Add way to make tls secrets volumes non-optional

[rgl]

Is your feature request related to a problem?

While trying to bootstrap a talos linux cluster by placing argocd in a talos cluster inlineManifest and at the same time create the argocd certificates with cert-manager, due to races at bootstrap times, argocd ends up starting before the certificate secret is actually created, so I end up with a broken argocd, one which has bogus certificates.

Related helm chart

argo-cd

Describe the solution you'd like

Some kind of chart variable to make all the tls related volumes as non-optional.

For example, a way to modify the optional: true at:

https://github.com/argoproj/argo-helm/blob/argo-cd-7.3.9/charts/argo-cd/templates/argocd-server/deployment.yaml#L493-L512

From what I understood, that would prevent argo from being started until the, e.g., argocd-server-tls, secret exists.

Describe alternatives you've considered

No response

Additional context

No response

[yu-croco]

Hi @rgl , thank you for opening an issue. argo-helm follows upstreams' manifest. The values you mention are optional in upstream, so changing default config is not reasonable.

On the other hand, I think it makes sense to add attributes in values.yaml to override the optional flag. 🤔

[pdrastil]

Hi @rgl - for race conditions or pod restarts on change in secret / configmaps I can also recommend Reloader project that solves this and is applicable for other things inside of the cluster.

[rgl]

I'm also using reloader. But in this case, since reloader is also in the race. It did not work. Changing the optional to false did work thou.

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.