Merge pull request #78 from codefresh-io/CR-23749-argo-cd-event-repor…

…ter-ca-cert feat: event-reporter codefresh cert support
codefresh-io · Jun 17, 2024 · 856d6ef · 856d6ef
2 parents f98f2f4 + c082d70
commit 856d6ef
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 6 deletions.
diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml
@@ -1,9 +1,9 @@
 apiVersion: v2
-appVersion: v2.10-2024.5.14-9315e75e1
+appVersion: v2.10-2024.6.17-77e06d0f6
 kubeVersion: ">=1.23.0-0"
 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 6.7.18-3-cap-2.10-2024.5.14-9315e75e1
+version: 6.7.18-4-cap-2.10-2024.6.17-77e06d0f6
 home: https://github.com/argoproj/argo-helm
 icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
 sources:
@@ -27,6 +27,4 @@ annotations:
     url: https://argoproj.github.io/argo-helm/pgp_keys.asc
   artifacthub.io/changes: |
     - kind: changed
-      description: Upgrade argo-cd to v2.10-2024.5.14-9315e75e1
-    - kind: changed
-      description: Fix for security vulnerability GHSA-9766-5277-j5hr - Redis authentication
+      description: Upgrade argo-cd to v2.10-2024.6.17-77e06d0f6
diff --git a/charts/argo-cd/templates/event-reporter/statefulset.yaml b/charts/argo-cd/templates/event-reporter/statefulset.yaml
@@ -101,6 +101,11 @@ spec:
               secretKeyRef:
                 key: token
                 name: codefresh-token
+          {{- if or .Values.global.codefresh.tls.caCerts.secret.create .Values.global.codefresh.tls.caCerts.secretKeyRef }}
+            {{- $key := .Values.global.codefresh.tls.caCerts.secret.create | ternary (default "ca-bundle.crt" .Values.global.codefresh.tls.caCerts.secret.key) .Values.global.codefresh.tls.caCerts.secretKeyRef.key }}
+          - name: CODEFRESH_SSL_CERT_PATH
+            value: /app/config/codefresh-tls-certs/{{ $key }}
+          {{- end }}
           # todo: clean up
           - name: EVENT_REPORTER_INSECURE
             valueFrom:
@@ -218,7 +223,7 @@ spec:
           successThreshold: {{ .Values.eventReporter.readinessProbe.successThreshold }}
           failureThreshold: {{ .Values.eventReporter.readinessProbe.failureThreshold }}
         resources:
-          {{- toYaml .Values.eventReporter.resources | nindent 10 }}
+          {{- toYaml .Values.eventReporter.resources | nindent 12 }}
         {{- with .Values.eventReporter.containerSecurityContext }}
         securityContext:
           {{- toYaml . | nindent 10 }}
@@ -227,6 +232,11 @@ spec:
         {{- with .Values.eventReporter.volumeMounts }}
           {{- toYaml . | nindent 8 }}
         {{- end }}
+        {{- if or .Values.global.codefresh.tls.caCerts.secret.create .Values.global.codefresh.tls.caCerts.secretKeyRef}}
+        - name: codefresh-tls-certs
+          mountPath: /app/config/codefresh-tls-certs
+          readOnly: true
+        {{- end }}
         - name: argocd-repo-server-tls
           mountPath: /app/config/server/tls
         - mountPath: /tmp
@@ -265,6 +275,13 @@ spec:
       {{- with .Values.eventReporter.volumes }}
         {{- toYaml . | nindent 6 }}
       {{- end }}
+      {{- if or .Values.global.codefresh.tls.caCerts.secret.create .Values.global.codefresh.tls.caCerts.secretKeyRef }}
+      - name: codefresh-tls-certs
+        secret:
+          secretName: {{ .Values.global.codefresh.tls.caCerts.secret.create | ternary "codefresh-tls-certs" .Values.global.codefresh.tls.caCerts.secretKeyRef.name }}
+          defaultMode: 420
+          optional: true
+      {{- end }}
       - emptyDir: { }
         name: plugins-home
       - emptyDir: { }