Add certificate (#107)

charts/argo-cd/README.md

@@ -30,6 +30,7 @@ $ helm install --name my-release argo/argo-cd
 | applicationController.servicePort      | int    | `8082`                 | Service port for applicaiton controller server                                                                                                                                                                                                                                |
 | applicationController.volumeMounts     | list   | `[]`                   | Additional volume mounts                                                                                                                                                                                                                                                      |
 | applicationController.volumes          | list   | `[]`                   | Additional volumes                                                                                                                                                                                                                                                            |
+| certificate.enabled                    | bool   | `false`                | Enable certificate (requires cert-manager)                                                                                                                                                                                                                                    |
 | clusterAdminAccess.enabled             | bool   | `true`                 | Standard Argo CD installation with cluster-admin access. Set this true if you plan to use Argo CD to deploy applications in the same cluster that Argo CD runs in (i.e. kubernetes.svc.default). Will still be able to deploy to external clusters with inputted credentials. |
 | config.configManagementPlugins         | string | `nil`                  | List of custom config management plugins, see [values.yaml](./values.yaml) for format                                                                                                                                                                                         |
 | config.createSecret                    | bool   | `true`                 | Creates the argocd-secret secret, set to false to manage externally                                                                                                                                                                                                           |

charts/argo-cd/templates/argocd-server-certificate.yaml

@@ -0,0 +1,24 @@
+{{- if .Values.certificate.enabled -}}
+{{- $commonName := regexReplaceAll "^https?://([^/]+)(/.*)?$" .Values.config.url "${1}" }}
+apiVersion: certmanager.k8s.io/v1alpha1
+kind: Certificate
+metadata:
+  name: argocd-server
+  labels:
+    app.kubernetes.io/name: {{ include "argo-cd.name" . }}
+    helm.sh/chart: {{ include "argo-cd.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
+spec:
+  commonName: {{ $commonName | quote }}
+  dnsNames:
+    - {{ $commonName | quote }}
+  {{- range .Values.ingress.additionalHosts }}
+    - {{ . | quote }}
+  {{- end }}
+  issuerRef:
+    kind: {{ .Values.certificate.issuer.kind | quote }}
+    name: {{ .Values.certificate.issuer.name | quote }}
+  secretName: argocd-secret
+{{- end }}

charts/argo-cd/values.yaml

@@ -65,8 +65,16 @@ ingress:
     # nginx.ingress.kubernetes.io/ssl-passthrough: "true"
   path: /
   additionalHosts: []
+
+certificate:
+  enabled: false
+  issuer:
+    kind: # ClusterIssuer
+    name: # letsencrypt
+
 clusterAdminAccess:
   enabled: true
+
 config:
   createSecret: true
   helmRepositories: