Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-4045

Change default TLS termination for cluster ArgoCD instance to reencrypt

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Done
    • Icon: Major Major
    • None
    • None
    • GitOps
    • 5
    • False
    • None
    • False
    • Not Selected

      Source: https://github.com/redhat-developer/gitops-operator/issues/297

      Description

      When the gitops-operator is installed, by default the cluster ArgoCD instance uses self-signed certificates which can be an unexpected user experience if the default ingress router certificates are signed by a trusted CA. In the past I think this was necessary because the gitops-operator did not support the other kinds of ingress TLS termination (edge, reencrypt) but now that it does we should look at changing this default behavior.

      Describe the solution you'd like
      The gitops-operator's gitopsservice controller should reconcile the default cluster ArgoCD instance to set the route TLS termination to reencrypt:
      spec:
      server:
      route:
      enabled: true
      tls:
      termination: reencypt{{}}
      Describe alternatives you've considered
      It is possible to manually change the ArgoCD spec after installation and set this but since the operator "owns" the ArgoCD instance ideally it should be done there.

            halawren@redhat.com Harriet Lawrence
            aveerama@redhat.com Abhishek Veeramalla
            Votes:
            3 Vote for this issue
            Watchers:
            11 Start watching this issue

              Created:
              Updated:
              Resolved: