chore: move argo-cd auth values to global.integrations.argo-cd.server.auth (#768)

* fix: update app-proxy image tags to 1.3798.0 (app-proxy does not monitor and re-create the argocd-token if it was already created before the Pod started (codefresh-io/argo-platform#6710))
* inject username/password OR token into app-proxy env
* fixed component-tests gitea to not depend on bitnami images

Author: ATGardner

charts/gitops-runtime/templates/_components/cap-app-proxy/_config.yaml

@@ -1,17 +1,11 @@
-{{- define "cap-app-proxy.resources.configmap-documented-configs"}}
-argoCdUrl: {{ .Values.config.argoCdUrl }}
-argoCdUsername: {{ .Values.config.argoCdUsername }}
+{{- define "cap-app-proxy.resources.configmap-documented-configs" }}
 argoWorkflowsInsecure: {{ .Values.config.argoWorkflowsInsecure | quote }}
-argoWorkflowsUrl: {{ default "" .Values.config.argoWorkflowsUrl }}
+clusterChunkSize: {{ .Values.config.clusterChunkSize | quote }}
 cors: {{ .Values.global.codefresh.url }}
-  {{- with .Values.config.clusterChunkSize }} 
-clusterChunkSize: {{ . | quote }}
-  {{- end }}
-env: {{ .Values.config.env | quote}}
 isConfigurationRuntime: {{ .Values.global.runtime.isConfigurationRuntime | quote }}
 isExternalArgoCD: {{ .Values.global.runtime.isExternalArgoCD | quote }}
 runtimeName: {{ required "global.runtime.name is required" .Values.global.runtime.name | quote}}
-skipGitPermissionValidation: {{ .Values.config.skipGitPermissionValidation | quote }}
+isNamespacedRuntime: {{ .Values.global.runtime.singleNamespace | quote }}
 logLevel: {{ .Values.config.logLevel | quote }}
   {{- $enrichmentValues := get .Values "image-enrichment" }}
   {{- if $enrichmentValues.enabled }}
@@ -30,7 +24,7 @@ enrichmentJiraEnrichmentImage: {{ printf "%s/%s:%s" $enrichmentValues.config.ima
 
 {{- define "cap-app-proxy.resources.configmap" }}
 {{- $documentedConfigs := (include "cap-app-proxy.resources.configmap-documented-configs" . | fromYaml ) }}
-{{- $overrides := omit .Values.config "clusterChunkSize" }}
+{{- $overrides := omit .Values.config "argoWorkflowsInsecure" "clusterChunkSize" "cors" }}
 {{- $mergedConfig := mergeOverwrite $documentedConfigs $overrides }}
 apiVersion: v1
 kind: ConfigMap

charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml

@@ -5,9 +5,6 @@ ARGO_CD_URL:
       name: cap-app-proxy-cm
       key: argoCdUrl
       optional: true
-ARGO_CD_TOKEN: {{ include "codefresh-gitops-runtime.argocd.server.token" . | nindent 2 }}
-ARGO_CD_USERNAME: {{ include "codefresh-gitops-runtime.argocd.server.username-env-var" . | nindent 2 }}
-ARGO_CD_PASSWORD: {{ include "codefresh-gitops-runtime.argocd.server.password" . | nindent 2 }}
 ARGO_WORKFLOWS_INSECURE:
   valueFrom:
     configMapKeyRef:
@@ -224,8 +221,9 @@ LEADER_ID:
 Read defaults from the template above and merge with the values provided in values file
 */}}
 {{- define "cap-app-proxy.environment-variables" -}}
-{{- $defaults := (include "cap-app-proxy.environment-variables.defaults" . | fromYaml) }}
-{{- $overrides := .Values.env }}
-{{- $mergedValues := mergeOverwrite $defaults $overrides }}
-{{- include "codefresh-gitops-runtime.components.common_helpers.container-templates.env-vars" $mergedValues }}
+  {{- $defaults := (include "cap-app-proxy.environment-variables.defaults" . | fromYaml) }}
+  {{- $argoCdAuth := (include "codefresh-gitops-runtime.argocd-auth" . | fromYaml) }}
+  {{- $overrides := .Values.env }}
+  {{- $mergedValues := mergeOverwrite $defaults $argoCdAuth $overrides }}
+  {{- include "codefresh-gitops-runtime.components.common_helpers.container-templates.env-vars" $mergedValues }}
 {{- end -}}

charts/gitops-runtime/templates/_components/cf-argocd-extras/_default-values.tpl

@@ -1,4 +1,5 @@
 {{- define "cf-argocd-extras.default-values" }}
+  {{- $argoCdAuth := (include "codefresh-gitops-runtime.argocd-token-auth" . | fromYaml) }}
 global: {}
 
 externalRedis:
@@ -84,8 +85,7 @@ eventReporter:
             name: argocd-cmd-params-cm
             key: server.rootpath
             optional: true
-      ARGO_CD_TOKEN_SECRET_NAME: argocd-token
-      ARGO_CD_TOKEN_SECRET_KEY: token
+{{ $argoCdAuth | toYaml | indent 6 }}
       BINARY_NAME: event-reporter
       CODEFRESH_SSL_CERT_PATH: ""
       CODEFRESH_TLS_INSECURE:
@@ -392,8 +392,7 @@ sourcesServer:
           configMapKeyRef:
             name: sources-server-cmd-params-cm
             key: argocd.server
-      ARGO_CD_TOKEN_SECRET_NAME: argocd-token
-      ARGO_CD_TOKEN_SECRET_KEY: token
+{{ $argoCdAuth | toYaml | indent 6}}
       ARGOCD_SERVER_ROOTPATH:
         valueFrom:
           configMapKeyRef:

charts/gitops-runtime/templates/_components/cf-argocd-extras/event-reporter/_statefulset.yaml

@@ -15,16 +15,6 @@
   {{- $_ := set $context.Values.container.env.REDIS_PASSWORD.valueFrom.secretKeyRef "key"  (default "redis-password" $vals.externalRedis.existingSecretKeyRef.key) }}
 {{- end }}
 
-{{- if and (eq (index $context.Values "global" "external-argo-cd" "auth" "type") "token") }}
-  {{- if not (index $context.Values "global" "external-argo-cd" "auth" "token") }}
-      {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_NAME" (required ".Values.global.external-argo-cd.auth.type is set to 'token' therefore .Values.global.external-argo-cd.auth.tokenSecretKeyRef.name is required" (index $context.Values "global" "external-argo-cd" "auth" "tokenSecretKeyRef" "name")) }}
-      {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_KEY" (required ".Values.global.external-argo-cd.auth.type is set to 'token' therefore .Values.global.external-argo-cd.auth.tokenSecretKeyRef.key is required" (index $context.Values "global" "external-argo-cd" "auth" "tokenSecretKeyRef" "key" )) }}
-  {{- else }}
-      {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_NAME" "gitops-runtime-argo-cd-token" }}
-      {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_KEY" "token" }}
-  {{- end }}
-{{- end }}
-
 {{- if and (index $context.Values "global" "external-argo-cd" "server" "rootpath") }}
   {{- $_ := set $context.Values.container.env "ARGOCD_SERVER_ROOTPATH" (index $context.Values "global" "external-argo-cd" "server" "rootpath") }}
 {{- end }}

charts/gitops-runtime/templates/_components/cf-argocd-extras/sources-server/_deployment.yaml

@@ -15,16 +15,6 @@
   {{- $_ := set $context.Values.container.env.REDIS_PASSWORD.valueFrom.secretKeyRef "key"  (default "redis-password" $vals.externalRedis.existingSecretKeyRef.key) }}
 {{- end }}
 
-{{- if and (eq (index $context.Values "global" "external-argo-cd" "auth" "type") "token") }}
-  {{- if not (index $context.Values "global" "external-argo-cd" "auth" "token") }}
-      {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_NAME" (required ".Values.global.external-argo-cd.auth.type is set to 'token' therefore .Values.global.external-argo-cd.auth.tokenSecretKeyRef.name is required" (index $context.Values "global" "external-argo-cd" "auth" "tokenSecretKeyRef" "name")) }}
-      {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_KEY" (required ".Values.global.external-argo-cd.auth.type is set to 'token' therefore .Values.global.external-argo-cd.auth.tokenSecretKeyRef.key is required" (index $context.Values "global" "external-argo-cd" "auth" "tokenSecretKeyRef" "key" )) }}
-  {{- else }}
-      {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_NAME" "gitops-runtime-argo-cd-token" }}
-      {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_KEY" "token" }}
-  {{- end }}
-{{- end }}
-
 {{- if and (index $context.Values "global" "external-argo-cd" "server" "rootpath") }}
   {{- $_ := set $context.Values.container.env "ARGOCD_SERVER_ROOTPATH" (index $context.Values "global" "external-argo-cd" "server" "rootpath") }}
 {{- end }}

charts/gitops-runtime/templates/_components/gitops-operator/_env.yaml

@@ -3,33 +3,36 @@ Some environment variables are determined by values provided in other components
 to keep the separation of components as pseudo library charts, they are defined here to be merged when components are generated.
 */}}
 {{- define "gitops-operator.resources.environment-variables.calculated" }}
+  {{- include "codefresh-gitops-runtime.argocd-token-auth" . }}
   {{/* if custom certificates are provided */}}
   {{- if .Values.global.codefresh.tls.caCerts.secretKeyRef }}
 CF_CA_CERT: {{ printf "/app/config/codefresh-tls/%s" .Values.global.codefresh.tls.caCerts.secretKeyRef.key  }}
   {{- end }}
 CF_URL: {{ .Values.global.codefresh.url }}
+COMMIT_STATUS_POLLING_INTERVAL: {{ .Values.config.commitStatusPollingInterval }}
 GITOPS_OPERATOR_VERSION: {{ .Values.image.tag }}
+  {{- if (gt (int .Values.replicaCount) 1 ) }}
+LEADER_ELECT: true
+  {{- else }}
+LEADER_ELECT: false
+  {{- end }}
+MAX_CONCURRENT_RELEASES: {{ .Values.config.maxConcurrentReleases }}
+PROMOTION_WRAPPER_TEMPLATE: {{ .Values.config.promotionWrapperTemplate | quote }}
 RUNTIME: {{ .Values.global.runtime.name }}
 TASK_POLLING_INTERVAL: {{ .Values.config.taskPollingInterval }}
-COMMIT_STATUS_POLLING_INTERVAL: {{ .Values.config.commitStatusPollingInterval }}
 WORKFLOW_MONITOR_POLLING_INTERVAL: {{ .Values.config.workflowMonitorPollingInterval }}
-MAX_CONCURRENT_RELEASES: {{ .Values.config.maxConcurrentReleases }}
-PROMOTION_WRAPPER_TEMPLATE: {{ .Values.config.promotionWrapperTemplate | quote }}
 {{- end }}
 
 {{- define "gitops-operator.resources.environment-variables.defaults" -}}
 AP_URL: http://cap-app-proxy:3017
 ARGO_CD_URL: argo-cd-server:80
-ARGO_CD_TOKEN_SECRET_NAME: argocd-token
-ARGO_CD_TOKEN_SECRET_KEY: token
 ARGO_WF_URL: http://argo-server:2746
 CF_TOKEN:
   valueFrom:
     secretKeyRef:
       name: codefresh-token
       key: token
 HEALTH_PROBE_BIND_ADDRESS: :8081
-LEADER_ELECT: true
 METRICS_BIND_ADDRESS: :8080
 METRICS_SECURE: false
 NAMESPACE: