Uploaded image for project: 'OpenShift GitOps'
  1. OpenShift GitOps
  2. GITOPS-1482

Argo CD repo server doesn't read TLS certs for helm repo

XMLWordPrintable

    • 8
    • False
    • False
    • Hide
      * Currently, the Argo CD does not read the Transport Layer Security (TLS) certificates from the path specified in the `argocd-tls-certs-cm` config map resulting in the `x509: certificate signed by unknown authority` error.
      +
      Workaround: Perform the following steps:

      . Add the `SSL_CERT_DIR` environment variable:
      +
      .Example Argo CD custom resource

      [source,yaml]
      ----
      apiVersion: argoproj.io/v1alpha1
      kind: ArgoCD
      metadata:
        name: example-argocd
        labels:
          example: repo
      spec:
         ...
        repo:
          env:
            - name: SSL_CERT_DIR
              value: /tmp/sslcertdir
          volumeMounts:
            - name: ssl
              mountPath: /tmp/sslcertdir
          volumes:
            - name: ssl
              configMap:
                name: user-ca-bundle
         ...
      ----

      . Create an empty config map in the namespace where the subscription for your Operator exists and include the following label:
      +
      .Example config map

      [source,yaml]
      ----
      apiVersion: v1
      kind: ConfigMap
      metadata:
        name: user-ca-bundle <1>
        labels:
          config.openshift.io/inject-trusted-cabundle: "true" <2>
      ----
      <1> Name of the config map.
      <2> Requests the Cluster Network Operator to inject the merged bundle.
      +
      After creating this config map, the `user-ca-bundle` content from the `openshift-config` namespace automatically gets injected into this config map, even merged with the system ca-bundle. link:https://issues.redhat.com/browse/GITOPS-1482[GITOPS-1482]
      Show
      * Currently, the Argo CD does not read the Transport Layer Security (TLS) certificates from the path specified in the `argocd-tls-certs-cm` config map resulting in the `x509: certificate signed by unknown authority` error. + Workaround: Perform the following steps: . Add the `SSL_CERT_DIR` environment variable: + .Example Argo CD custom resource [source,yaml] ---- apiVersion: argoproj.io/v1alpha1 kind: ArgoCD metadata:   name: example-argocd   labels:     example: repo spec:    ...   repo:     env:       - name: SSL_CERT_DIR         value: /tmp/sslcertdir     volumeMounts:       - name: ssl         mountPath: /tmp/sslcertdir     volumes:       - name: ssl         configMap:           name: user-ca-bundle    ... ---- . Create an empty config map in the namespace where the subscription for your Operator exists and include the following label: + .Example config map [source,yaml] ---- apiVersion: v1 kind: ConfigMap metadata:   name: user-ca-bundle <1>   labels:     config.openshift.io/inject-trusted-cabundle: "true" <2> ---- <1> Name of the config map. <2> Requests the Cluster Network Operator to inject the merged bundle. + After creating this config map, the `user-ca-bundle` content from the `openshift-config` namespace automatically gets injected into this config map, even merged with the system ca-bundle. link: https://issues.redhat.com/browse/GITOPS-1482 [ GITOPS-1482 ]
    • GITOPS Sprint 238

      Argo CD doesn't read the TLS certs from the path specified in the `argocd-tls-certs-cm` config map resulting in the error "x509: certificate signed by unknown authority"

       

      Note: As a workaround adding the env variable `SSL_CERT_DIR` seems to fix this issue 

      Issue: https://github.com/argoproj/argo-cd/issues/3539#issuecomment-743333648

            isequeir@redhat.com Ishita Sequeira
            cbanavik Chetan Banavikalmutt
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved: