diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 41e8e16e..84bf13d6 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v2.4.12 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.4.6 +version: 5.4.7 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -19,4 +19,4 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[Changed]: Update Dex image to v2.32.0" + - "[Added]: Add privateKey spec handling from CertificatePrivateKey" diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index ce245dc1..c501e740 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -553,6 +553,10 @@ NAME: my-release | server.certificate.issuer.group | string | `""` | Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` | | server.certificate.issuer.kind | string | `""` | Certificate issuer kind. Either `Issuer` or `ClusterIssuer` | | server.certificate.issuer.name | string | `""` | Certificate isser name. Eg. `letsencrypt` | +| server.certificate.privateKey.algorithm | string | `"RSA"` | Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA` | +| server.certificate.privateKey.encoding | string | `"PKCS1"` | The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8` | +| server.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` | +| server.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. | | server.certificate.renewBefore | string | `""` | How long before the currently issued certificate's expiry cert-manager should renew the certificate. Value must be in units accepted by Go time.ParseDuration | | server.certificate.secretName | string | `"argocd-server-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource | | server.clusterAdminAccess.enabled | bool | `true` | Enable RBAC for local cluster deployments | diff --git a/charts/argo-cd/templates/argocd-server/certificate.yaml b/charts/argo-cd/templates/argocd-server/certificate.yaml index 80f89b03..33b34891 100644 --- a/charts/argo-cd/templates/argocd-server/certificate.yaml +++ b/charts/argo-cd/templates/argocd-server/certificate.yaml @@ -31,6 +31,10 @@ spec: {{- end }} kind: {{ .Values.server.certificate.issuer.kind | quote }} name: {{ .Values.server.certificate.issuer.name | quote }} + {{- with .Values.server.certificate.privateKey }} + privateKey: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.server.certificate.renewBefore }} renewBefore: {{ . | quote }} {{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 8c49c8b2..152db68c 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1007,6 +1007,16 @@ server: duration: "" # -- How long before the currently issued certificate's expiry cert-manager should renew the certificate. Value must be in units accepted by Go time.ParseDuration renewBefore: "" + # Private key of the certificate + privateKey: + # -- Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` + rotationPolicy: Never + # -- The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8` + encoding: PKCS1 + # -- Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA` + algorithm: RSA + # -- Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. + size: 2048 issuer: # -- Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` group: ""