search

c0c0n3 / kitt4sme.live

On a mission to bring AI to the shop floor: https://kitt4sme.eu/
MIT License
1 stars 28 forks source link

TLS Certificate for ArgoCD needs to be updated #297

Closed karikolehmainen closed 1 year ago

karikolehmainen commented 1 year ago

Summary

THere is TLS certificate in the file: https://github.com/c0c0n3/kitt4sme.live/blob/main/deployment/mesh-infra/argocd/argocd-cm.yaml that needs to be updated to current

Intended outcome

Certifiate with expiry date in the future is in place

karikolehmainen commented 1 year ago

new certificate merged with pull request #298

c0c0n3 commented 1 year ago

@karikolehmainen great, thanks!!

c0c0n3 commented 1 year ago

@karikolehmainen actually I spoke too soon :-)

it doesn't look like the new cert works...try logging in w/ keycloak. you get redirected back to the argocd login page. here's what i've found in the argocd logs

time="2023-05-09T17:19:22Z" level=info msg="Initializing OIDC provider (issuer: https://kitt4sme.collab-cloud.eu/auth/realms/master)"
time="2023-05-09T17:19:22Z" level=warning msg="Failed to verify token: failed to verify token: Failed to query provider \"https://kitt4sme.collab-cloud.eu/auth/realms/master\": Get \"https://kitt4sme.collab-cloud.eu/auth/realms/master/.well-known/openid-configuration\": x509: certificate signed by unknown authority"

possibly we uploaded the wrong cert?

c0c0n3 commented 1 year ago

@karikolehmainen not need to update anymore. in fact, we don't need to configure argocd w/ our tls cert anymore b/c as of

we've got a cert in istio w/ the full ca chain.