kubechecks icon indicating copy to clipboard operation
kubechecks copied to clipboard
verified publisher icon zapier

Document the different ways of avoiding TLS requirements

Open djeebus opened this issue 1 year ago • 2 comments

Scenarios that I can think of:

  • ArgoCD doesn't have a valid certificate
  • ArgoCD is listening via plaintext

It seems that recent changes have necessitate setting an additional environment variable (GRPC_ENFORCE_ALPN_ENABLED) but I'd like to make it clear when these are necessary, or simply set the env var in code when necessary based on other configuration flags.

djeebus avatar Dec 20 '24 16:12 djeebus

just my two cents. most of these TLS hiccup was because of the local development. I don't think it's ideal for us to even encourage the idea of plaintext communications in other places.

Greyeye avatar Dec 24 '24 22:12 Greyeye

That's a fair point re: plaintext, although I don't think we can control whether people have set up argocd in a way that requires it.

Invalid certificates are going to come up a lot though, either when self hosting argocd or communicating with the repo server internally.

djeebus avatar Jan 01 '25 19:01 djeebus