How to force ArgoCD to load cert/key (UI/https purpose) from custom volume mount #20165
Unanswered
squirrlien
asked this question in
Q&A
Replies: 1 comment
-
|
There doesn't seem to be another way; Argo-CD only supports loading the TLS-certificate from a Secret: argo-cd/util/settings/settings.go Lines 1559 to 1580 in afcc71b |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Using argocd-autopilot, then kustomization.yaml to adjust Argocd's install.yaml.
On the mother's world, I can't find a DECLARATIVE and SAFE way to load custom certificate and private key into the argocd-server pod for the ONLY main purpose to have the UI alias Web page to use it. To be terminated on the pod - NO INGRESS.
The idea is to just use the GCP Secret Manager Add-On which nicely mounts secrets to argocd-server, e.g. under /var/tls (because argocd doesn't allow me force it to mount under /app/config/tls).
Seems like argocd-server pod is sucking the cert/key directly from the K8s secret called: "argocd-server-tls" - not mounted anywhere based on the install.yaml
The documentation is either very poor or expects that there is no other way how to manage the ArgoCD UI/Web cert through the argocd-server-tls ONLY. Why is it not customizable that argocd would load the cert/key from some mounted volume?
From this whole declarative approach, I am stuck with some robust external K8s secret massage therapists or with the manual work of:
kubectl -n argocd create secret tls argocd-server-tls
--cert=your.crt.pem
--key=your.key.pem
Beta Was this translation helpful? Give feedback.
All reactions