Add --tls-certificate-secret-name parameter to server command. Fixes #5582
Signed-off-by: vladimir ivanov [email protected]
Fixes #5582
Add --tls-certificate-secret-name parameter to server command.
Since server runs on localhost:2746, get an error in the UI "certificate is valid for ... not for localhost". Therefore the merge request set InsecureSkipVerify on TLSconfig for grpc client on the gateway.
Tested to to work with secret provided by cert-manager (added to manifests).
Interesting. Thanks for the addition. Just wondering if we should support the case in which somebody doesn't want the InsecureSkipVerify? (Don't want to add more unnecessary work but not sure what others think)
This InsecureSkipVerify is for communication within the same instance of argo-server application - between grpc client and server goroutines, so don't expect this requirement.
Interesting. Thanks for the addition. Just wondering if we should support the case in which somebody doesn't want the InsecureSkipVerify? (Don't want to add more unnecessary work but not sure what others think)
This
InsecureSkipVerifyis for communication within the same instance of argo-server application - between grpc client and server goroutines, so don't expect this requirement.
Oh, I see…
Details
Great. As far as I can tell, that will propagate into all of the various manifests. You'll need to run "make codegen -B STATIC_FILES=false" and "git diff" and check in whatever changed (which you can see here).
@sarabala1979 @terrytangyuan Are either of you able to review and merge this PR?
I am not familiar with this. Maybe @alexec @sarabala1979?
Hi, This PR enforces users of the manifests to have the cert-manger CRD's installed. Is this the intention?
To use the new manifests (while happy with a self signed cert). Had to add the following to kustomize:
patchesStrategicMerge:
- |-
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: argo-workflows-issuer
$patch: delete
- |-
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: argo-server-cert
$patch: delete
patchesStrategicMerge:
- |- apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: argo-workflows-issuer $patch: delete
- |- apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: argo-server-cert $patch: delete
This was a huge issue for me as well.