From 4608d766df33c481d27e94511835ce26d6ce69f9 Mon Sep 17 00:00:00 2001
From: Petr Drastil <petr.drastil@gmail.com>
Date: Sun, 21 Jan 2024 17:04:24 +0100
Subject: [PATCH] Remove wildcard catch all ingress rule

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>
---
 charts/argo-cd/Chart.yaml                     |  2 +
 .../webhook-ingress.yaml                      | 31 +++------------
 .../templates/argocd-server/ingress-grpc.yaml | 35 ++++-------------
 .../templates/argocd-server/ingress.yaml      | 39 +++++--------------
 4 files changed, 23 insertions(+), 84 deletions(-)

diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml
index 803691fc..da4b015a 100644
--- a/charts/argo-cd/Chart.yaml
+++ b/charts/argo-cd/Chart.yaml
@@ -28,3 +28,5 @@ annotations:
   artifacthub.io/changes: |
     - kind: removed
       description: Support for deprecated features
+    - kind: removed
+      description: Wildcard catch all ingress rule
diff --git a/charts/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml b/charts/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml
index d98f9423..aa7e0f92 100644
--- a/charts/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.applicationSet.enabled .Values.applicationSet.webhook.ingress.enabled -}}
+{{- if and .Values.applicationSet.enabled (and .Values.applicationSet.webhook.ingress.enabled .Values.applicationSet.webhook.ingress.hosts) -}}
 {{- $servicePort := .Values.applicationSet.service.portName -}}
 {{- $paths := .Values.applicationSet.webhook.ingress.paths -}}
 {{- $extraPaths := .Values.applicationSet.webhook.ingress.extraPaths -}}
@@ -24,13 +24,12 @@ spec:
   ingressClassName: {{ . }}
   {{- end }}
   rules:
-  {{- if .Values.applicationSet.webhook.ingress.hosts }}
-    {{- range $host := .Values.applicationSet.webhook.ingress.hosts }}
-    - host: {{ $host }}
+    {{- range .Values.applicationSet.webhook.ingress.hosts }}
+    - host: {{ . }}
       http:
         paths:
           {{- with $extraPaths }}
-          {{- toYaml . | nindent 10 }}
+            {{- toYaml . | nindent 10 }}
           {{- end }}
           {{- range $p := $paths }}
           - path: {{ $p }}
@@ -44,28 +43,8 @@ spec:
                   {{- else }}
                   name: {{ $servicePort }}
                   {{- end }}
-          {{- end -}}
-    {{- end -}}
-  {{- else }}
-    - http:
-        paths:
-          {{- with $extraPaths }}
-          {{- toYaml . | nindent 10 }}
           {{- end }}
-          {{- range $p := $paths }}
-          - path: {{ $p }}
-            pathType: {{ $pathType }}
-            backend:
-              service:
-                name: {{ include "argo-cd.applicationSet.fullname" $ }}
-                port:
-                  {{- if kindIs "float64" $servicePort }}
-                  number: {{ $servicePort }}
-                  {{- else }}
-                  name: {{ $servicePort }}
-                  {{- end }}
-          {{- end -}}
-  {{- end -}}
+    {{- end }}
   {{- with .Values.applicationSet.webhook.ingress.tls }}
   tls:
     {{- toYaml . | nindent 4 }}
diff --git a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml
index b671f86f..67620b17 100644
--- a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml
+++ b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.server.ingressGrpc.enabled (not .Values.server.ingressGrpc.isAWSALB) -}}
+{{- if and (and .Values.server.ingressGrpc.enabled .Values.server.ingressGrpc.hosts) (not .Values.server.ingressGrpc.isAWSALB) -}}
 {{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingressGrpc.https -}}
 {{- $paths := .Values.server.ingressGrpc.paths -}}
 {{- $extraPaths := .Values.server.ingressGrpc.extraPaths -}}
@@ -24,13 +24,12 @@ spec:
   ingressClassName: {{ . }}
   {{- end }}
   rules:
-  {{- if .Values.server.ingressGrpc.hosts }}
-    {{- range $host := .Values.server.ingressGrpc.hosts }}
-    - host: {{ $host }}
+    {{- range .Values.server.ingressGrpc.hosts }}
+    - host: {{ . }}
       http:
         paths:
           {{- with $extraPaths }}
-          {{- toYaml . | nindent 10 }}
+            {{- toYaml . | nindent 10 }}
           {{- end }}
           {{- range $p := $paths }}
           - path: {{ $p }}
@@ -44,30 +43,10 @@ spec:
                   {{- else }}
                   name: {{ $servicePort }}
                   {{- end }}
-          {{- end -}}
-    {{- end -}}
-  {{- else }}
-    - http:
-        paths:
-          {{- with $extraPaths }}
-          {{- toYaml . | nindent 10 }}
           {{- end }}
-          {{- range $p := $paths }}
-          - path: {{ $p }}
-            pathType: {{ $pathType }}
-            backend:
-              service:
-                name: {{ include "argo-cd.server.fullname" $ }}
-                port:
-                  {{- if kindIs "float64" $servicePort }}
-                  number: {{ $servicePort }}
-                  {{- else }}
-                  name: {{ $servicePort }}
-                  {{- end }}
-          {{- end -}}
-  {{- end -}}
+    {{- end }}
   {{- with .Values.server.ingressGrpc.tls }}
   tls:
     {{- toYaml . | nindent 4 }}
-  {{- end -}}
-{{- end -}}
+  {{- end }}
+{{- end }}
diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml
index a142bb66..6b1e6f26 100644
--- a/charts/argo-cd/templates/argocd-server/ingress.yaml
+++ b/charts/argo-cd/templates/argocd-server/ingress.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.server.ingress.enabled -}}
+{{- if and .Values.server.ingress.enabled .Values.server.ingress.hosts -}}
 {{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingress.https -}}
 {{- $paths := .Values.server.ingress.paths -}}
 {{- $extraPaths := .Values.server.ingress.extraPaths -}}
@@ -28,13 +28,12 @@ spec:
   ingressClassName: {{ . }}
   {{- end }}
   rules:
-  {{- if .Values.server.ingress.hosts }}
-    {{- range $host := .Values.server.ingress.hosts }}
-    - host: {{ $host | quote }}
+    {{- range .Values.server.ingress.hosts }}
+    - host: {{ . }}
       http:
         paths:
           {{- with $extraPaths }}
-          {{- toYaml . | nindent 10 }}
+            {{- toYaml . | nindent 10 }}
           {{- end }}
           {{- range $p := $paths }}
           {{- if and $.Values.server.ingressGrpc.isAWSALB $.Values.server.ingressGrpc.enabled }}
@@ -42,34 +41,14 @@ spec:
             pathType: {{ $.Values.server.ingressGrpc.pathType }}
             backend:
               service:
-                name: {{ template "argo-cd.server.fullname" $ }}-grpc
+                name: {{ include "argo-cd.server.fullname" $ }}-grpc
                 port:
                   {{- if kindIs "float64" $servicePort }}
                   number: {{ $servicePort }}
                   {{- else }}
                   name: {{ $servicePort }}
                   {{- end }}
-            {{- end }}
-          - path: {{ $p }}
-            pathType: {{ $pathType }}
-            backend:
-              service:
-                name: {{ include "argo-cd.server.fullname" $ }}
-                port:
-                  {{- if kindIs "float64" $servicePort }}
-                  number: {{ $servicePort }}
-                  {{- else }}
-                  name: {{ $servicePort }}
-                  {{- end }}
-          {{- end -}}
-    {{- end -}}
-  {{- else }}
-    - http:
-        paths:
-          {{- with $extraPaths }}
-          {{- toYaml . | nindent 10 }}
           {{- end }}
-          {{- range $p := $paths }}
           - path: {{ $p }}
             pathType: {{ $pathType }}
             backend:
@@ -81,10 +60,10 @@ spec:
                   {{- else }}
                   name: {{ $servicePort }}
                   {{- end }}
-          {{- end -}}
-  {{- end -}}
+          {{- end }}
+    {{- end }}
   {{- with .Values.server.ingress.tls }}
   tls:
     {{- toYaml . | nindent 4 }}
-  {{- end -}}
-{{- end -}}
+  {{- end }}
+{{- end }}