    {{- range .Values.server.certificate.additionalHosts }}
    - {{ . | quote }}
    {{- end }}
+  {{- with .Values.server.certificate.duration }}
+  duration: {{ . | quote }}
+  {{- end }}
  issuerRef:
    kind: {{ .Values.server.certificate.issuer.kind | quote }}
    name: {{ .Values.server.certificate.issuer.name | quote }}
+  {{- with .Values.server.certificate.renewBefore }}
+  renewBefore: {{ . | quote }}
+  {{- end }}
  secretName: {{ .Values.server.certificate.secretName | quote }}
 {{- end }}
--- a/charts/argo-cd/values.yaml
+++ b/charts/argo-cd/values.yaml
@ -926,18 +926,22 @@ server:

  ## Certificate configuration
  certificate:
-    # -- Enables a certificate manager certificate
+    # -- Deploy a Certificate resource (requires cert-manager)
    enabled: false
-    # -- Certificate manager domain
+    # -- Certificate primary domain (commonName)
    domain: argocd.example.com
+    # -- The requested 'duration' (i.e. lifetime) of the Certificate. Value must be in units accepted by Go time.ParseDuration
+    duration: ""
+    # -- How long before the currently issued certificate's expiry cert-manager should renew the certificate. Value must be in units accepted by Go time.ParseDuration
+    renewBefore: ""
    issuer:
-      # -- Certificate manager issuer
-      kind: # ClusterIssuer
-      # -- Certificate manager name
-      name: # letsencrypt
+      # -- Certificate issuer kind. Either `Issuer` or `ClusterIssuer`
+      kind: ""
+      # -- Certificate isser name. Eg. `letsencrypt`
+      name: ""
    # -- Certificate manager additional hosts
    additionalHosts: []
-    # -- Certificate manager secret name
+    # -- The name of the Secret that will be automatically created and managed by this Certificate resource
    secretName: argocd-server-tls

  ## Server service configuration