[bitnami/argo-cd] Add support for usePasswordFiles (#32079)

* [bitnami/argo-cd] Add support for `usePasswordFiles` Signed-off-by: Miguel Ruiz <miguel.ruiz@broadcom.com> * Update CHANGELOG.md Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> * Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> * Add missing export Signed-off-by: Miguel Ruiz <miguel.ruiz@broadcom.com> * Update CHANGELOG.md Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> * Fix tests Signed-off-by: Miguel Ruiz <miguel.ruiz@broadcom.com> * Update CHANGELOG.md Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> --------- Signed-off-by: Miguel Ruiz <miguel.ruiz@broadcom.com> Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> Co-authored-by: Bitnami Containers <bitnami-bot@vmware.com>
2026-02-10 20:27:38 +08:00 · 2025-02-24 14:53:17 +01:00
parent c4826b82e2
commit d9a4702bfd
8 changed files with 116 additions and 44 deletions
--- a/.vib/argo-cd/cypress/cypress/e2e/argo_cd.cy.js
+++ b/.vib/argo-cd/cypress/cypress/e2e/argo_cd.cy.js
@@ -58,6 +58,9 @@ it('allows deploying a healthy app for a new project', () => {
      cy.contains(`${applications.newApplication.name}-${random}`, {timeout: 60000}).click({force: true});
    });
  });
+  // Wait and reload to prevent stationary issues
+  cy.wait(5000);
+  cy.reload();
  // Ensure that UI shows the basic K8s objects
  cy.contains('svc');
  cy.contains('deploy');
--- a/bitnami/argo-cd/CHANGELOG.md
+++ b/bitnami/argo-cd/CHANGELOG.md
@@ -1,8 +1,12 @@
 # Changelog

-## 7.1.10 (2025-02-06)
+## 7.2.0 (2025-02-24)

-* [bitnami/argo-cd] Release 7.1.10 ([#31804](https://github.com/bitnami/charts/pull/31804))
+* [bitnami/argo-cd] Add support for `usePasswordFiles` ([#32079](https://github.com/bitnami/charts/pull/32079))
+
+## <small>7.1.10 (2025-02-06)</small>
+
+* [bitnami/argo-cd] Release 7.1.10 (#31804) ([c0db7b0](https://github.com/bitnami/charts/commit/c0db7b02d6129b86c343c8d65fa920b8e848670f)), closes [#31804](https://github.com/bitnami/charts/issues/31804)

 ## <small>7.1.9 (2025-02-04)</small>

--- a/bitnami/argo-cd/Chart.yaml
+++ b/bitnami/argo-cd/Chart.yaml
@@ -39,4 +39,4 @@ maintainers:
 name: argo-cd
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/argo-cd
-version: 7.1.10
+version: 7.2.0
--- a/bitnami/argo-cd/README.md
+++ b/bitnami/argo-cd/README.md
@@ -329,15 +329,16 @@ As an alternative, use one of the preset configurations for pod affinity, pod an

 ### Common parameters

-| Name                | Description                                        | Value           |
-| ------------------- | -------------------------------------------------- | --------------- |
-| `kubeVersion`       | Override Kubernetes version                        | `""`            |
-| `nameOverride`      | String to partially override common.names.fullname | `""`            |
-| `fullnameOverride`  | String to fully override common.names.fullname     | `""`            |
-| `commonLabels`      | Labels to add to all deployed objects              | `{}`            |
-| `commonAnnotations` | Annotations to add to all deployed objects         | `{}`            |
-| `clusterDomain`     | Kubernetes cluster domain name                     | `cluster.local` |
-| `extraDeploy`       | Array of extra objects to deploy with the release  | `[]`            |
+| Name                | Description                                                       | Value           |
+| ------------------- | ----------------------------------------------------------------- | --------------- |
+| `kubeVersion`       | Override Kubernetes version                                       | `""`            |
+| `nameOverride`      | String to partially override common.names.fullname                | `""`            |
+| `fullnameOverride`  | String to fully override common.names.fullname                    | `""`            |
+| `commonLabels`      | Labels to add to all deployed objects                             | `{}`            |
+| `commonAnnotations` | Annotations to add to all deployed objects                        | `{}`            |
+| `clusterDomain`     | Kubernetes cluster domain name                                    | `cluster.local` |
+| `extraDeploy`       | Array of extra objects to deploy with the release                 | `[]`            |
+| `usePasswordFiles`  | Mount credentials as files instead of using environment variables | `true`          |

 ### Argo CD image parameters

--- a/bitnami/argo-cd/templates/application-controller/_pod.tpl
+++ b/bitnami/argo-cd/templates/application-controller/_pod.tpl
@@ -78,6 +78,10 @@ initContainers:
            fi
          }

+          {{- if .Values.usePasswordFiles }}
+            export REDISCLI_AUTH="$(< $REDISCLI_AUTH_FILE)"
+          {{- end }}
+
          info "Checking redis connection..."
          if ! retry_while "check_redis_connection"; then
              error "Could not connect to the Redis server"
@@ -87,11 +91,21 @@ initContainers:
          fi
    {{- if include "argocd.redis.auth.enabled" . }}
    env:
+      {{- if .Values.usePasswordFiles }}
+      - name: REDISCLI_AUTH_FILE
+        value: {{ printf "/opt/bitnami/argo-cd/secrets/%s" (include "argocd.redis.secretPasswordKey" .) }}
+      {{- else }}
      - name: REDISCLI_AUTH
        valueFrom:
          secretKeyRef:
            name: {{ include "argocd.redis.secretName" . }}
            key: {{ include "argocd.redis.secretPasswordKey" . }}
+      {{- end }}
+    {{- if .Values.usePasswordFiles }}
+    volumeMounts:
+      - name: argocd-secrets
+        mountPath: /opt/bitnami/argo-cd/secrets
+    {{- end }}
    {{- end }}
  {{- end }}
  {{- if .Values.controller.initContainers }}
@@ -157,21 +171,16 @@ containers:
      {{- end }}
      {{- end }}
      {{- if and .Values.redis.enabled (include "argocd.redis.auth.enabled" .) }}
+      {{- if .Values.usePasswordFiles }}
+      - name: REDIS_PASSWORD_FILE
+        value: {{ printf "/opt/bitnami/argo-cd/secrets/%s" (include "argocd.redis.secretPasswordKey" .) }}
+      {{- else }}
      - name: REDIS_PASSWORD
        valueFrom:
          secretKeyRef:
            name: {{ include "argocd.redis.secretName" . }}
            key: {{ include "argocd.redis.secretPasswordKey" . }}
-      {{- else if .Values.externalRedis.enabled }}
-      - name: REDIS_PASSWORD
-        {{- if not ( eq "" .Values.externalRedis.password ) }}
-        value: {{ .Values.externalRedis.password }}
-        {{- else }}
-        valueFrom:
-          secretKeyRef:
-            name: {{ .Values.externalRedis.existingSecret }}
-            key: {{ .Values.externalRedis.existingSecretPasswordKey }}
-        {{- end }}
+      {{- end }}
      {{- end }}
      {{- if .Values.controller.extraEnvVars }}
      {{- include "common.tplvalues.render" (dict "value" .Values.controller.extraEnvVars "context" $) | nindent 6 }}
@@ -237,6 +246,10 @@ containers:
      - name: empty-dir
        mountPath: /tmp
        subPath: tmp-dir
+      {{- if and .Values.usePasswordFiles (include "argocd.redis.auth.enabled" .)}}
+      - name: argocd-secrets
+        mountPath: /opt/bitnami/argo-cd/secrets
+      {{- end }}
      {{- if .Values.controller.extraVolumeMounts }}
      {{- include "common.tplvalues.render" (dict "value" .Values.controller.extraVolumeMounts "context" $) | nindent 6 }}
      {{- end }}
@@ -257,6 +270,13 @@ volumes:
          path: ca.crt
      optional: true
      secretName: argocd-repo-server-tls
+  {{- if and .Values.usePasswordFiles (include "argocd.redis.auth.enabled" .)}}
+  - name: argocd-secrets
+    projected:
+      sources:
+        - secret:
+            name: {{ include "argocd.redis.secretName" . }}
+  {{- end }}
  {{- if .Values.controller.extraVolumes }}
  {{- include "common.tplvalues.render" (dict "value" .Values.controller.extraVolumes "context" $) | nindent 2 }}
  {{- end }}
--- a/bitnami/argo-cd/templates/repo-server/deployment.yaml
+++ b/bitnami/argo-cd/templates/repo-server/deployment.yaml
@@ -121,6 +121,10 @@ spec:
                  fi
                }

+                {{- if .Values.usePasswordFiles }}
+                  export REDISCLI_AUTH="$(< $REDISCLI_AUTH_FILE)"
+                {{- end }}
+
                info "Checking redis connection..."
                if ! retry_while "check_redis_connection"; then
                    error "Could not connect to the Redis server"
@@ -130,11 +134,21 @@ spec:
                fi
          {{- if include "argocd.redis.auth.enabled" . }}
          env:
+            {{- if .Values.usePasswordFiles }}
+            - name: REDISCLI_AUTH_FILE
+              value: {{ printf "/opt/bitnami/argo-cd/secrets/%s" (include "argocd.redis.secretPasswordKey" .) }}
+            {{- else }}
            - name: REDISCLI_AUTH
              valueFrom:
                secretKeyRef:
                  name: {{ include "argocd.redis.secretName" . }}
                  key: {{ include "argocd.redis.secretPasswordKey" . }}
+            {{- end }}
+          {{- if and .Values.usePasswordFiles }}
+          volumeMounts:
+            - name: argocd-secrets
+              mountPath: /opt/bitnami/argo-cd/secrets
+          {{- end }}
          {{- end }}
        {{- end }}
        {{- if .Values.repoServer.initContainers }}
@@ -178,22 +192,17 @@ spec:
              containerPort: {{ .Values.repoServer.containerPorts.metrics }}
              protocol: TCP
          env:
-            {{- if and .Values.redis.enabled (include "argocd.redis.auth.enabled" .) }}
+            {{- if (include "argocd.redis.auth.enabled" .) }}
+            {{- if .Values.usePasswordFiles }}
+            - name: REDISCLI_PASSWORD_FILE
+              value: {{ printf "/opt/bitnami/argo-cd/secrets/%s" (include "argocd.redis.secretPasswordKey" .) }}
+            {{- else }}
            - name: REDIS_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ include "argocd.redis.secretName" . }}
                  key: {{ include "argocd.redis.secretPasswordKey" . }}
-            {{- else if .Values.externalRedis.enabled }}
-            - name: REDIS_PASSWORD
-              {{- if not ( eq "" .Values.externalRedis.password ) }}
-              value: {{ .Values.externalRedis.password }}
-              {{- else }}
-              valueFrom:
-                secretKeyRef:
-                  name: {{ .Values.externalRedis.existingSecret }}
-                  key: {{ .Values.externalRedis.existingSecretPasswordKey }}
-              {{- end }}
+            {{- end }}
            {{- end }}
            {{- if .Values.repoServer.extraEnvVars }}
            {{- include "common.tplvalues.render" (dict "value" .Values.repoServer.extraEnvVars "context" $) | nindent 12 }}
@@ -273,6 +282,10 @@ spec:
            - name: empty-dir
              mountPath: /tmp
              subPath: tmp-dir
+            {{- if and .Values.usePasswordFiles (include "argocd.redis.auth.enabled" .)}}
+            - name: argocd-secrets
+              mountPath: /opt/bitnami/argo-cd/secrets
+            {{- end }}
          {{- if .Values.repoServer.extraVolumeMounts }}
          {{- include "common.tplvalues.render" (dict "value" .Values.repoServer.extraVolumeMounts "context" $) | nindent 12 }}
          {{- end }}
@@ -283,6 +296,13 @@ spec:
        - name: ssh-known-hosts
          configMap:
            name: argocd-ssh-known-hosts-cm
+        {{- if and .Values.usePasswordFiles (include "argocd.redis.auth.enabled" .)}}
+        - name: argocd-secrets
+          projected:
+            sources:
+              - secret:
+                  name: {{ include "argocd.redis.secretName" . }}
+        {{- end }}
        {{- if .Values.config.tlsCerts }}
        - configMap:
            name: argocd-tls-certs-cm
--- a/bitnami/argo-cd/templates/server/deployment.yaml
+++ b/bitnami/argo-cd/templates/server/deployment.yaml
@@ -103,6 +103,10 @@ spec:
                  fi
                }

+                {{- if .Values.usePasswordFiles }}
+                  export REDISCLI_AUTH="$(< $REDISCLI_AUTH_FILE)"
+                {{- end }}
+
                info "Checking redis connection..."
                if ! retry_while "check_redis_connection"; then
                    error "Could not connect to the Redis server"
@@ -112,11 +116,21 @@ spec:
                fi
          {{- if include "argocd.redis.auth.enabled" . }}
          env:
+            {{- if .Values.usePasswordFiles }}
+            - name: REDISCLI_AUTH_FILE
+              value: {{ printf "/opt/bitnami/argo-cd/secrets/%s" (include "argocd.redis.secretPasswordKey" .) }}
+            {{- else }}
            - name: REDISCLI_AUTH
              valueFrom:
                secretKeyRef:
                  name: {{ include "argocd.redis.secretName" . }}
                  key: {{ include "argocd.redis.secretPasswordKey" . }}
+            {{- end }}
+          {{- if .Values.usePasswordFiles }}
+          volumeMounts:
+            - name: argocd-secrets
+              mountPath: /opt/bitnami/argo-cd/secrets
+          {{- end }}
          {{- end }}
        {{- end }}
      containers:
@@ -173,22 +187,17 @@ spec:
            - name: ARGOCD_API_SERVER_REPLICAS
              value: {{ .Values.server.replicaCount | quote }}
            {{- end }}
-            {{- if and .Values.redis.enabled (include "argocd.redis.auth.enabled" .) }}
+            {{- if (include "argocd.redis.auth.enabled" .) }}
+            {{- if .Values.usePasswordFiles }}
+            - name: REDISCLI_PASSWORD_FILE
+              value: {{ printf "/opt/bitnami/argo-cd/secrets/%s" (include "argocd.redis.secretPasswordKey" .) }}
+            {{- else }}
            - name: REDIS_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ include "argocd.redis.secretName" . }}
                  key: {{ include "argocd.redis.secretPasswordKey" . }}
-            {{- else if .Values.externalRedis.enabled }}
-            - name: REDIS_PASSWORD
-              {{- if not ( eq "" .Values.externalRedis.password ) }}
-              value: {{ .Values.externalRedis.password }}
-              {{- else }}
-              valueFrom:
-                secretKeyRef:
-                  name: {{ .Values.externalRedis.existingSecret }}
-                  key: {{ .Values.externalRedis.existingSecretPasswordKey }}
-              {{- end }}
+            {{- end }}
            {{- end }}
            {{- if .Values.server.extraEnvVars }}
            {{- include "common.tplvalues.render" (dict "value" .Values.server.extraEnvVars "context" $) | nindent 12 }}
@@ -270,6 +279,10 @@ spec:
            # Ref: https://argoproj.github.io/argo-cd/operator-manual/tls/#inbound-tls-certificates-used-by-argocd-repo-sever
            - mountPath: /app/config/server/tls
              name: argocd-repo-server-tls
+            {{- if and .Values.usePasswordFiles (include "argocd.redis.auth.enabled" .)}}
+            - name: argocd-secrets
+              mountPath: /opt/bitnami/argo-cd/secrets
+            {{- end }}
          {{- if .Values.server.extraVolumeMounts }}
          {{- include "common.tplvalues.render" (dict "value" .Values.server.extraVolumeMounts "context" $) | nindent 12 }}
          {{- end }}
@@ -282,6 +295,13 @@ spec:
        - name: ssh-known-hosts
          configMap:
            name: argocd-ssh-known-hosts-cm
+        {{- if and .Values.usePasswordFiles (include "argocd.redis.auth.enabled" .)}}
+        - name: argocd-secrets
+          projected:
+            sources:
+              - secret:
+                  name: {{ include "argocd.redis.secretName" . }}
+        {{- end }}
        {{- if .Values.config.styles }}
        - configMap:
            name: {{ include "argocd.custom-styles.fullname" . }}
--- a/bitnami/argo-cd/values.yaml
+++ b/bitnami/argo-cd/values.yaml
@@ -57,6 +57,10 @@ clusterDomain: cluster.local
 ## @param extraDeploy Array of extra objects to deploy with the release
 ##
 extraDeploy: []
+## @param usePasswordFiles Mount credentials as files instead of using environment variables
+##
+usePasswordFiles: true
+
 ## @section Argo CD image parameters

 ## Bitnami Argo CD image