From 84120e6da3f451a375a9be7fe2e72ba02e063703 Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Wed, 14 Apr 2021 03:10:04 +0200 Subject: [PATCH] feat(argo-cd): Add ability to handle cluster credentials (#632) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat(argo-cd): Add ability to handle cluster credentials Signed-off-by: Marco Kilchhofer * Apply review changes Co-authored-by: Oliver Bähler Signed-off-by: Marco Kilchhofer * fix: use stringData in cluster secret Signed-off-by: Marco Kilchhofer Co-authored-by: Oliver Bähler Co-authored-by: Spencer Gilbert --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/README.md | 1 + .../argocd-configs/cluster-secrets.yaml | 23 +++++++++++++++++++ charts/argo-cd/values.yaml | 23 +++++++++++++++++++ 4 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 2320a609..d115b875 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.0 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.0.0 +version: 3.1.0 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 22806038..d94003d7 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -80,6 +80,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | global.hostAliases | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | `[]` | | nameOverride | Provide a name in place of `argocd` | `"argocd"` | | installCRDs | Install CRDs if you are using Helm2. | `true` | +| configs.clusterCredentials | Provide one or multiple [external cluster credentials](https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters) | `[]` (See [values.yaml](values.yaml)) | | configs.knownHostsAnnotations | Known Hosts configmap annotations | `{}` | | configs.knownHosts.data.ssh_known_hosts | Known Hosts | See [values.yaml](values.yaml) | | configs.secret.annotations | Annotations for argocd-secret | `{}` | diff --git a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml new file mode 100644 index 00000000..a4190768 --- /dev/null +++ b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml @@ -0,0 +1,23 @@ +{{- range .Values.configs.clusterCredentials }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "argo-cd.name" $ }}-cluster-{{ .name }} + labels: + {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} + argocd.argoproj.io/secret-type: cluster + {{- with .annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +type: Opaque +stringData: + name: {{ required "A valid .Values.configs.clusterCredentials[].name entry is required!" .name }} + server: {{ required "A valid .Values.configs.clusterCredentials[].server entry is required!" .server }} + {{- with .namespaces }} + namespaces: {{ . }} + {{- end }} + config: | + {{- required "A valid .Values.configs.clusterCredentials[].config entry is required!" .config | toPrettyJson | nindent 4 }} +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index a7e84181..1b7c2682 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -872,6 +872,29 @@ repoServer: ## Argo Configs configs: + ## External Cluster Credentials + ## reference: + ## - https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters + ## - https://argoproj.github.io/argo-cd/operator-manual/security/#external-cluster-credentials + clusterCredentials: [] + # - name: mycluster + # server: https://mycluster.com + # annotations: {} + # config: + # bearerToken: "" + # tlsClientConfig: + # insecure: false + # caData: "" + # - name: mycluster2 + # server: https://mycluster2.com + # annotations: {} + # namespaces: namespace1,namespace2 + # config: + # bearerToken: "" + # tlsClientConfig: + # insecure: false + # caData: "" + knownHostsAnnotations: {} knownHosts: data: