From 8f8049499e5ce22a154444a940fca2fb5fa24213 Mon Sep 17 00:00:00 2001
From: yu-croco <yu.croco@gmail.com>
Date: Thu, 11 May 2023 23:52:59 +0900
Subject: [PATCH] fix(argo-cd): Add Certificate to right component
 Signed-off-by: yu-croco <yu.croco@gmail.com>

---
 charts/argo-cd/Chart.yaml                     |  2 +-
 charts/argo-cd/README.md                      | 26 +++----
 .../certificate.yaml                          | 33 --------
 .../argocd-applicationset/certificate.yaml    | 33 ++++++++
 charts/argo-cd/values.yaml                    | 78 +++++++++----------
 5 files changed, 86 insertions(+), 86 deletions(-)
 delete mode 100644 charts/argo-cd/templates/argocd-application-controller/certificate.yaml
 create mode 100644 charts/argo-cd/templates/argocd-applicationset/certificate.yaml

diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml
index 98f34070..70ff366d 100644
--- a/charts/argo-cd/Chart.yaml
+++ b/charts/argo-cd/Chart.yaml
@@ -27,4 +27,4 @@ annotations:
     url: https://argoproj.github.io/argo-helm/pgp_keys.asc
   artifacthub.io/changes: |
     - kind: added
-      description: Ability to add certificate to Argo CD Controller
+      description: Enable to add certificate to ApplicationSet Controller
diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md
index c9ce89a1..8204ddf7 100644
--- a/charts/argo-cd/README.md
+++ b/charts/argo-cd/README.md
@@ -488,19 +488,6 @@ NAME: my-release
 |-----|------|---------|-------------|
 | controller.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment |
 | controller.args | object | `{}` | DEPRECATED - Application controller commandline flags |
-| controller.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) |
-| controller.certificate.domain | string | `"argocd.example.com"` | Certificate primary domain (commonName) |
-| controller.certificate.duration | string | `""` (defaults to 2160h = 90d if not specified) | The requested 'duration' (i.e. lifetime) of the certificate. |
-| controller.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) |
-| controller.certificate.issuer.group | string | `""` | Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` |
-| controller.certificate.issuer.kind | string | `""` | Certificate issuer kind. Either `Issuer` or `ClusterIssuer` |
-| controller.certificate.issuer.name | string | `""` | Certificate issuer name. Eg. `letsencrypt` |
-| controller.certificate.privateKey.algorithm | string | `"RSA"` | Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA` |
-| controller.certificate.privateKey.encoding | string | `"PKCS1"` | The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8` |
-| controller.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` |
-| controller.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. |
-| controller.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. |
-| controller.certificate.secretName | string | `"argocd-application-controller-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource |
 | controller.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the application controller's ClusterRole resource |
 | controller.clusterRoleRules.rules | list | `[]` | List of custom rules for the application controller's ClusterRole resource |
 | controller.containerPorts.metrics | int | `8082` | Metrics container port |
@@ -1036,6 +1023,19 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
 |-----|------|---------|-------------|
 | applicationSet.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules |
 | applicationSet.args | object | `{}` | DEPRECATED - ApplicationSet controller command line flags |
+| applicationSet.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) |
+| applicationSet.certificate.domain | string | `"argocd.example.com"` | Certificate primary domain (commonName) |
+| applicationSet.certificate.duration | string | `""` (defaults to 2160h = 90d if not specified) | The requested 'duration' (i.e. lifetime) of the certificate. |
+| applicationSet.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) |
+| applicationSet.certificate.issuer.group | string | `""` | Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` |
+| applicationSet.certificate.issuer.kind | string | `""` | Certificate issuer kind. Either `Issuer` or `ClusterIssuer` |
+| applicationSet.certificate.issuer.name | string | `""` | Certificate issuer name. Eg. `letsencrypt` |
+| applicationSet.certificate.privateKey.algorithm | string | `"RSA"` | Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA` |
+| applicationSet.certificate.privateKey.encoding | string | `"PKCS1"` | The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8` |
+| applicationSet.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` |
+| applicationSet.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. |
+| applicationSet.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. |
+| applicationSet.certificate.secretName | string | `"argocd-application-controller-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource |
 | applicationSet.containerPorts.metrics | int | `8080` | Metrics container port |
 | applicationSet.containerPorts.probe | int | `8081` | Probe container port |
 | applicationSet.containerPorts.webhook | int | `7000` | Webhook container port |
diff --git a/charts/argo-cd/templates/argocd-application-controller/certificate.yaml b/charts/argo-cd/templates/argocd-application-controller/certificate.yaml
deleted file mode 100644
index 234a46c3..00000000
--- a/charts/argo-cd/templates/argocd-application-controller/certificate.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-{{- if .Values.controller.certificate.enabled -}}
-apiVersion: {{ include "argo-cd.apiVersion.cert-manager" . }}
-kind: Certificate
-metadata:
-  name: {{ template "argo-cd.controller.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
-  labels:
-    {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
-spec:
-  secretName: {{ .Values.controller.certificate.secretName }}
-  commonName: {{ .Values.controller.certificate.domain | quote }}
-  dnsNames:
-    - {{ .Values.controller.certificate.domain | quote }}
-    {{- range .Values.controller.certificate.additionalHosts }}
-    - {{ . | quote }}
-    {{- end }}
-  {{- with .Values.controller.certificate.duration }}
-  duration: {{ . | quote }}
-  {{- end }}
-  {{- with .Values.controller.certificate.renewBefore }}
-  renewBefore: {{ . | quote }}
-  {{- end }}
-  issuerRef:
-    {{- with .Values.controller.certificate.issuer.group }}
-    group: {{ . | quote }}
-    {{- end }}
-    kind: {{ .Values.controller.certificate.issuer.kind | quote }}
-    name: {{ .Values.controller.certificate.issuer.name | quote }}
-  {{- with .Values.controller.certificate.privateKey }}
-  privateKey:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-{{- end }}
diff --git a/charts/argo-cd/templates/argocd-applicationset/certificate.yaml b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml
new file mode 100644
index 00000000..505a70fc
--- /dev/null
+++ b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml
@@ -0,0 +1,33 @@
+{{- if .Values.applicationSet.certificate.enabled -}}
+apiVersion: {{ include "argo-cd.apiVersion.cert-manager" . }}
+kind: Certificate
+metadata:
+  name: {{ template "argo-cd.applicationSet.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
+spec:
+  secretName: {{ .Values.applicationSet.certificate.secretName }}
+  commonName: {{ .Values.applicationSet.certificate.domain | quote }}
+  dnsNames:
+    - {{ .Values.applicationSet.certificate.domain | quote }}
+    {{- range .Values.applicationSet.certificate.additionalHosts }}
+    - {{ . | quote }}
+    {{- end }}
+  {{- with .Values.applicationSet.certificate.duration }}
+  duration: {{ . | quote }}
+  {{- end }}
+  {{- with .Values.applicationSet.certificate.renewBefore }}
+  renewBefore: {{ . | quote }}
+  {{- end }}
+  issuerRef:
+    {{- with .Values.applicationSet.certificate.issuer.group }}
+    group: {{ . | quote }}
+    {{- end }}
+    kind: {{ .Values.applicationSet.certificate.issuer.kind | quote }}
+    name: {{ .Values.applicationSet.certificate.issuer.name | quote }}
+  {{- with .Values.applicationSet.certificate.privateKey }}
+  privateKey:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml
index bd875cc6..e7cd7d83 100644
--- a/charts/argo-cd/values.yaml
+++ b/charts/argo-cd/values.yaml
@@ -849,45 +849,6 @@ controller:
     # -- List of custom rules for the application controller's ClusterRole resource
     rules: []
 
-  # TLS certificate configuration via cert-manager
-  ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-configuration
-  certificate:
-    # -- Deploy a Certificate resource (requires cert-manager)
-    enabled: false
-    # -- The name of the Secret that will be automatically created and managed by this Certificate resource
-    secretName: argocd-application-controller-tls
-    # -- Certificate primary domain (commonName)
-    domain: argocd.example.com
-    # -- Certificate Subject Alternate Names (SANs)
-    additionalHosts: []
-    # -- The requested 'duration' (i.e. lifetime) of the certificate.
-    # @default -- `""` (defaults to 2160h = 90d if not specified)
-    ## Ref: https://cert-manager.io/docs/usage/certificate/#renewal
-    duration: ""
-    # -- How long before the expiry a certificate should be renewed.
-    # @default -- `""` (defaults to 360h = 15d if not specified)
-    ## Ref: https://cert-manager.io/docs/usage/certificate/#renewal
-    renewBefore: ""
-    # Certificate issuer
-    ## Ref: https://cert-manager.io/docs/concepts/issuer
-    issuer:
-      # -- Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io`
-      group: ""
-      # -- Certificate issuer kind. Either `Issuer` or `ClusterIssuer`
-      kind: ""
-      # -- Certificate issuer name. Eg. `letsencrypt`
-      name: ""
-    # Private key of the certificate
-    privateKey:
-      # -- Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always`
-      rotationPolicy: Never
-      # -- The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8`
-      encoding: PKCS1
-      # -- Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA`
-      algorithm: RSA
-      # -- Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored.
-      size: 2048
-
 ## Dex
 dex:
   # -- Enable dex
@@ -2660,6 +2621,45 @@ applicationSet:
         #   hosts:
         #     - argocd-applicationset.example.com
 
+  # TLS certificate configuration via cert-manager
+  ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-configuration
+  certificate:
+    # -- Deploy a Certificate resource (requires cert-manager)
+    enabled: false
+    # -- The name of the Secret that will be automatically created and managed by this Certificate resource
+    secretName: argocd-application-controller-tls
+    # -- Certificate primary domain (commonName)
+    domain: argocd.example.com
+    # -- Certificate Subject Alternate Names (SANs)
+    additionalHosts: []
+    # -- The requested 'duration' (i.e. lifetime) of the certificate.
+    # @default -- `""` (defaults to 2160h = 90d if not specified)
+    ## Ref: https://cert-manager.io/docs/usage/certificate/#renewal
+    duration: ""
+    # -- How long before the expiry a certificate should be renewed.
+    # @default -- `""` (defaults to 360h = 15d if not specified)
+    ## Ref: https://cert-manager.io/docs/usage/certificate/#renewal
+    renewBefore: ""
+    # Certificate issuer
+    ## Ref: https://cert-manager.io/docs/concepts/issuer
+    issuer:
+      # -- Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io`
+      group: ""
+      # -- Certificate issuer kind. Either `Issuer` or `ClusterIssuer`
+      kind: ""
+      # -- Certificate issuer name. Eg. `letsencrypt`
+      name: ""
+    # Private key of the certificate
+    privateKey:
+      # -- Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always`
+      rotationPolicy: Never
+      # -- The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8`
+      encoding: PKCS1
+      # -- Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA`
+      algorithm: RSA
+      # -- Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored.
+      size: 2048
+
 ## Notifications controller
 notifications:
   # -- Enable notifications controller