Skip to content

use self-signed cert for argocd server#352

Merged
nabuskey merged 1 commit intocnoe-io:mainfrom
nabuskey:argocd-cert
Aug 5, 2024
Merged

use self-signed cert for argocd server#352
nabuskey merged 1 commit intocnoe-io:mainfrom
nabuskey:argocd-cert

Conversation

@nabuskey
Copy link
Copy Markdown
Collaborator

@nabuskey nabuskey commented Aug 2, 2024

Currently ArgoCD does not use our cert. This PR changes that. This allows services that want to communicate with ArgoCD to do so without disabling TLS verification all together (still need to import the cert).

$ openssl s_client -showcerts -servername argocd.cnoe.localtest.me -connect argocd.cnoe.localtest.me:8443 </dev/null | openssl x509 -text | grep 'Subject Alternative Name' -A 1

            X509v3 Subject Alternative Name:
                DNS:cnoe.localtest.me, DNS:*.cnoe.localtest.me

@nabuskey
use self-signed cert for argocd server
6fc6fa3 
Signed-off-by: Manabu McCloskey <manabu.mccloskey@gmail.com>
@jessesanford jessesanford self-requested a review August 3, 2024 14:27
jessesanford
jessesanford approved these changes Aug 3, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@jessesanford jessesanford left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

pkg/build/tls.go
const (
certificateOrgName = "cnoe.io"
certificateOrgName = "cnoe.io"
certificateValidLength = time.Hour * 8766
Copy link
Copy Markdown
Contributor

@jessesanford jessesanford Aug 3, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not really a big deal, but maybe we could shorten this? I feel like folks will not be keeping builder clusters up for more than weeks, but just in case we should flag the need to rotate these carts sooner?

Copy link
Copy Markdown
Collaborator Author

@nabuskey nabuskey Aug 5, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah we can shorten it. Will follow up with another PR.

@nabuskey nabuskey merged commit 71fefc7 into cnoe-io:main Aug 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jessesanford jessesanford jessesanford approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nabuskey @jessesanford