Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Update the default TLS termination policy to reencrypt #1363

Merged
merged 4 commits into from
May 22, 2024
Merged

feat: Update the default TLS termination policy to reencrypt #1363

merged 4 commits into from
May 22, 2024

Conversation

chetan-rns
Copy link
Collaborator

@chetan-rns chetan-rns commented May 20, 2024
edited
Loading

What type of PR is this?

/kind enhancement

What does this PR do / why we need it:

  • This PR updates the default TLS termination policy of OpenShift Route from passthrough to reencrypt. With this change, OpenShift users could use the default ingress certificates for the argocd server without any explicit modification.
  • The user/browser/CLI and the Router will communicate using the ingress certificate. The operator relies on OpenShift Service's CA to generate a self-signed certificate in the argocd-server-tls secret which will be used between the Router and the Argo CD server.

Have you updated the necessary documentation?

  • Documentation update is required by this PR.
  • Documentation has been updated.

Which issue(s) this PR fixes:

Fixes #?

How to test changes / Special notes to the reviewer:

  1. Create an Argo CD CR without specifying the server's TLS termination policy.
  2. Verify if the server Route is using the Reencrypt policy.
  3. Open the server route in a browser and ensure that it is using the ingress operator certificate.

@chetan-rns
Update the default TLS termination policy to reencrypt
26be68b 
Signed-off-by: Chetan Banavikalmutt <chetanrns1997@gmail.com>
@chetan-rns
Revert the edge termination policy back to Redirect
7509196 
Signed-off-by: Chetan Banavikalmutt <chetanrns1997@gmail.com>
@chetan-rns
Add a test to verify the TLS config
6ee3d77 
Signed-off-by: Chetan Banavikalmutt <chetanrns1997@gmail.com>
@chetan-rns chetan-rns marked this pull request as ready for review May 20, 2024 15:49
@chetan-rns
Copy link
Collaborator Author

Jira: https://issues.redhat.com/browse/GITOPS-4674

anandf
anandf reviewed May 21, 2024
View reviewed changes
api/v1beta1/argocd_types.go Outdated Show resolved Hide resolved
anandf
anandf reviewed May 21, 2024
View reviewed changes
Copy link
Collaborator

@anandf anandf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A minor comment, otherwise looks good to me.

svghadi
svghadi reviewed May 21, 2024
View reviewed changes
Copy link
Collaborator

@svghadi svghadi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested out the change, looks good. Thanks @chetan-rns.

@svghadi svghadi changed the title Update the default TLS termination policy to reencrypt feat: Update the default TLS termination policy to reencrypt May 21, 2024
@chetan-rns
Remove redundant nil check while verifying AutoTLS
5ce40df 
Signed-off-by: Chetan Banavikalmutt <chetanrns1997@gmail.com>
anandf
anandf approved these changes May 21, 2024
View reviewed changes
Copy link
Collaborator

@anandf anandf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

svghadi
svghadi approved these changes May 21, 2024
View reviewed changes
Copy link
Collaborator

@svghadi svghadi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@jgwest jgwest merged commit 1ff45e5 into argoproj-labs:master May 22, 2024
7 checks passed
@chetan-rns chetan-rns mentioned this pull request May 22, 2024
Merged
4 tasks
@chetan-rns chetan-rns mentioned this pull request Jun 5, 2024
Merged
2 tasks
reginapizza pushed a commit to reginapizza/argocd-operator that referenced this pull request Jun 5, 2024
@chetan-rns @reginapizza
feat: Update the default TLS termination policy to reencrypt (argopro…
6f6269a 
…j-labs#1363)

* Update the default TLS termination policy to reencrypt

Signed-off-by: Chetan Banavikalmutt <chetanrns1997@gmail.com>

* Revert the edge termination policy back to Redirect

Signed-off-by: Chetan Banavikalmutt <chetanrns1997@gmail.com>

* Add a test to verify the TLS config

Signed-off-by: Chetan Banavikalmutt <chetanrns1997@gmail.com>

* Remove redundant nil check while verifying AutoTLS

Signed-off-by: Chetan Banavikalmutt <chetanrns1997@gmail.com>

---------

Signed-off-by: Chetan Banavikalmutt <chetanrns1997@gmail.com>
@svghadi svghadi added the backport-to-redesign Changes which need to be backported to operator-redesign branch label Jun 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anandf anandf anandf approved these changes

@jgwest jgwest jgwest approved these changes

@svghadi svghadi svghadi approved these changes

Assignees
No one assigned
Labels
backport-to-redesign Changes which need to be backported to operator-redesign branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@chetan-rns @anandf @jgwest @svghadi