adfinis · hairmare · Dec 1, 2023 · Dec 1, 2023
@@ -2,7 +2,7 @@ apiVersion: v2
 name: azure-apps
 description: Argo CD app-of-apps config for Azure applications
 type: application
-version: 0.12.0
+version: 0.13.0
 home: https://github.com/adfinis/helm-charts/tree/main/charts/azure-apps
 sources:
   - https://github.com/adfinis/helm-charts
@@ -16,26 +16,10 @@ dependencies:
     repository: https://charts.adfinis.com
 annotations:
   artifacthub.io/changes: |
-    - kind: changed
-      description: "azureKvCsiProvider: bump azureKvCsiProvider from v1.3 to v1.4.1"
+    - kind: added
+      description: "feat: add azure-workload-identity-webhook"
       links:
-        - name: Fixes CVE-2022-41717
-          url: https://github.com/Azure/secrets-store-csi-driver-provider-azure/pull/1039
-        - name: Fixes CVE-2022-32149
-          url: https://github.com/Azure/secrets-store-csi-driver-provider-azure/pull/999
-        - name: Fixes CVE-2022-27664
-          url: https://github.com/Azure/secrets-store-csi-driver-provider-azure/pull/976
-        - name: Fixes CVE-2022-1996
-          url: https://github.com/Azure/secrets-store-csi-driver-provider-azure/pull/957
-        - name: fix/updates template condition for Arc
-          url: https://github.com/Azure/secrets-store-csi-driver-provider-azure/pull/973
-        - name: fix/increase fluentd resource limits for arc
-          url: https://github.com/Azure/secrets-store-csi-driver-provider-azure/pull/946
-        - name: fix/bug 948 arc missing system identity
-          url: https://github.com/Azure/secrets-store-csi-driver-provider-azure/pull/949
-        - name: fix/runs msi-adapter as privileged on openshift
-          url: https://github.com/Azure/secrets-store-csi-driver-provider-azure/pull/920
-        - name: Update to v1.4.0
-          url: https://github.com/Azure/secrets-store-csi-driver-provider-azure/releases/tag/v1.4.0
-        - name: Update to v1.4.1
-          url: https://github.com/Azure/secrets-store-csi-driver-provider-azure/releases/tag/v1.4.1
+        - name: Microsoft Entra Workload ID
+          url: https://learn.microsoft.com/en-us/entra/workload-id/workload-identities-overview
+        - name: Azure Workload Identity System
+          url: https://azure.github.io/azure-workload-identity
@@ -7,3 +7,6 @@ promitorScraper:
 promitorResourceDiscovery:
   enabled: true
   values: {}
+azureWorkloadIdentityWebhook:
+  enabled: true
+  values: {}
@@ -0,0 +1,5 @@
+azureWorkloadIdentityWebhook:
+  enabled: true
+  project: azure-workload-identity-system
+  values:
+    azureTenantID: <REPLACE ME>
@@ -0,0 +1,33 @@
+{{ if .Values.azureWorkloadIdentityWebhook.enabled }}
+{{ template "argoconfig.application" (list . "azure-apps.azureWorkloadIdentityWebhook") }}
+{{ end }}
+
+{{- define "azure-apps.azureWorkloadIdentityWebhook" -}}{{- $app := unset .Values.azureWorkloadIdentityWebhook "enabled" -}}{{- $name := default $app.destination.namespace $app.name -}}
+metadata:
+  name: {{ template "common.fullname" . }}-{{ $name }}
+spec:
+  {{- if $app.project }}
+  project: {{ $app.project | quote }}
+  {{- end }}
+  source:
+    repoURL: {{ $app.repoURL | quote }}
+    chart: {{ $app.chart | quote }}
+    targetRevision: {{ $app.targetRevision | quote }}
+    helm:
+      releaseName: {{ $name | quote }}
+      values: |-
+        nameOverride: {{ $name | quote }}
+        {{- $app.values | toYaml | nindent 8 }}
+  {{- if $app.destination }}
+  destination:
+    {{ $app.destination | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $app.syncPolicy }}
+  syncPolicy:
+    {{ $app.syncPolicy | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $app.ignoreDifferences }}
+  ignoreDifferences:
+    {{ $app.ignoreDifferences | toYaml | nindent 4 }}
+  {{- end }}
+{{- end -}}
@@ -57,3 +57,23 @@ promitorResourceDiscovery:
   # -- Helm values
   # @default -- [upstream values](https://github.com/promitor/charts/blob/main/promitor-agent-resource-discovery/values.yaml)
   values: {}
+
+# -- [azure-workload-identity](https://azure.github.io/azure-workload-identity) ([example](./examples/azure-workload-identity-webhook.yaml))
+# # @default -- -
+azureWorkloadIdentityWebhook:
+  # -- Enable azure-workload-identity webhook
+  enabled: false
+  name: azure-workload-identity-webhook
+  destination:
+    # -- Namespace
+    namespace: "azure-workload-identity-system"
+  # -- Repo URL
+  # @default -- [repo](https://azure.github.io/azure-workload-identity/charts)
+  repoURL: "https://azure.github.io/azure-workload-identity/charts"
+  # -- Chart
+  chart: "azure-workload-identity-webhook"
+  # -- [azure-workload-identity-webhook Helm chart](https://github.com/Azure/azure-workload-identity/tree/main/charts/workload-identity-webhook) version
+  targetRevision: "0.12.0"
+  # -- Helm values
+  # @default -- [upstream values](https://github.com/adfinis/helm-charts/blob/main/charts/azure-apps/values.yaml)
+  values: {}