feat(argo-cd): Add ability to handle cluster credentials (#632)

* feat(argo-cd): Add ability to handle cluster credentials

Signed-off-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com>

* Apply review changes

Co-authored-by: Oliver Bähler <oliverbaehler@hotmail.com>
Signed-off-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com>

* fix: use stringData in cluster secret

Signed-off-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com>

Co-authored-by: Oliver Bähler <oliverbaehler@hotmail.com>
Co-authored-by: Spencer Gilbert <Spencer.Gilbert@gmail.com>

charts/argo-cd/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 2.0.0
 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 3.0.0
+version: 3.1.0
 home: https://github.com/argoproj/argo-helm
 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
 keywords:

charts/argo-cd/README.md

@@ -80,6 +80,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
 | global.hostAliases | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | `[]` |
 | nameOverride | Provide a name in place of `argocd` | `"argocd"` |
 | installCRDs | Install CRDs if you are using Helm2. | `true` |
+| configs.clusterCredentials | Provide one or multiple [external cluster credentials](https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters) | `[]` (See [values.yaml](values.yaml)) |
 | configs.knownHostsAnnotations | Known Hosts configmap annotations | `{}` |
 | configs.knownHosts.data.ssh_known_hosts | Known Hosts | See [values.yaml](values.yaml) |
 | configs.secret.annotations | Annotations for argocd-secret | `{}` |

charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml

@@ -0,0 +1,23 @@
+{{- range .Values.configs.clusterCredentials }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "argo-cd.name" $ }}-cluster-{{ .name }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}
+    argocd.argoproj.io/secret-type: cluster
+  {{- with .annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+type: Opaque
+stringData:
+  name: {{ required "A valid .Values.configs.clusterCredentials[].name entry is required!" .name }}
+  server: {{ required "A valid .Values.configs.clusterCredentials[].server entry is required!" .server }}
+  {{- with .namespaces }}
+  namespaces: {{ . }}
+  {{- end }}
+  config: |
+    {{- required "A valid .Values.configs.clusterCredentials[].config entry is required!" .config | toPrettyJson | nindent 4 }}
+{{- end }}

charts/argo-cd/values.yaml

@@ -872,6 +872,29 @@ repoServer:
 
 ## Argo Configs
 configs:
+  ## External Cluster Credentials
+  ## reference:
+  ## - https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters
+  ## - https://argoproj.github.io/argo-cd/operator-manual/security/#external-cluster-credentials
+  clusterCredentials: []
+    # - name: mycluster
+    #   server: https://mycluster.com
+    #   annotations: {}
+    #   config:
+    #     bearerToken: "<authentication token>"
+    #     tlsClientConfig:
+    #       insecure: false
+    #       caData: "<base64 encoded certificate>"
+    # - name: mycluster2
+    #   server: https://mycluster2.com
+    #   annotations: {}
+    #   namespaces: namespace1,namespace2
+    #   config:
+    #     bearerToken: "<authentication token>"
+    #     tlsClientConfig:
+    #       insecure: false
+    #       caData: "<base64 encoded certificate>"
+
   knownHostsAnnotations: {}
   knownHosts:
     data: