This PR updates the default TLS termination policy of OpenShift Route from passthrough to reencrypt. With this change, OpenShift users could use the default ingress certificates for the argocd server without any explicit modification.
The user/browser/CLI and the Router will communicate using the ingress certificate. The operator relies on OpenShift Service's CA to generate a self-signed certificate in the argocd-server-tls secret which will be used between the Router and the Argo CD server.
Have you updated the necessary documentation?
[x] Documentation update is required by this PR.
[x] Documentation has been updated.
Which issue(s) this PR fixes:
Fixes #?
How to test changes / Special notes to the reviewer:
Create an Argo CD CR without specifying the server's TLS termination policy.
Verify if the server Route is using the Reencrypt policy.
Open the server route in a browser and ensure that it is using the ingress operator certificate.
chetan-rns
commented
4 months ago
What type of PR is this?
What does this PR do / why we need it:
Have you updated the necessary documentation?
Which issue(s) this PR fixes:
Fixes #?
How to test changes / Special notes to the reviewer: