diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 62171767..8c506f4f 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -30,6 +30,7 @@ $ helm install --name my-release argo/argo-cd | applicationController.servicePort | int | `8082` | Service port for applicaiton controller server | | applicationController.volumeMounts | list | `[]` | Additional volume mounts | | applicationController.volumes | list | `[]` | Additional volumes | +| certificate.enabled | bool | `false` | Enable certificate (requires cert-manager) | | clusterAdminAccess.enabled | bool | `true` | Standard Argo CD installation with cluster-admin access. Set this true if you plan to use Argo CD to deploy applications in the same cluster that Argo CD runs in (i.e. kubernetes.svc.default). Will still be able to deploy to external clusters with inputted credentials. | | config.configManagementPlugins | string | `nil` | List of custom config management plugins, see [values.yaml](./values.yaml) for format | | config.createSecret | bool | `true` | Creates the argocd-secret secret, set to false to manage externally | diff --git a/charts/argo-cd/templates/argocd-server-certificate.yaml b/charts/argo-cd/templates/argocd-server-certificate.yaml new file mode 100644 index 00000000..e72c7db3 --- /dev/null +++ b/charts/argo-cd/templates/argocd-server-certificate.yaml @@ -0,0 +1,24 @@ +{{- if .Values.certificate.enabled -}} +{{- $commonName := regexReplaceAll "^https?://([^/]+)(/.*)?$" .Values.config.url "${1}" }} +apiVersion: certmanager.k8s.io/v1alpha1 +kind: Certificate +metadata: + name: argocd-server + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} +spec: + commonName: {{ $commonName | quote }} + dnsNames: + - {{ $commonName | quote }} + {{- range .Values.ingress.additionalHosts }} + - {{ . | quote }} + {{- end }} + issuerRef: + kind: {{ .Values.certificate.issuer.kind | quote }} + name: {{ .Values.certificate.issuer.name | quote }} + secretName: argocd-secret +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 167c7f13..7801208a 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -65,8 +65,16 @@ ingress: # nginx.ingress.kubernetes.io/ssl-passthrough: "true" path: / additionalHosts: [] + +certificate: + enabled: false + issuer: + kind: # ClusterIssuer + name: # letsencrypt + clusterAdminAccess: enabled: true + config: createSecret: true helmRepositories: