-
Feature Request
-
Resolution: Done
-
Minor
-
None
-
None
-
None
-
False
-
None
-
False
-
Not Selected
-
-
-
Currently it is possible to access repositories using self signed certificates using the steps documented here:
https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories-using-self-signed-tls-certificates-or-are-signed-by-custom-ca
However this has two limitations:
- if using multiple external git servers accessed over https, you need to add for each server the server public key in PEM format
- OpenShift already offers a built in mechanism for injecting a user defined trust bundle containing a custom CA at https://docs.openshift.com/container-platform/latest/networking/configuring-a-custom-pki.html#certificate-injection-using-operators_configuring-a-custom-pki
OpenShift users expect a minimum of integration with the rest of the platform and should not need to do extra configuration when they have defined a custom CA, similarly to Unix/Linux where we have a central trust bundle on the file system (SSL_CERT_DIR) which is then used by all applications for certificate validation.
- relates to
-
GITOPS-5469 Umbrella Chart shows "x509: certificate signed by unknown authority" when using custom CA
-
- Refinement
-