feat: Make ArgoCD use cluster cert

Signed-off-by: Denilson Nastacio <[email protected]>
IBM · May 2, 2024 · df38c6b · df38c6b
1 parent 393d481
commit df38c6b
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 46 deletions.
diff --git a/config/argocd/Chart.yaml b/config/argocd/Chart.yaml
@@ -21,4 +21,4 @@ version: 0.8.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: "0.31.0"
+appVersion: "0.32.0"
diff --git a/config/argocd/templates/0200-argocd.yaml b/config/argocd/templates/0200-argocd.yaml
@@ -553,6 +553,10 @@ spec:
         memory: 128Mi
     route:
       enabled: true
+      tls:
+        # https://access.redhat.com/solutions/6041341
+        insecureEdgeTerminationPolicy: Redirect
+        termination: reencrypt
     service:
       type: ""
   sso:

diff --git a/tests/postbuild/gitops.sh b/tests/postbuild/gitops.sh
@@ -210,45 +210,6 @@ EOF
 }
 
 
-#
-# Replaces the TLS for Argo servers with the default ingress cert
-#
-# https://argoproj.github.io/argo-cd/operator-manual/tls/
-#
-function set_argo_tls() {
-    local result=0
-
-    local argo_secret_name=openshift-gitops-tls
-
-    local cert
-    local cert_key
-
-    local ingress_secret_name
-    ingress_secret_name=$(oc get ingresscontroller.operator default \
-        --namespace openshift-ingress-operator \
-        -o jsonpath='{.spec.defaultCertificate.name}') || result=1
-
-    if [ -n "${ingress_secret_name}" ] && [ "${result}" -eq 0 ]; then
-        cert=$(oc get secret "${ingress_secret_name}" \
-            --namespace openshift-ingress \
-            -o jsonpath='{.data.tls\.crt}') \
-        && cert_key=$(oc get secret "${ingress_secret_name}" \
-            --namespace openshift-ingress \
-            -o jsonpath='{.data.tls\.key}') \
-        && oc patch secret "${argo_secret_name}" \
-            --namespace openshift-gitops \
-            --type=merge -p \
-            "{\"data\": { \"tls.crt\": \"${cert}\", \"tls.key\": \"${cert_key}\"}}" \
-        && log "INFO: Successfully set ArgoCD TLS certificate on secret ${argo_secret_name}." \
-        || result=1
-    else
-        log "INFO: Not setting ArgoCD TLS certificate: no default certificate name for the ingress."
-    fi
-
-    return ${result}
-}
-
-
 #
 # Adds the bootstrap argocd repository to the server.
 #
@@ -579,12 +540,6 @@ function setup_gitops_server() {
         log "ERROR: Failed to set secrets."
     }
 
-    set_argo_tls || \
-    {
-        result=1
-        log "ERROR: Failed to set Argo TLS."
-    }
-
     # Patch ArgoCD admin password
     set_argo_admin_pwd "${cluster_type}" "${cluster_name}" "${username}" "${api_key}" \
         || result=1