Using server.ingress.extraHosts and server.ingress.extraTls leads to non-working TLS ingress

[ntesteca]

Describe the bug

Trying to setup Argo-CD with two domain, I added the second one in the values. Certificates secrets already in place.

server:
  ingress:
    extraHosts:
      - name: domain2
        path: /
    extraTls:
      - hosts:
          - domain2
        secretName: domain2-tls

But it is rendered as

tls:
    - hosts:
        - domain1
        - domain2
      secretName: argocd-server-tls
    - hosts:
        - domain2
      secretName: domain2-tls

We see in the ingress controler logs that it checks if secret argocd-server-tls is valid for domain2, fails and fallbacks on the default ingress certificate and does not check secret domain2-tls
If we remove - domain2 from tls.hosts[0], it is working as expected.

Related helm chart

argo-cd

Helm chart version

7.0.0

To Reproduce

Setup an additionnal TLS domain server.ingress.extraHosts and server.ingress.extraTls

Expected behavior

Ingress using the correct certificate for the second domain.

Screenshots

No response

Additional context

No response

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[dmitrygribenchuk]

Hey. Looks like its because bad-hardcoded secretName (secretName: argocd-server-tls)
https://github.com/argoproj/argo-helm/blob/main/charts/argo-cd/templates/argocd-server/ingress.yaml#L63

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.