From aff8a7804039ccf2fcd11cfb3291431fb2b94242 Mon Sep 17 00:00:00 2001
From: Yann Soubeyrand <yann.soubeyrand@camptocamp.com>
Date: Fri, 20 Sep 2019 01:02:21 +0200
Subject: [PATCH] Add certificate (#107)

---
 charts/argo-cd/README.md                      |  1 +
 .../templates/argocd-server-certificate.yaml  | 24 +++++++++++++++++++
 charts/argo-cd/values.yaml                    |  8 +++++++
 3 files changed, 33 insertions(+)
 create mode 100644 charts/argo-cd/templates/argocd-server-certificate.yaml

diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md
index 62171767..8c506f4f 100644
--- a/charts/argo-cd/README.md
+++ b/charts/argo-cd/README.md
@@ -30,6 +30,7 @@ $ helm install --name my-release argo/argo-cd
 | applicationController.servicePort      | int    | `8082`                 | Service port for applicaiton controller server                                                                                                                                                                                                                                |
 | applicationController.volumeMounts     | list   | `[]`                   | Additional volume mounts                                                                                                                                                                                                                                                      |
 | applicationController.volumes          | list   | `[]`                   | Additional volumes                                                                                                                                                                                                                                                            |
+| certificate.enabled                    | bool   | `false`                | Enable certificate (requires cert-manager)                                                                                                                                                                                                                                    |
 | clusterAdminAccess.enabled             | bool   | `true`                 | Standard Argo CD installation with cluster-admin access. Set this true if you plan to use Argo CD to deploy applications in the same cluster that Argo CD runs in (i.e. kubernetes.svc.default). Will still be able to deploy to external clusters with inputted credentials. |
 | config.configManagementPlugins         | string | `nil`                  | List of custom config management plugins, see [values.yaml](./values.yaml) for format                                                                                                                                                                                         |
 | config.createSecret                    | bool   | `true`                 | Creates the argocd-secret secret, set to false to manage externally                                                                                                                                                                                                           |
diff --git a/charts/argo-cd/templates/argocd-server-certificate.yaml b/charts/argo-cd/templates/argocd-server-certificate.yaml
new file mode 100644
index 00000000..e72c7db3
--- /dev/null
+++ b/charts/argo-cd/templates/argocd-server-certificate.yaml
@@ -0,0 +1,24 @@
+{{- if .Values.certificate.enabled -}}
+{{- $commonName := regexReplaceAll "^https?://([^/]+)(/.*)?$" .Values.config.url "${1}" }}
+apiVersion: certmanager.k8s.io/v1alpha1
+kind: Certificate
+metadata:
+  name: argocd-server
+  labels:
+    app.kubernetes.io/name: {{ include "argo-cd.name" . }}
+    helm.sh/chart: {{ include "argo-cd.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
+spec:
+  commonName: {{ $commonName | quote }}
+  dnsNames:
+    - {{ $commonName | quote }}
+  {{- range .Values.ingress.additionalHosts }}
+    - {{ . | quote }}
+  {{- end }}
+  issuerRef:
+    kind: {{ .Values.certificate.issuer.kind | quote }}
+    name: {{ .Values.certificate.issuer.name | quote }}
+  secretName: argocd-secret
+{{- end }}
diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml
index 167c7f13..7801208a 100644
--- a/charts/argo-cd/values.yaml
+++ b/charts/argo-cd/values.yaml
@@ -65,8 +65,16 @@ ingress:
     # nginx.ingress.kubernetes.io/ssl-passthrough: "true"
   path: /
   additionalHosts: []
+
+certificate:
+  enabled: false
+  issuer:
+    kind: # ClusterIssuer
+    name: # letsencrypt
+
 clusterAdminAccess:
   enabled: true
+
 config:
   createSecret: true
   helmRepositories: