[bitnami/argo-cd] fix: provide a functional validation function for validation

[mFranz82]

Description of the change

Since a change made 3 month before the templating fails if using redis.enabled=false

Error: 
execution error at (argo-cd/templates/server/deployment.yaml:100:50): 
If the redis dependency is disabled you need to add an external redis host

The error is triggered at this point in Notes.txt

{{- if $message -}}
{{-   printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
{{- end -}}

And occurs because the validation function could never be successful:

{{/*
Validate external Redis config
*/}}
{{- define "argocd.validateValues.externalRedis" -}}
{{- if not .Values.redis.enabled -}}
Argo CD: If the redis dependency is disabled you need to add an external redis port
{{- end -}}
{{- end -}}

As you can see in the snippet above the validating function always fails if redis.enabled = false

Benefits

You should be able again to install the chart without using internal redis.

Possible drawbacks

No

Applicable issues

No

Additional information

Generally I think that the validation should just produce warnings and the templating should not fail. I am not sure why @maxnitze introduced the pattern.

Checklist

• Chart version bumped in Chart.yaml according to semver. This is not necessary when the changes only affect README.md files.
• Variables are documented in the values.yaml and added to the README.md using readme-generator-for-helm
• Title of the pull request follows this pattern [bitnami/<name_of_the_chart>] Descriptive title
• All commits signed off and in agreement of Developer Certificate of Origin (DCO)

[maxnitze]

Hey @mFranz82 ,

Ypou can find more info on that specific change in this discussion: #27585 (comment)

The main reason for the change is, that before it did nothing. The messages were collected but never printed. The default behavior should be the failing of the chart, as stated by @fmulero :

I completely agree. Most of our charts fail and print an error message when the validation is not successful. In this case there was a failure in that piece of code and I thought the problem was in you code. Sorry about that.

Imho the issue is, that the validation should only yield the message when redis is not enabled AND externalRedis is also not enabled:

{{/*
Validate external Redis config
*/}}
{{- define "argocd.validateValues.externalRedis" -}}
{{- if and (not .Values.redis.enabled) (not .Values.externalRedis.enabled) -}}
Argo CD: If the redis dependency is disabled you need to add an external redis port
{{- end -}}
{{- end -}}

Side-Note: The validation for redis seems a bit weird:

• Why doesn't the first one argocd.validateValues.redis contain this validation already?
• What should the second one argocd.validateValues.externalRedis actually validate? The error text says something about a port?

[mFranz82]

Hi @maxnitze
Thanks for providing me further infos.
I thought that the initial inventor of the argocd.validateValues.externalRedis validation rule just want's to check if a host and port for external redis is defined and to make it run I simply wrote this rule without further considering whether the rules even make sense.

{{- define "argocd.validateValues.externalRedis" -}}
{{- if not .Values.redis.enabled -}}
    {{- if not .Values.externalRedis.port -}}
Argo CD: If the redis dependency is disabled you need to add an external redis port
    {{- end -}}
    {{- if not .Values.externalRedis.host -}}
Argo CD: If the redis dependency is disabled you need to add an external redis host
    {{- end -}}
{{- end -}}
{{- end -}}

Do we want to merge it like this or do you think we should fundamentally revise the rules?

[maxnitze]

I have a couple of smaller issues with the current setup. And your fix does not address them all.

1. It does not matter whether or not externalRedis is enabled

This is a valid setup, from your validation:

redis:
  enabled: false
externalRedis:
  enabled: false
  host: some-host
  port: 1337

2. Both redis and externalRedis can be enabled (or disabled).

Is it a valid case, that both redis.enabled and externalRedis.enabled are true? In many cases when using Postgres this is a valid case. Because the first indicates, that you are using Postgres and the second, that you want an external one. If both are disabled you are using an in-memory db, for example. But is this also a valid case for Redis in ArgoCD? Can you run it without any dedicated Redis installed? Is there some in-memory solution?

IMHO the validation could be something like this:

{{/*
Validate Redis config
*/}}
{{- define "argocd.validateValues.redis" -}}
{{- if and .Values.redis.enabled .Values.externlaRedis.enabled }}
Argo CD: You must not enable both, redis dependency and external redis
{{- end -}}
{{- if and .Values.redis.enabled .Values.redis.auth.existingSecret }}
    {{- if not .Values.redis.auth.existingSecretPasswordKey -}}
Argo CD: You need to provide existingSecretPasswordKey when an existingSecret is specified in redis dependency
    {{- end -}}
{{- else if and (not .Values.redis.enabled) .Values.externalRedis.existingSecret }}
    {{- if not .Values.externalRedis.existingSecretPasswordKey -}}
Argo CD: You need to provide existingSecretPasswordKey when an existingSecret is specified in redis
    {{- end }}
{{- end -}}
{{- end -}}

{{- define "argocd.validateValues.externalRedis" -}}
{{- if .Values.externalRedis.enabled -}}
    {{- if not .Values.externalRedis.port -}}
Argo CD: If the redis dependency is disabled you need to add an external redis port
    {{- end -}}
    {{- if not .Values.externalRedis.host -}}
Argo CD: If the redis dependency is disabled you need to add an external redis host
    {{- end -}}
{{- end -}}
{{- end -}}

TL;DR: added a block to validate only one of the two is enabled in the first helper and changed the second helper to check whether externalRedis is enabled (instead of redis is disabled).

What do you think about that? I still find the separation between these two a bit confusing (the first checks whether the secrets are correctly configured for both cases although the second "looks" like it would do all the checks for externalRedis), but I hope you get the gist :)

[migruiz4]

Hi there,

Thank you for the contribution and all the detailed discussion!

This PR looks good to me as it is, although, as @maxnitze mentions this setup would skip the validation and fail at startup:

redis:
  enabled: false
externalRedis:
  enabled: false
  host: some-host
  port: 1337

Now, IMHO it is the value externalRedis.enabled that does not make sense unless Argo CD could run without Redis, which is not supported according to this discussion and the ArgoCD documentation.

All of our charts use externalRedis automatically when redis.enabled=false (similar to externalDatabase), and I don't see a reason why the argo-cd chart should be different.

My idea of a complete fix for this would be to remove the externalRedis.enabled value, adapt any associated conditional, and release it in a major version of the chart, but that would be out of the original scope of this PR.

Let me know what you think before I merge this PR, thanks!

[mFranz82]

Hi @migruiz4
Thanks for your feedback.

As @maxnitze suggested I finally changed the validation rule for external redis to this:

{{- define "argocd.validateValues.externalRedis" -}}
{{- if .Values.externalRedis.enabled -}}
    {{- if not .Values.externalRedis.port -}}
Argo CD: If the redis dependency is disabled you need to add an external redis port
    {{- end -}}
    {{- if not .Values.externalRedis.host -}}
Argo CD: If the redis dependency is disabled you need to add an external redis host
    {{- end -}}
{{- end -}}
{{- end -}}

I think we should leave it as it is for now and revise it at a later date...
Thank you for your participation!

[migruiz4]

Please take a look at my comment

[migruiz4]

This one line would be very problematic because it won't allow deploying with default values (redis subchart):

$ helm install --dry-run argo-cd bitnami/argo-cd
Error: INSTALLATION FAILED: execution error at (argo-cd/templates/NOTES.txt:60:4): 
VALUES VALIDATION:
Argo CD: If the redis dependency is disabled you need to add an external redis host

My suggestion would be to revert to:

Suggested change

	{{- if not .Values.externalRedis.enabled -}}
	{{- if not .Values.redis.enabled -}}

Or alternatively, if we want to consider the value externalRedis.enabled, then:

Suggested change

	{{- if not .Values.externalRedis.enabled -}}
	{{- if and .Values.externalRedis.enabled (not .Values.redis.enabled) -}}

[mFranz82]

Hey @migruiz4
Fortunately you discovered the error 👍

I recently revert the change I made!

Sorry and thanks!