-
Bug
-
Resolution: Done
-
Major
-
None
-
3
-
False
-
None
-
False
-
-
-
-
3
-
GitOps Scarlet - Sprint 3258
Description of problem:
#1363 changed the default termination policy from passthrough to reencrypt. However, there could be some users who have configured the old passthrough Route with a custom certificate before the upgrade. We don't want to overwrite their configuration once they upgrade the operator.
This PR introduces logic to update the Route to renencrypt only if the "argocd-server-tls` secret is not present.
Prerequisites (if any, like setup, operators/versions):
Steps to Reproduce
- Install/Run an older version of the operator that still has Passthrough as default.
- Verify that the Route is using the Passthrough policy. Configure a custom TLS secret "argocd-server-tls" using OpenSSL.
- Stop the operator and run a latest version of the operator.
- Verify that the Route is using Reencrypt. But the UI is not accessible because the operator is trying to request a certificate from OpenShift Service CA in an existing secret.
- Verify the errors in the annotations of the Argo CD server service.
Actual results:
Argo CD server route will be overwritten to reencrypt for users who have already configured the old Passthrough route with a custom "argocd-server-tls" secret.
Expected results:
Argo CD server route shouldn't be overwritten to reencrypt for users who have already configured the old Passthrough route with a custom "argocd-server-tls" secret.