fix(argo-cd): Add Certificate to right component
Signed-off-by: yu-croco <yu.croco@gmail.com>
This commit is contained in:
yu-croco
parent
85966170f2
commit
8f8049499e
5 changed files with 86 additions and 86 deletions
|
|
@ -27,4 +27,4 @@ annotations:
|
|||
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
|
||||
artifacthub.io/changes: |
|
||||
- kind: added
|
||||
description: Ability to add certificate to Argo CD Controller
|
||||
description: Enable to add certificate to ApplicationSet Controller
|
||||
|
|
|
|||
|
|
@ -488,19 +488,6 @@ NAME: my-release
|
|||
|-----|------|---------|-------------|
|
||||
| controller.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment |
|
||||
| controller.args | object | `{}` | DEPRECATED - Application controller commandline flags |
|
||||
| controller.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) |
|
||||
| controller.certificate.domain | string | `"argocd.example.com"` | Certificate primary domain (commonName) |
|
||||
| controller.certificate.duration | string | `""` (defaults to 2160h = 90d if not specified) | The requested 'duration' (i.e. lifetime) of the certificate. |
|
||||
| controller.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) |
|
||||
| controller.certificate.issuer.group | string | `""` | Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` |
|
||||
| controller.certificate.issuer.kind | string | `""` | Certificate issuer kind. Either `Issuer` or `ClusterIssuer` |
|
||||
| controller.certificate.issuer.name | string | `""` | Certificate issuer name. Eg. `letsencrypt` |
|
||||
| controller.certificate.privateKey.algorithm | string | `"RSA"` | Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA` |
|
||||
| controller.certificate.privateKey.encoding | string | `"PKCS1"` | The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8` |
|
||||
| controller.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` |
|
||||
| controller.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. |
|
||||
| controller.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. |
|
||||
| controller.certificate.secretName | string | `"argocd-application-controller-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource |
|
||||
| controller.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the application controller's ClusterRole resource |
|
||||
| controller.clusterRoleRules.rules | list | `[]` | List of custom rules for the application controller's ClusterRole resource |
|
||||
| controller.containerPorts.metrics | int | `8082` | Metrics container port |
|
||||
|
|
@ -1036,6 +1023,19 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
|
|||
|-----|------|---------|-------------|
|
||||
| applicationSet.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules |
|
||||
| applicationSet.args | object | `{}` | DEPRECATED - ApplicationSet controller command line flags |
|
||||
| applicationSet.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) |
|
||||
| applicationSet.certificate.domain | string | `"argocd.example.com"` | Certificate primary domain (commonName) |
|
||||
| applicationSet.certificate.duration | string | `""` (defaults to 2160h = 90d if not specified) | The requested 'duration' (i.e. lifetime) of the certificate. |
|
||||
| applicationSet.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) |
|
||||
| applicationSet.certificate.issuer.group | string | `""` | Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` |
|
||||
| applicationSet.certificate.issuer.kind | string | `""` | Certificate issuer kind. Either `Issuer` or `ClusterIssuer` |
|
||||
| applicationSet.certificate.issuer.name | string | `""` | Certificate issuer name. Eg. `letsencrypt` |
|
||||
| applicationSet.certificate.privateKey.algorithm | string | `"RSA"` | Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA` |
|
||||
| applicationSet.certificate.privateKey.encoding | string | `"PKCS1"` | The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8` |
|
||||
| applicationSet.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` |
|
||||
| applicationSet.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. |
|
||||
| applicationSet.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. |
|
||||
| applicationSet.certificate.secretName | string | `"argocd-application-controller-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource |
|
||||
| applicationSet.containerPorts.metrics | int | `8080` | Metrics container port |
|
||||
| applicationSet.containerPorts.probe | int | `8081` | Probe container port |
|
||||
| applicationSet.containerPorts.webhook | int | `7000` | Webhook container port |
|
||||
|
|
|
|||
|
|
@ -1,33 +0,0 @@
|
|||
{{- if .Values.controller.certificate.enabled -}}
|
||||
apiVersion: {{ include "argo-cd.apiVersion.cert-manager" . }}
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: {{ template "argo-cd.controller.fullname" . }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels:
|
||||
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
|
||||
spec:
|
||||
secretName: {{ .Values.controller.certificate.secretName }}
|
||||
commonName: {{ .Values.controller.certificate.domain | quote }}
|
||||
dnsNames:
|
||||
- {{ .Values.controller.certificate.domain | quote }}
|
||||
{{- range .Values.controller.certificate.additionalHosts }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.controller.certificate.duration }}
|
||||
duration: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.controller.certificate.renewBefore }}
|
||||
renewBefore: {{ . | quote }}
|
||||
{{- end }}
|
||||
issuerRef:
|
||||
{{- with .Values.controller.certificate.issuer.group }}
|
||||
group: {{ . | quote }}
|
||||
{{- end }}
|
||||
kind: {{ .Values.controller.certificate.issuer.kind | quote }}
|
||||
name: {{ .Values.controller.certificate.issuer.name | quote }}
|
||||
{{- with .Values.controller.certificate.privateKey }}
|
||||
privateKey:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,33 @@
|
|||
{{- if .Values.applicationSet.certificate.enabled -}}
|
||||
apiVersion: {{ include "argo-cd.apiVersion.cert-manager" . }}
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: {{ template "argo-cd.applicationSet.fullname" . }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels:
|
||||
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
|
||||
spec:
|
||||
secretName: {{ .Values.applicationSet.certificate.secretName }}
|
||||
commonName: {{ .Values.applicationSet.certificate.domain | quote }}
|
||||
dnsNames:
|
||||
- {{ .Values.applicationSet.certificate.domain | quote }}
|
||||
{{- range .Values.applicationSet.certificate.additionalHosts }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.applicationSet.certificate.duration }}
|
||||
duration: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.applicationSet.certificate.renewBefore }}
|
||||
renewBefore: {{ . | quote }}
|
||||
{{- end }}
|
||||
issuerRef:
|
||||
{{- with .Values.applicationSet.certificate.issuer.group }}
|
||||
group: {{ . | quote }}
|
||||
{{- end }}
|
||||
kind: {{ .Values.applicationSet.certificate.issuer.kind | quote }}
|
||||
name: {{ .Values.applicationSet.certificate.issuer.name | quote }}
|
||||
{{- with .Values.applicationSet.certificate.privateKey }}
|
||||
privateKey:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
@ -849,45 +849,6 @@ controller:
|
|||
# -- List of custom rules for the application controller's ClusterRole resource
|
||||
rules: []
|
||||
|
||||
# TLS certificate configuration via cert-manager
|
||||
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-configuration
|
||||
certificate:
|
||||
# -- Deploy a Certificate resource (requires cert-manager)
|
||||
enabled: false
|
||||
# -- The name of the Secret that will be automatically created and managed by this Certificate resource
|
||||
secretName: argocd-application-controller-tls
|
||||
# -- Certificate primary domain (commonName)
|
||||
domain: argocd.example.com
|
||||
# -- Certificate Subject Alternate Names (SANs)
|
||||
additionalHosts: []
|
||||
# -- The requested 'duration' (i.e. lifetime) of the certificate.
|
||||
# @default -- `""` (defaults to 2160h = 90d if not specified)
|
||||
## Ref: https://cert-manager.io/docs/usage/certificate/#renewal
|
||||
duration: ""
|
||||
# -- How long before the expiry a certificate should be renewed.
|
||||
# @default -- `""` (defaults to 360h = 15d if not specified)
|
||||
## Ref: https://cert-manager.io/docs/usage/certificate/#renewal
|
||||
renewBefore: ""
|
||||
# Certificate issuer
|
||||
## Ref: https://cert-manager.io/docs/concepts/issuer
|
||||
issuer:
|
||||
# -- Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io`
|
||||
group: ""
|
||||
# -- Certificate issuer kind. Either `Issuer` or `ClusterIssuer`
|
||||
kind: ""
|
||||
# -- Certificate issuer name. Eg. `letsencrypt`
|
||||
name: ""
|
||||
# Private key of the certificate
|
||||
privateKey:
|
||||
# -- Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always`
|
||||
rotationPolicy: Never
|
||||
# -- The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8`
|
||||
encoding: PKCS1
|
||||
# -- Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA`
|
||||
algorithm: RSA
|
||||
# -- Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored.
|
||||
size: 2048
|
||||
|
||||
## Dex
|
||||
dex:
|
||||
# -- Enable dex
|
||||
|
|
@ -2660,6 +2621,45 @@ applicationSet:
|
|||
# hosts:
|
||||
# - argocd-applicationset.example.com
|
||||
|
||||
# TLS certificate configuration via cert-manager
|
||||
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-configuration
|
||||
certificate:
|
||||
# -- Deploy a Certificate resource (requires cert-manager)
|
||||
enabled: false
|
||||
# -- The name of the Secret that will be automatically created and managed by this Certificate resource
|
||||
secretName: argocd-application-controller-tls
|
||||
# -- Certificate primary domain (commonName)
|
||||
domain: argocd.example.com
|
||||
# -- Certificate Subject Alternate Names (SANs)
|
||||
additionalHosts: []
|
||||
# -- The requested 'duration' (i.e. lifetime) of the certificate.
|
||||
# @default -- `""` (defaults to 2160h = 90d if not specified)
|
||||
## Ref: https://cert-manager.io/docs/usage/certificate/#renewal
|
||||
duration: ""
|
||||
# -- How long before the expiry a certificate should be renewed.
|
||||
# @default -- `""` (defaults to 360h = 15d if not specified)
|
||||
## Ref: https://cert-manager.io/docs/usage/certificate/#renewal
|
||||
renewBefore: ""
|
||||
# Certificate issuer
|
||||
## Ref: https://cert-manager.io/docs/concepts/issuer
|
||||
issuer:
|
||||
# -- Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io`
|
||||
group: ""
|
||||
# -- Certificate issuer kind. Either `Issuer` or `ClusterIssuer`
|
||||
kind: ""
|
||||
# -- Certificate issuer name. Eg. `letsencrypt`
|
||||
name: ""
|
||||
# Private key of the certificate
|
||||
privateKey:
|
||||
# -- Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always`
|
||||
rotationPolicy: Never
|
||||
# -- The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8`
|
||||
encoding: PKCS1
|
||||
# -- Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA`
|
||||
algorithm: RSA
|
||||
# -- Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored.
|
||||
size: 2048
|
||||
|
||||
## Notifications controller
|
||||
notifications:
|
||||
# -- Enable notifications controller
|
||||
|
|
|
|||
Loading…
Reference in a new issue