Changes in values file are not reflected in deployed argocd helm app

[h4tt3n]

Describe the bug

In the helm values file I have changed params:server.insecure from false to true in order to handle tls termination with the ingress controller (Ambassador edge stack). Not doing so causes the infamouts too many redirects error. But when inspecting the values in the ArgoCD UI, configs.params.server.insecure is still set to false. The change in the values file was made before initial helm install, so it can't be a sync or refresh issue. But in the argocd-cmd-params-cm ConfigMap, server.insecure: is 'true'.

The main issue of course is that without being able to set server.insecure to true, I can't get ingress working properly (Ambassador edge stack)

Related helm chart

argo-cd

Helm chart version

5.53.0

To Reproduce

1. Extract values file from helm chart and set params:server.insecure: true
2. Install argocd with below helm app, linking to helm values file.
3. Navigate to argocd-helm-app and select parameters tab
4. Inspect the configs.params.server.insecure field

Expected behavior

Server.insecure is set to true.

Screenshots

No response

Additional context

ArgoCD Helm app

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: argocd-helm-app
  namespace: argocd
  finalizers:
    - resources-finalizer.argocd.argoproj.io
spec:
  project: default
  sources:
  - repoURL: 'https://argoproj.github.io/argo-helm'
    chart: argo-cd
    targetRevision: 5.53.0
    helm:
      releaseName: argo-cd
      valueFiles:
      - $values/my/helm/values/path/argocd-helm-values.yaml
  - repoURL: 'https://my/repo/url'
    targetRevision: HEAD
    ref: values
  destination:
    server: 'https://kubernetes.default.svc'
    namespace: argocd
  syncPolicy:
    syncOptions:
    - CreateNamespace=false
    automated:
      prune: true
      selfHeal: true

[yu-croco]

Hi @h4tt3n
The following additional values.yaml will work as expected. Did I miss something? 🤔

configs:
  params:
    server.insecure: true

I get the result like below.

# Source: argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: argocd-cmd-params-cm
  namespace: "default"
  labels:
    helm.sh/chart: argo-cd-5.53.8
    app.kubernetes.io/name: argocd-cmd-params-cm
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: server
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/part-of: argocd
    app.kubernetes.io/version: "v2.9.5"
data:
  # ...
  server.insecure: "true"
  # ...

[h4tt3n]

Hi @yu-croco,

Added the below parameter to my argocd helm app:

spec:
  sources:
    helm:
      parameters:
      - name: server.insecure
        value: "true"

This resulted in two different insecure parameters showing up in the helm values file:

server.insecure: true
...
configs.params.server.insecure: false

So I changed the parameter to

spec:
  sources:
    helm:
      parameters:
      - name: configs.params.server.insecure
        value: "true"

Don't know what to make of it, but it appers ArgoCD still terminates tls, so I can't access the admin panel via ingress without getting ERR_TOO_MANY_REDIRECTS.

Cheers, Mike

[yu-croco]

Hi @h4tt3n , thank you for your info.

I wonder why you try to set server.insecure , not configs.params.server.insecure , since there is no server.insecure on on values.yaml ... 🤔

Don't know what to make of it, but it appers ArgoCD still terminates tls, so I can't access the admin panel via ingress without getting ERR_TOO_MANY_REDIRECTS.

Does this help you? 👀
https://github.com/argoproj/argo-helm/blob/main/charts/argo-cd/templates/NOTES.txt#L131-L139
We manage Helm Chart, but we are not so sure about specific feature. If the doc doesn't help you enough, then you can get more help in upstream, or #argo-cd channel in CNCF Slack.

[h4tt3n]

Hi @yu-croco

I have just recently migrated from argocd deployment to helm and I'm still a bit unfamiliar with the syntax, hence the wrong setting.

However, it still remains that changing server.insecure in the values.yaml file is not reflected in the parameters tab of the helm app and does not appear to have any effect on the app.

Cheers, Mike

[yu-croco]

However, it still remains that changing server.insecure in the values.yaml file is not reflected in the parameters tab of the helm app and does not appear to have any effect on the app.

Do you mean that below (you shared earlier) doesn't work as expected, which means the result of manifest is configs.params.server.insecure: false...? 👀

spec:
  sources:
    helm:
      parameters:
      - name: configs.params.server.insecure
        value: "true"

If yes, then I wonder this is because of your environment condition because helm template works well #2450 (comment) . 🤔

[h4tt3n]

Do you mean that below (you shared earlier) doesn't work as expected, which means the result of manifest is configs.params.server.insecure: false

It does work, and the change is reflected in the parameters tab and the argocd-cmd-params-cm.yaml.

However, one of the main advantages of using Helm is the ability to set parameters in the values.yaml file, and this does not appear to work, as described above. This is why I submitted the bug. Having a helm values file that doesn't work seems to defeat the purpose of using Helm in the first place.

[yu-croco]

Ah I thought that it point was about configs.params.server.insecure and configs.params.server.insecure.

one of the main advantages of using Helm is the ability to set parameters in the values.yaml file, and this does not appear to work, as described above

Do you mean that you are talking about Multiple Sources for an Application, not argo-helm itself?
Then please ask upstream since it's specific feature of Argo CD, 🙏

[h4tt3n]

No, the bug is really about one simple thing only: Setting the already defined server.insecure value in the values.yaml file to true is not reflected in the app. That's really all.

[yu-croco]

But when inspecting the values in the ArgoCD UI, configs.params.server.insecure is still set to false

I wonder Argo CD server needs to be restarted to read latest config map...?
But Argo CD server is supposed to restart by argocd-cmd-params-cm ConfigMap's change.
Ref; https://github.com/argoproj/argo-helm/blob/main/charts/argo-cd/templates/argocd-server/deployment.yaml#L29

[pdrastil]

Maybe unrelated to your problem but if you are passing the argument as stated in YAML above it's probably not working as server.insecure is a string but the definition in the YAML below is a map.

spec:
  sources:
    helm:
      parameters:
      - name: configs.params.server.insecure
        value: "true"

above translates to:

configs:
  params:
    server:
      insecure: "true"

compared to this:

spec:
  sources:
    helm:
      parameters:
      - name: configs.params."server.insecure"
        value: "true"

that translates to:

configs:
  params:
    server.insecure: "true"