-
Task
-
Resolution: Unresolved
-
Undefined
-
None
-
None
-
False
-
None
-
False
-
-
For QE:
Automated test:
kubectl kuttl test ./test/openshift/e2e/parallel --config ./test/openshift/e2e/parallel/kuttl-tests.yaml --test 1-005_validate_route_tls
Manual Upgrade testing
Test how operator reacts to older configs which are not recommended. The operator will throw a message in manager pod logs and emit a event post upgrade about use of old fields.
- Install older version of GitOps Operator (v1.14 or v1.13)
- Modify default openshift-gitops ArgoCD CR
apiVersion: argoproj.io/v1beta1 kind: ArgoCD metadata: name: openshift-gitops namespace: openshift-gitops spec: spec: server: route: enabled: true tls: termination: reencrypt certificate: |- -----BEGIN CERTIFICATE----- MIIEbTCCAtWgAwIBAgIUA80/UfgNcx8tYz/XXlo6X8DJzXQwDQYJKoZIhvcNAQEL BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAgFw0yNDA5MjUwNDM4MjdaGA8yMTIz MDQyMDA0MzgyN1owRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCAaIwDQYJKoZIhvcN AQEBBQADggGPADCCAYoCggGBAJUuv+nO7S02+BHo5zkVg/IwUNSqQhsgKe3Djzsm ISctrzNgrtUPqxYU0XDPXIS/v4wrtXrbXjlEaVgpTToqt/DRITH/I9FZzFQRQWKb Gx0g3aH/LFJHHix4KCMPzEcykXba3zJqZei4NeJ7ym/Z5g/gJjGOE2SDVJN7YA9p WKEgf/+TB6uPkEcgNc+8rFKbwQ63IhqOnHZq0mFaT/DWQUWYqLNZOHIiXjIELjGe RjzmxlTQd9hWrC+FP1fOz9Ahpnw8oJ+wEpMUSpsAd3FFYUDZW/bj3jwWLT3WtmTb d5ehpeE/zM5twy4rZXzT43+fsO/ns2YDxsSiujrtwm/Ar5k86S2XTkWro6f/t/Ml dcIGzUZm2lSRacX1brIhNryHU2ZyVsEKJbS4/7N/wHTqhctSZlJRXkfjPiIC2KHV YngPAtJ+fSmdULd7rIWcaxsrpnyozVpzYm5U8XRGm/pj2FFHVKPdSBoo2GrkVMyh oU3+YiFno57wNbrm9ROzMIHhhwIDAQABo1MwUTAdBgNVHQ4EFgQUTbU3O3JsKBC6 jCLjxTX4zWEAgc8wHwYDVR0jBBgwFoAUTbU3O3JsKBC6jCLjxTX4zWEAgc8wDwYD VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAYEAMthyYhEUf5GdrKSMBuWR +QlsBau/6N2nSxRxM2g4oexQOGUny1r76KrW6o/2V/PYyz/3WgOgSB/4sZxNoeu8 rsjY9sp/bCWJ6jEmhm2kkVeb3Arix0iNt7BviOCjoVchc31R20JLP0a6WK+KtiV2 C8qbuOQEkVWY/NVy+buHKqJjNZXyj8ADX0It8rAmaEGMEGkEFtYTnjEYHdkPWfYx 6P9C12PrZySu9+L3eGmylKeDU7dWvBAONbHfHL8W/8pxG1CwObfkTEpzVTlR0SfI W1dZ9YXb7S5F/0j6GLeUSgvnQZxH4rbc699wC9Y/kt5EozT1xvmKgZ6G6vaU2Mhb jZnrbB4swXCVf98HDAy8PWrn7BWky9G8SbM5kS6Mj9pQwZnnfF6VLg+uWBBjMh7g 0Ntf+Lv/IC5v+jC7TDKRPCAUGYzBRLMbT0WvK0BVXhp6swCi4qtME/BTsqXA6zzk 5PfEh1b+yuqxbF3bU8rII1LIsXxr96lssl+H0HxPpQKv -----END CERTIFICATE----- key: |- -----BEGIN PRIVATE KEY----- MIIG/QIBADANBgkqhkiG9w0BAQEFAASCBucwggbjAgEAAoIBgQCVLr/pzu0tNvgR 6Oc5FYPyMFDUqkIbICntw487JiEnLa8zYK7VD6sWFNFwz1yEv7+MK7V62145RGlY KU06Krfw0SEx/yPRWcxUEUFimxsdIN2h/yxSRx4seCgjD8xHMpF22t8yamXouDXi e8pv2eYP4CYxjhNkg1STe2APaVihIH//kwerj5BHIDXPvKxSm8EOtyIajpx2atJh Wk/w1kFFmKizWThyIl4yBC4xnkY85sZU0HfYVqwvhT9Xzs/QIaZ8PKCfsBKTFEqb AHdxRWFA2Vv24948Fi091rZk23eXoaXhP8zObcMuK2V80+N/n7Dv57NmA8bEoro6 7cJvwK+ZPOktl05Fq6On/7fzJXXCBs1GZtpUkWnF9W6yITa8h1NmclbBCiW0uP+z f8B06oXLUmZSUV5H4z4iAtih1WJ4DwLSfn0pnVC3e6yFnGsbK6Z8qM1ac2JuVPF0 Rpv6Y9hRR1Sj3UgaKNhq5FTMoaFN/mIhZ6Oe8DW65vUTszCB4YcCAwEAAQKCAYBJ 9tTF6odjTIav8oZ5ofY6ZMQevI9r/YVsUfI4xE3Zq+falEv6bPtJRmcVBGp9ksg4 ig8/a3YK9KU6Rbf5Z+as6jMII9SxXlFVOPzvE7HcvkfEosxpusL2D1jvEU0Z27ON dzUEPQZr3LEyqmeTDzjmlB67oRJyWj7bpGbbHUMJGCD+KPq7j8Fb0ld7uLLDfl+4 mQm6mwxuFcZa6DkMUl4oUGkMCudWhz2mlLYGec+fMFgTAwz4YPib0ve15F7adWPh EYqE8cqz3p1r2b9O6MNu0GTK16+388AFVSULImag/525pddohZgPHU8BJAKffGL6 XCCfQrQBbe6geYsNANx8E34M3fbmkeby41oLY8v8PJOMHvoDREqD7tgqlPgozlD0 BXlDaxTYLAwbyK+jARvQT60a4V744MMhsJ57GMC69R/YDW7Qbd4hiD3P4XEmqHBz a/dhsNsJylgTMLFOIr4RnH/82yXyG3J0WTtZP+kRxq1aHaTduSif1SQkFqhr+MkC gcEAxxmX9UAChk+DuOPsYYtx+kl/0aR8B5tvVQRQDxfij0Km9nXEyTsRE34sFlAk RxgVUb+DjARPn5OuST/v3HHemGUU2x/L5BYYgtn9waI6vpTA3lllPzTYIr6aZfkb yaX6UbHk5C9af/0F+xq4pNoSpcafdrE5dJ9JyM/20Q3DRxCN+RY2alezO/UCe0Sf 3OH7Qk2RYgbP1lADV/58oqGpU079N1M4yt6ziyltPC8y/laGOAA00ZGFBPzySs2J 3yXbAoHBAL/RI4s2WsX8ERaa/GXo85q0/LK2Wq8LICm/jxrMAZrVK1u9kSEKgps2 pGV9hE73y7gBgstrfrUKghSsqwtIwQCXVYFKEzu4l2fojukJ13eCR7YSBqGTM3Jn PhyjvxoAcmBsKjkoaXAt5+6DtuTVlQmElJB1s/A8us6rwy2GaXAWTHhNGJ5xuSAd h3nW1Bsg84f5J6Vx0mnW85kAipB16LZFKUSqHpWYZ+Qe9yT0+iS0Fexz/dHmX4WA eBZ0rulAxQKBwAutkKAt9PfzygIaPE8sYq8PiJO/VhcMIueVrSx1djB49FoYZkZ3 VHUUPXnBkZ8p5nY5CXo49oKhouNhAKypcSj3JNYFc2wZb66dIqks3s025GkmTS37 54GCNIQurFaTia8pBAfuTxyatrMXyiTBNb7Le6b2liwk+6rvp8ZzTDTq36jwiJiM NFMb991LFSVbi+VDr3dUdvRXFRsgLidL3Caqx2drVjVwAo/zChkxm4gXgx/dwztX kbnNLFj+3UtdaQKBwBfHGRzctAvu3z9qHveTFP+Mh/avXDZurqH+OQMdXuWOnz1U FnV+FAqhj2d1U71mQj6hEVGeFarjjpR5gwp3DlXAbL0GLbQtgbdDwNNqgOczoygS u/ezg6Ee4zgxpDLY81S4k9NaCxf42NNcSIO9Zigz4ya1MIULQiz0ZdFy5Acc/IW9 KNwbRNOSVYTo+IoUX5vvata7cVXla3T/+C1IMHzHvgHhBMGOjvJcVE6kf42lNUKG bmRiplyqPDisZjJL8QKBwQCupVWTNeEy0YZ+7mwyJZ1DLURRlgUOKx7LhkO1MDn4 YyjJrDm1Ne3XjNXq/wjaQX5KuUdkXoqAp1emo2nKGqqVjwSkWX6ordO6mLYhGDiA vDydisaLX4I8x6NZFIabzqpZbmf6pWlxXVsEptXdAeALpxNZ/r/P34UOgF/g5jZB /r8qFYC5HnDCY72bY52UXON3ktVmhC7PK3JNmruJgunEfC/yOk8YB9Eks7+3+9SR HkXkOt1cAbJWZruf4j13X4s= -----END PRIVATE KEY----- applicationSet: enabled: true webhookServer: host: example.com route: enabled: true tls: termination: reencrypt certificate: |- -----BEGIN CERTIFICATE----- MIIEbTCCAtWgAwIBAgIUA80/UfgNcx8tYz/XXlo6X8DJzXQwDQYJKoZIhvcNAQEL BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAgFw0yNDA5MjUwNDM4MjdaGA8yMTIz MDQyMDA0MzgyN1owRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCAaIwDQYJKoZIhvcN AQEBBQADggGPADCCAYoCggGBAJUuv+nO7S02+BHo5zkVg/IwUNSqQhsgKe3Djzsm ISctrzNgrtUPqxYU0XDPXIS/v4wrtXrbXjlEaVgpTToqt/DRITH/I9FZzFQRQWKb Gx0g3aH/LFJHHix4KCMPzEcykXba3zJqZei4NeJ7ym/Z5g/gJjGOE2SDVJN7YA9p WKEgf/+TB6uPkEcgNc+8rFKbwQ63IhqOnHZq0mFaT/DWQUWYqLNZOHIiXjIELjGe RjzmxlTQd9hWrC+FP1fOz9Ahpnw8oJ+wEpMUSpsAd3FFYUDZW/bj3jwWLT3WtmTb d5ehpeE/zM5twy4rZXzT43+fsO/ns2YDxsSiujrtwm/Ar5k86S2XTkWro6f/t/Ml dcIGzUZm2lSRacX1brIhNryHU2ZyVsEKJbS4/7N/wHTqhctSZlJRXkfjPiIC2KHV YngPAtJ+fSmdULd7rIWcaxsrpnyozVpzYm5U8XRGm/pj2FFHVKPdSBoo2GrkVMyh oU3+YiFno57wNbrm9ROzMIHhhwIDAQABo1MwUTAdBgNVHQ4EFgQUTbU3O3JsKBC6 jCLjxTX4zWEAgc8wHwYDVR0jBBgwFoAUTbU3O3JsKBC6jCLjxTX4zWEAgc8wDwYD VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAYEAMthyYhEUf5GdrKSMBuWR +QlsBau/6N2nSxRxM2g4oexQOGUny1r76KrW6o/2V/PYyz/3WgOgSB/4sZxNoeu8 rsjY9sp/bCWJ6jEmhm2kkVeb3Arix0iNt7BviOCjoVchc31R20JLP0a6WK+KtiV2 C8qbuOQEkVWY/NVy+buHKqJjNZXyj8ADX0It8rAmaEGMEGkEFtYTnjEYHdkPWfYx 6P9C12PrZySu9+L3eGmylKeDU7dWvBAONbHfHL8W/8pxG1CwObfkTEpzVTlR0SfI W1dZ9YXb7S5F/0j6GLeUSgvnQZxH4rbc699wC9Y/kt5EozT1xvmKgZ6G6vaU2Mhb jZnrbB4swXCVf98HDAy8PWrn7BWky9G8SbM5kS6Mj9pQwZnnfF6VLg+uWBBjMh7g 0Ntf+Lv/IC5v+jC7TDKRPCAUGYzBRLMbT0WvK0BVXhp6swCi4qtME/BTsqXA6zzk 5PfEh1b+yuqxbF3bU8rII1LIsXxr96lssl+H0HxPpQKv -----END CERTIFICATE----- key: |- -----BEGIN PRIVATE KEY----- MIIG/QIBADANBgkqhkiG9w0BAQEFAASCBucwggbjAgEAAoIBgQCVLr/pzu0tNvgR 6Oc5FYPyMFDUqkIbICntw487JiEnLa8zYK7VD6sWFNFwz1yEv7+MK7V62145RGlY KU06Krfw0SEx/yPRWcxUEUFimxsdIN2h/yxSRx4seCgjD8xHMpF22t8yamXouDXi e8pv2eYP4CYxjhNkg1STe2APaVihIH//kwerj5BHIDXPvKxSm8EOtyIajpx2atJh Wk/w1kFFmKizWThyIl4yBC4xnkY85sZU0HfYVqwvhT9Xzs/QIaZ8PKCfsBKTFEqb AHdxRWFA2Vv24948Fi091rZk23eXoaXhP8zObcMuK2V80+N/n7Dv57NmA8bEoro6 7cJvwK+ZPOktl05Fq6On/7fzJXXCBs1GZtpUkWnF9W6yITa8h1NmclbBCiW0uP+z f8B06oXLUmZSUV5H4z4iAtih1WJ4DwLSfn0pnVC3e6yFnGsbK6Z8qM1ac2JuVPF0 Rpv6Y9hRR1Sj3UgaKNhq5FTMoaFN/mIhZ6Oe8DW65vUTszCB4YcCAwEAAQKCAYBJ 9tTF6odjTIav8oZ5ofY6ZMQevI9r/YVsUfI4xE3Zq+falEv6bPtJRmcVBGp9ksg4 ig8/a3YK9KU6Rbf5Z+as6jMII9SxXlFVOPzvE7HcvkfEosxpusL2D1jvEU0Z27ON dzUEPQZr3LEyqmeTDzjmlB67oRJyWj7bpGbbHUMJGCD+KPq7j8Fb0ld7uLLDfl+4 mQm6mwxuFcZa6DkMUl4oUGkMCudWhz2mlLYGec+fMFgTAwz4YPib0ve15F7adWPh EYqE8cqz3p1r2b9O6MNu0GTK16+388AFVSULImag/525pddohZgPHU8BJAKffGL6 XCCfQrQBbe6geYsNANx8E34M3fbmkeby41oLY8v8PJOMHvoDREqD7tgqlPgozlD0 BXlDaxTYLAwbyK+jARvQT60a4V744MMhsJ57GMC69R/YDW7Qbd4hiD3P4XEmqHBz a/dhsNsJylgTMLFOIr4RnH/82yXyG3J0WTtZP+kRxq1aHaTduSif1SQkFqhr+MkC gcEAxxmX9UAChk+DuOPsYYtx+kl/0aR8B5tvVQRQDxfij0Km9nXEyTsRE34sFlAk RxgVUb+DjARPn5OuST/v3HHemGUU2x/L5BYYgtn9waI6vpTA3lllPzTYIr6aZfkb yaX6UbHk5C9af/0F+xq4pNoSpcafdrE5dJ9JyM/20Q3DRxCN+RY2alezO/UCe0Sf 3OH7Qk2RYgbP1lADV/58oqGpU079N1M4yt6ziyltPC8y/laGOAA00ZGFBPzySs2J 3yXbAoHBAL/RI4s2WsX8ERaa/GXo85q0/LK2Wq8LICm/jxrMAZrVK1u9kSEKgps2 pGV9hE73y7gBgstrfrUKghSsqwtIwQCXVYFKEzu4l2fojukJ13eCR7YSBqGTM3Jn PhyjvxoAcmBsKjkoaXAt5+6DtuTVlQmElJB1s/A8us6rwy2GaXAWTHhNGJ5xuSAd h3nW1Bsg84f5J6Vx0mnW85kAipB16LZFKUSqHpWYZ+Qe9yT0+iS0Fexz/dHmX4WA eBZ0rulAxQKBwAutkKAt9PfzygIaPE8sYq8PiJO/VhcMIueVrSx1djB49FoYZkZ3 VHUUPXnBkZ8p5nY5CXo49oKhouNhAKypcSj3JNYFc2wZb66dIqks3s025GkmTS37 54GCNIQurFaTia8pBAfuTxyatrMXyiTBNb7Le6b2liwk+6rvp8ZzTDTq36jwiJiM NFMb991LFSVbi+VDr3dUdvRXFRsgLidL3Caqx2drVjVwAo/zChkxm4gXgx/dwztX kbnNLFj+3UtdaQKBwBfHGRzctAvu3z9qHveTFP+Mh/avXDZurqH+OQMdXuWOnz1U FnV+FAqhj2d1U71mQj6hEVGeFarjjpR5gwp3DlXAbL0GLbQtgbdDwNNqgOczoygS u/ezg6Ee4zgxpDLY81S4k9NaCxf42NNcSIO9Zigz4ya1MIULQiz0ZdFy5Acc/IW9 KNwbRNOSVYTo+IoUX5vvata7cVXla3T/+C1IMHzHvgHhBMGOjvJcVE6kf42lNUKG bmRiplyqPDisZjJL8QKBwQCupVWTNeEy0YZ+7mwyJZ1DLURRlgUOKx7LhkO1MDn4 YyjJrDm1Ne3XjNXq/wjaQX5KuUdkXoqAp1emo2nKGqqVjwSkWX6ordO6mLYhGDiA vDydisaLX4I8x6NZFIabzqpZbmf6pWlxXVsEptXdAeALpxNZ/r/P34UOgF/g5jZB /r8qFYC5HnDCY72bY52UXON3ktVmhC7PK3JNmruJgunEfC/yOk8YB9Eks7+3+9SR HkXkOt1cAbJWZruf4j13X4s= -----END PRIVATE KEY-----
- Perform an upgrade to v1.15
- Verify openshift-gitops ArgoCD status is as expected
status: applicationController: Running applicationSetController: Running phase: Available redis: Running repo: Running server: Running sso: Running
- Observe following message in Operator manager pod in openshift-gitops-operator namespace
2024-11-07T05:45:08Z INFO controller_argocd WARNING: .tls.key and .tls.certificate are insecure in ArgoCD CR and not recommended. Use .tls.externalCertificate to reference a TLS secret instead
- Observe following event in openshift-gitops namespace
$ oc get events --field-selector type=Warning -n openshift-gitops LAST SEEN TYPE REASON OBJECT MESSAGE 30s Warning InsecureFields argocd/openshift-gitops .tls.key and .tls.certificate are insecure in ArgoCD CR and not recommended. Use .tls.externalCertificate to reference a TLS secret instead.
- Verify Argo CD UI is accessible via Route
- is related to
-
GITOPS-5232 Enable the use of secrets to store TLS cert details instead of direct embedding
-
- Release Pending
-
