From 5546007b6b787dd004edc6a205c416fefd5f7b4f Mon Sep 17 00:00:00 2001 From: Denilson Nastacio Date: Mon, 8 May 2023 15:24:57 -0400 Subject: [PATCH] feat: Make ArgoCD use cluster cert Signed-off-by: Denilson Nastacio --- config/argocd/Chart.yaml | 2 +- config/argocd/templates/0200-argocd.yaml | 4 +++ tests/postbuild/gitops.sh | 45 ------------------------ 3 files changed, 5 insertions(+), 46 deletions(-) diff --git a/config/argocd/Chart.yaml b/config/argocd/Chart.yaml index 01df22d0..40274e92 100644 --- a/config/argocd/Chart.yaml +++ b/config/argocd/Chart.yaml @@ -21,4 +21,4 @@ version: 0.8.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: "0.31.0" +appVersion: "0.32.0" diff --git a/config/argocd/templates/0200-argocd.yaml b/config/argocd/templates/0200-argocd.yaml index ae17b401..9337fa12 100644 --- a/config/argocd/templates/0200-argocd.yaml +++ b/config/argocd/templates/0200-argocd.yaml @@ -553,6 +553,10 @@ spec: memory: 128Mi route: enabled: true + tls: + # https://access.redhat.com/solutions/6041341 + insecureEdgeTerminationPolicy: Redirect + termination: reencrypt service: type: "" sso: diff --git a/tests/postbuild/gitops.sh b/tests/postbuild/gitops.sh index e0d85d5d..b0fe998b 100755 --- a/tests/postbuild/gitops.sh +++ b/tests/postbuild/gitops.sh @@ -210,45 +210,6 @@ EOF } -# -# Replaces the TLS for Argo servers with the default ingress cert -# -# https://argoproj.github.io/argo-cd/operator-manual/tls/ -# -function set_argo_tls() { - local result=0 - - local argo_secret_name=openshift-gitops-tls - - local cert - local cert_key - - local ingress_secret_name - ingress_secret_name=$(oc get ingresscontroller.operator default \ - --namespace openshift-ingress-operator \ - -o jsonpath='{.spec.defaultCertificate.name}') || result=1 - - if [ -n "${ingress_secret_name}" ] && [ "${result}" -eq 0 ]; then - cert=$(oc get secret "${ingress_secret_name}" \ - --namespace openshift-ingress \ - -o jsonpath='{.data.tls\.crt}') \ - && cert_key=$(oc get secret "${ingress_secret_name}" \ - --namespace openshift-ingress \ - -o jsonpath='{.data.tls\.key}') \ - && oc patch secret "${argo_secret_name}" \ - --namespace openshift-gitops \ - --type=merge -p \ - "{\"data\": { \"tls.crt\": \"${cert}\", \"tls.key\": \"${cert_key}\"}}" \ - && log "INFO: Successfully set ArgoCD TLS certificate on secret ${argo_secret_name}." \ - || result=1 - else - log "INFO: Not setting ArgoCD TLS certificate: no default certificate name for the ingress." - fi - - return ${result} -} - - # # Adds the bootstrap argocd repository to the server. # @@ -579,12 +540,6 @@ function setup_gitops_server() { log "ERROR: Failed to set secrets." } - set_argo_tls || \ - { - result=1 - log "ERROR: Failed to set Argo TLS." - } - # Patch ArgoCD admin password set_argo_admin_pwd "${cluster_type}" "${cluster_name}" "${username}" "${api_key}" \ || result=1