fix(argo-cd): Fix static value secret name for argocd-server ingress tls secretName #2660
Conversation
…blized. The secret can not be a static value and it absolutely does not make sens eto use extyra Signed-off-by: Arpan Chatterjee <[email protected]>
Signed-off-by: Arpan Chatterjee <[email protected]>
btwseeu78
requested review from
mbevc1,
mkilchhofer,
yu-croco,
jmeridth,
pdrastil and
tico24
as code owners
btwseeu78
changed the title
|
Hi @btwseeu78 thanks for the PR. Hardcoding TLS secret name was intentional for TLS termination in Argo CD server. Also all certificates in chart are using this name to support this scenario. Can I ask why do you need different name? See here: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server |
|
Ok so let me explain the use case first, we use external secrets operator to pull certificates for diff clusters, then kubed is used to sync across namespaces. All our certificates are shared with multiple namespaces and a specific format to easily differentiate between what certificates for what hosts.Argocd tls means we need to just create another object to store the secrets,though we already have that with a diff name. Also what's the harm having it parameterised with a default values. |
|
We have the same use case as btwseeu78 |
|
@pdrastil In my opinion it totally makes sense to have this configurable. Depending on the method used on the Ingress (e.g. SSL passthrough or not), operator docs uses different names for the secret: So it is possible to use one TLS config for Argo CD's namespace-internal or in-cluster communication and use another TLS config on the Ingress. |
Signed-off-by: Marco Maurer (-Kilchhofer) <[email protected]>
Checklist: