Controller defines the Application Controller options for ArgoCD.
-
-
-
- image
-
- string
-
- |
-
- Image is the Keycloak container image.
- |
-
-
-
- resources
-
-
- Kubernetes core/v1.ResourceRequirements
-
- |
-
- Resources defines the Compute Resources required by the container for Keycloak.
- |
-
-
-
- version
-
- string
-
- |
-
- Version is the Keycloak container image tag.
- |
-
-
-
- verifyTLS
-
- bool
-
- |
-
- VerifyTLS set to false disables strict TLS validation.
- |
-
dex
@@ -2364,7 +2293,7 @@ Resource Types:
|
- Dex contains the configuration for Argo CD dex authentication
+ Dex contains the configuration for Argo CD dex authentication (previously found under cr.spec.dex)
|
@@ -2425,23 +2354,6 @@ Resource Types:
-
-
- dex
-
- string
-
- |
-
- Dex is a simple, high-level summary of where the Argo CD Dex component is in its lifecycle.
- There are five possible dex values:
- Pending: The Argo CD Dex component has been accepted by the Kubernetes system, but one or more of the required resources have not been created.
- Running: All of the required Pods for the Argo CD Dex component are in a Ready state.
- Failed: At least one of the Argo CD Dex component Pods had a failure.
- Unknown: For some reason the state of the Argo CD Dex component could not be obtained.
-
- |
-
notifications
@@ -2529,17 +2441,18 @@ Resource Types:
|
- ssoConfig
+ sso
string
|
- ssoConfig is a simple, high-level summary of the status of SSO configuration for the Argo CD instance.
- There are three possible server values:
- Success: Only one SSO provider is configured in CR
- Failed: SSO configuration is illegal or more than one SSO providers are configured in CR.
- Unknown: For some reason the SSO configuration could not be obtained.
+ SSO is a simple, high-level summary of where the Argo CD SSO(Dex/Keycloak) component is in its lifecycle.
+ There are four possible server values:
+ Pending: The Argo CD SSO component has been accepted by the Kubernetes system, but one or more of the required resources have not been created.
+ Running: All of the required Pods for the Argo CD SSO component are in a Ready state.
+ Failed: At least one of the Argo CD SSO component Pods had a failure.
+ Unknown: The state of the Argo CD SSO component could not be obtained.
|
diff --git a/docs/reference/argocd.md b/docs/reference/argocd.md
index 1b11c86ce..736b21072 100644
--- a/docs/reference/argocd.md
+++ b/docs/reference/argocd.md
@@ -15,7 +15,6 @@ Name | Default | Description
[**ApplicationSet**](#applicationset-controller-options) | [Object] | ApplicationSet controller configuration options.
[**ConfigManagementPlugins**](#config-management-plugins) | [Empty] | Configuration to add a config management plugin.
[**Controller**](#controller-options) | [Object] | Argo CD Application Controller options.
-[**Dex**](#dex-options) | [Object] | Dex configuration options.
[**DisableAdmin**](#disable-admin) | `false` | Disable the admin user.
[**ExtraConfig**](#extra-config) | [Empty] | A catch-all mechanism to populate the argocd-cm configmap.
[**GATrackingID**](#ga-tracking-id) | [Empty] | The google analytics tracking ID to use.
@@ -234,106 +233,6 @@ spec:
replicas: 5
```
-## Dex Options
-
-!!! warning
- `.spec.dex` is deprecated and support will be removed in Argo CD operator v0.8.0. Please use `.spec.sso.dex` to configure Dex.
-
-!!! note
- `.spec.dex` field was earlier scheduled for removal in Argo CD operator v0.7.0, but has been extended to Argo CD operator v0.8.0.
-
-The following properties are available for configuring the Dex component.
-
-Name | Default | Description
---- | --- | ---
-Config | [Empty] | The `dex.config` property in the `argocd-cm` ConfigMap.
-Groups | [Empty] | Optional list of required groups a user must be a member of
-Image | `quay.io/dexidp/dex` | The container image for Dex. This overrides the `ARGOCD_DEX_IMAGE` environment variable.
-OpenShiftOAuth | false | Enable automatic configuration of OpenShift OAuth authentication for the Dex server. This is ignored if a value is presnt for `Dex.Config`.
-Resources | [Empty] | The container compute resources.
-Version | v2.21.0 (SHA) | The tag to use with the Dex container image.
-
-### Dex Example
-
-The following examples show all properties set to the default values. Both configuration methods will be supported until v0.8.0
-
-``` yaml
-apiVersion: argoproj.io/v1alpha1
-kind: ArgoCD
-metadata:
- name: example-argocd
- labels:
- example: dex
-spec:
- dex:
- config: ""
- groups:
- - default
- image: quay.io/dexidp/dex
- openShiftOAuth: false
- resources: {}
- version: v2.21.0
-```
-OR
-
-``` yaml
-apiVersion: argoproj.io/v1alpha1
-kind: ArgoCD
-metadata:
- name: example-argocd
- labels:
- example: dex
-spec:
- sso:
- provider: dex
- dex:
- config: ""
- groups:
- - default
- image: quay.io/dexidp/dex
- openShiftOAuth: false
- resources: {}
- version: v2.21.0
-```
-
-Please refer to the [dex user guide](../usage/dex.md) to learn more about configuring dex as a Single sign-on provider.
-
-
-### Dex OpenShift OAuth Example
-
-The following example configures Dex to use the OAuth server built into OpenShift.
-
-The `OpenShiftOAuth` property can be used to trigger the operator to auto configure the built-in OpenShift OAuth server. The RBAC `Policy` property is used to give the admin role in the Argo CD cluster to users in the OpenShift `cluster-admins` group.
-
-``` yaml
-apiVersion: argoproj.io/v1alpha1
-kind: ArgoCD
-metadata:
- name: example-argocd
- labels:
- example: openshift-oauth
-spec:
- dex:
- openShiftOAuth: true
- rbac:
- defaultPolicy: 'role:readonly'
- policy: |
- g, cluster-admins, role:admin
- scopes: '[groups]'
-```
-
-### Important Note regarding Role Mappings:
-
-To have a specific user be properly atrributed with the `role:admin` upon SSO through Openshift, the user needs to be in a **group** with the `cluster-admin` role added. If the user only has a direct `ClusterRoleBinding` to the Openshift role for `cluster-admin`, the ArgoCD role will not map.
-
-A quick fix will be to create an `cluster-admins` group, add the user to the group and then apply the `cluster-admin` ClusterRole to the group.
-
-```
-oc adm groups new cluster-admins
-oc adm groups add-users cluster-admins USER
-oc adm policy add-cluster-role-to-group cluster-admin cluster-admins
-```
-
## Disable Admin
Disable the admin user. This property maps directly to the `admin.enabled` field in the `argocd-cm` ConfigMap.
@@ -374,7 +273,6 @@ spec:
"ping": "pong" // The same entry is reflected in Argo CD Configmap.
```
-
## GA Tracking ID
The google analytics tracking ID to use. This property maps directly to the `ga.trackingid` field in the `argocd-cm` ConfigMap.
@@ -741,36 +639,6 @@ spec:
my-git.com ssh-rsa AAAAB3NzaC...
```
-## Keycloak Options
-
-The following properties are available for configuring Keycloak Single sign-on provider.
-
-Name | Default | Description
---- | --- | ---
-Image | OpenShift - `registry.redhat.io/rh-sso-7/sso75-openshift-rhel8`
Kuberentes - `quay.io/keycloak/keycloak` | The container image for keycloak. This overrides the `ARGOCD_KEYCLOAK_IMAGE` environment variable.
-Resources | `Requests`: CPU=500m, Mem=512Mi, `Limits`: CPU=1000m, Mem=1024Mi | The container compute resources.
-RootCA | "" | root CA certificate for communicating with the OIDC provider
-VerifyTLS | true | Whether to enforce strict TLS checking when communicating with Keycloak service.
-Version | OpenShift - `sha256:720a7e4c4926c41c1219a90daaea3b971a3d0da5a152a96fed4fb544d80f52e3` (7.5.1)
Kubernetes - `sha256:64fb81886fde61dee55091e6033481fa5ccdac62ae30a4fd29b54eb5e97df6a9` (15.0.2) | The tag to use with the keycloak container image.
-
-### Keycloak Single sign-on Example
-
-The following example uses keycloak as Single sign-on option for Argo CD.
-
-``` yaml
-apiVersion: argoproj.io/v1alpha1
-kind: ArgoCD
-metadata:
- name: example-argocd
- labels:
- example: status-badge-enabled
-spec:
- sso:
- provider: keycloak
-```
-
-Please refer to the [keycloak user guide](../usage/keycloak/kubernetes.md) to learn more about configuring keycloak as a Single sign-on provider.
-
## Kustomize Build Options
Build options/parameters to use with `kustomize build` (optional). This property maps directly to the `kustomize.buildOptions` field in the `argocd-cm` ConfigMap.
@@ -1578,24 +1446,126 @@ spec:
## Single sign-on Options
-!!! warning
- `.spec.sso.Image`, `.spec.sso.Version`, `.spec.sso.Resources` and `.spec.sso.verifyTLS` are deprecated and support will be removed in Argo CD operator v0.8.0. Please use equivalent fields under `.spec.sso.keycloak` to configure your keycloak instance.
+The following properties are available for configuring the Single sign-on component.
+
+Name | Default | Description
+--- | --- | ---
+[Keycloak](#keycloak-options) | [Object] | Configuration options for Keycloak SSO provider
+[Dex](#dex-options) | [Object] | Configuration options for Dex SSO provider
+Provider | [Empty] | The name of the provider used to configure Single sign-on. For now the supported options are "dex" and "keycloak".
+
+## Dex Options
+
+The following properties are available for configuring the Dex component.
+
+Name | Default | Description
+--- | --- | ---
+Config | [Empty] | The `dex.config` property in the `argocd-cm` ConfigMap.
+Groups | [Empty] | Optional list of required groups a user must be a member of
+Image | `quay.io/dexidp/dex` | The container image for Dex. This overrides the `ARGOCD_DEX_IMAGE` environment variable.
+OpenShiftOAuth | false | Enable automatic configuration of OpenShift OAuth authentication for the Dex server. This is ignored if a value is present for `sso.dex.config`.
+Resources | [Empty] | The container compute resources.
+Version | v2.21.0 (SHA) | The tag to use with the Dex container image.
+
+### Dex Example
!!! note
- `.spec.sso.Image`, `.spec.sso.Version`, `.spec.sso.Resources` and `.spec.sso.verifyTLS` fields were earlier scheduled for removal in Argo CD operator v0.7.0, but have been extended to Argo CD operator v0.8.0.
+ `.spec.dex` is no longer supported in Argo CD operator v0.8.0 onwards, use `.spec.sso.dex` instead.
-The following properties are available for configuring the Single sign-on component.
+The following examples show all properties set to the default values.
+
+``` yaml
+apiVersion: argoproj.io/v1alpha1
+kind: ArgoCD
+metadata:
+ name: example-argocd
+ labels:
+ example: dex
+spec:
+ sso:
+ provider: dex
+ dex:
+ config: ""
+ groups:
+ - default
+ image: quay.io/dexidp/dex
+ openShiftOAuth: false
+ resources: {}
+ version: v2.21.0
+```
+
+Please refer to the [dex user guide](../usage/dex.md) to learn more about configuring dex as a Single sign-on provider.
+
+### Dex OpenShift OAuth Example
+
+The following example configures Dex to use the OAuth server built into OpenShift.
+
+The `OpenShiftOAuth` property can be used to trigger the operator to auto configure the built-in OpenShift OAuth server. The RBAC `Policy` property is used to give the admin role in the Argo CD cluster to users in the OpenShift `cluster-admins` group.
+
+``` yaml
+apiVersion: argoproj.io/v1alpha1
+kind: ArgoCD
+metadata:
+ name: example-argocd
+ labels:
+ example: openshift-oauth
+spec:
+ sso:
+ provider: dex
+ dex:
+ openShiftOAuth: true
+ rbac:
+ defaultPolicy: 'role:readonly'
+ policy: |
+ g, cluster-admins, role:admin
+ scopes: '[groups]'
+```
+
+### Important Note regarding Role Mappings:
+
+To have a specific user be properly atrributed with the `role:admin` upon SSO through Openshift, the user needs to be in a **group** with the `cluster-admin` role added. If the user only has a direct `ClusterRoleBinding` to the Openshift role for `cluster-admin`, the ArgoCD role will not map.
+
+A quick fix will be to create an `cluster-admins` group, add the user to the group and then apply the `cluster-admin` ClusterRole to the group.
+
+```
+oc adm groups new cluster-admins
+oc adm groups add-users cluster-admins USER
+oc adm policy add-cluster-role-to-group cluster-admin cluster-admins
+```
+
+## Keycloak Options
+
+The following properties are available for configuring Keycloak Single sign-on provider.
Name | Default | Description
--- | --- | ---
Image | OpenShift - `registry.redhat.io/rh-sso-7/sso75-openshift-rhel8`
Kuberentes - `quay.io/keycloak/keycloak` | The container image for keycloak. This overrides the `ARGOCD_KEYCLOAK_IMAGE` environment variable.
-[Keycloak](#keycloak-options) | [Object] | Configuration options for Keycloak SSO provider
-[Dex](#dex-options) | [Object] | Configuration options for Dex SSO provider
-Provider | [Empty] | The name of the provider used to configure Single sign-on. For now the supported options are Dex and keycloak.
Resources | `Requests`: CPU=500m, Mem=512Mi, `Limits`: CPU=1000m, Mem=1024Mi | The container compute resources.
+RootCA | "" | root CA certificate for communicating with the OIDC provider
VerifyTLS | true | Whether to enforce strict TLS checking when communicating with Keycloak service.
Version | OpenShift - `sha256:720a7e4c4926c41c1219a90daaea3b971a3d0da5a152a96fed4fb544d80f52e3` (7.5.1)
Kubernetes - `sha256:64fb81886fde61dee55091e6033481fa5ccdac62ae30a4fd29b54eb5e97df6a9` (15.0.2) | The tag to use with the keycloak container image.
+### Keycloak Single sign-on Example
+
+!!! note
+ `.spec.sso.Image`, `.spec.sso.Version`, `.spec.sso.Resources` and `.spec.sso.verifyTLS` fields are no longer supported in Argo CD operator v0.8.0 onwards. Please use equivalent fields under `.spec.sso.keycloak` to configure your keycloak instance.
+
+The following example uses keycloak as Single sign-on option for Argo CD.
+
+``` yaml
+apiVersion: argoproj.io/v1alpha1
+kind: ArgoCD
+metadata:
+ name: example-argocd
+ labels:
+ example: status-badge-enabled
+spec:
+ sso:
+ provider: keycloak
+```
+
+Please refer to the [keycloak user guide](../usage/keycloak/kubernetes.md) to learn more about configuring keycloak as a Single sign-on provider.
+
## System-Level Configuration
The comparison of resources with well-known issues can be customized at a system level. Ignored differences can be configured for a specified group and kind
diff --git a/docs/usage/dex.md b/docs/usage/dex.md
index 26c4a474e..172900487 100644
--- a/docs/usage/dex.md
+++ b/docs/usage/dex.md
@@ -1,24 +1,16 @@
- [Overview](#overview)
- [Installing & Configuring Dex](#installing--configuring-dex)
- - [Using `.spec.sso.provider`](#using-specssoprovider)
- - [Using the DISABLE_DEX environment variable](#using-the-disable_dex-environment-variable)
- [Dex OpenShift OAuth Connector](#dex-openshift-oauth-connector)
- [Role Mappings](#role-mappings)
- [Dex GitHub Connector](#dex-github-connector)
- [Uninstalling Dex](#uninstalling-dex)
- - [Using `.spec.sso`](#using-specsso)
- - [Using the DISABLE_DEX environment variable](#using-the-disable_dex-environment-variable-1)
- - [Using `.spec.dex`](#using-specdex)
## Overview
Dex can be used to delegate authentication to external identity providers like GitHub, SAML and others. SSO configuration of Argo CD requires updating the Argo CD CR with [Dex connector](https://dexidp.io/docs/connectors/) settings.
-
## Installing & Configuring Dex
-#### Using `.spec.sso.provider`
-
Dex configuration has moved to `.spec.sso` in release v0.4.0. Dex can be enabled by setting `.spec.sso.provider` to `dex` in the Argo CD CR.
!!! note
@@ -27,6 +19,9 @@ Dex configuration has moved to `.spec.sso` in release v0.4.0. Dex can be enabled
!!! note
Specifying `.spec.sso.dex` without setting dex as the provider will result in an error.
+!!! note
+ `.spec.dex` is no longer supported in Argo CD operator v0.8.0 onwards, use `.spec.sso.dex` instead.
+
An example of correctly configured dex would look as follows:
```yaml
@@ -41,46 +36,6 @@ spec:
openShiftOAuth: true
```
-#### Using the DISABLE_DEX environment variable
-
-!!! warning
- `DISABLE_DEX` is deprecated and support will be removed in Argo CD operator v0.8.0. Please use `.spec.sso.provider` to enable/disable Dex.
-
-!!! note
- `DISABLE_DEX` environment variable was earlier scheduled for removal in Argo CD operator v0.7.0, but has been extended to Argo CD operator v0.8.0.
-
-Until release v0.4.0 of Argo CD operator, Dex resources were created by default unless the `DISABLE_DEX` environment variable was explicitly set to `true`. However, v0.4.0 onward, `DISBALE_DEX` being either unset, or set to `false` will not trigger creation of Dex resources, unless there is valid Dex configuration expressed through `.spec.dex`. Users can continue setting `DISABLE_DEX` to `true` to uninstall dex resources until v0.8.0.
-
-!!! warning
- `.spec.dex` is deprecated and support will be removed in Argo CD operator v0.8.0. Please use `.spec.sso.dex` to configure Dex.
-
-!!! note
- `.spec.dex` field was earlier scheduled for removal in Argo CD operator v0.7.0, but has been extended to Argo CD operator v0.8.0.
-
-An example of correctly configured dex would look as follows:
-
-Set the `DISABLE_DEX` to `false` in the Subscription resource of the operator.
-
-```yaml
-spec:
- config:
- env:
- - name: DISABLE_DEX
- value: "false"
-```
-
-and supply `.spec.dex` with valid configuration
-
-```yaml
-apiVersion: argoproj.io/v1alpha1
-kind: ArgoCD
-metadata:
- name: example-argocd
-spec:
- dex:
- openShiftOAuth: true
-```
-
## Dex OpenShift OAuth Connector
The below section describes how to configure Argo CD SSO using OpenShift connector as an example. Dex makes use of the users and groups defined within OpenShift by querying the platform provided OAuth server.
@@ -95,10 +50,12 @@ metadata:
labels:
example: openshift-oauth
spec:
- dex:
- openShiftOAuth: true
- groups:
- - default
+ sso:
+ provider: dex
+ dex:
+ openShiftOAuth: true
+ groups:
+ - default
rbac:
defaultPolicy: 'role:readonly'
policy: |
@@ -126,7 +83,7 @@ The below section describes how to configure Argo CD SSO using GitHub (OAuth2) a
2. Update the Argo CD CR.
-In the `dex.config` key, add the github connector to the connectors sub field. See the Dex [GitHub connector documentation](https://github.com/dexidp/website/blob/main/content/docs/connectors/github.md) for explanation of the fields. A minimal config should populate the clientID, clientSecret generated in Step 1.
+In the `sso.dex.config` key, add the github connector to the connectors sub field. See the Dex [GitHub connector documentation](https://github.com/dexidp/website/blob/main/content/docs/connectors/github.md) for explanation of the fields. A minimal config should populate the clientID, clientSecret generated in Step 1.
You will very likely want to restrict logins to one or more GitHub organization. In the
`connectors.config.orgs` list, add one or more GitHub organizations. Any member of the org will then be able to login to Argo CD to perform management tasks.
@@ -138,50 +95,25 @@ metadata:
labels:
example: openshift-oauth
spec:
- dex:
- config: |
- connectors:
- # GitHub example
- - type: github
- id: github
- name: GitHub
- config:
- clientID: xxxxxxxxxxxxxx
- clientSecret: $dex.github.clientSecret # Alternatively $:dex.github.clientSecret
- orgs:
- - name: dummy-org
+ sso:
+ provider: dex
+ dex:
+ config: |
+ connectors:
+ # GitHub example
+ - type: github
+ id: github
+ name: GitHub
+ config:
+ clientID: xxxxxxxxxxxxxx
+ clientSecret: $dex.github.clientSecret # Alternatively $:dex.github.clientSecret
+ orgs:
+ - name: dummy-org
```
## Uninstalling Dex
-#### Using `.spec.sso`
-
-Dex can be uninstalled either by removing `.spec.sso` from the Argo CD CR, or switching to a different SSO provider.
-
-#### Using the DISABLE_DEX environment variable
-
-Dex can be uninstalled by setting `DISABLE_DEX` to `true` in the Subscription resource of the operator.
-
-```yaml
-spec:
- config:
- env:
- - name: DISABLE_DEX
- value: "true"
-```
-
-!!! warning
- `DISABLE_DEX` is deprecated and support will be removed in Argo CD operator v0.8.0. Please use `.spec.sso.provider` to enable/disable Dex.
-
!!! note
- `DISABLE_DEX` environment variable was earlier scheduled for removal in Argo CD operator v0.7.0, but has been extended to Argo CD operator v0.8.0.
-
-#### Using `.spec.dex`
-
-Dex can be uninstalled by either removing `.spec.dex` from the Argo CD CR, or ensuring `.spec.dex.config` is empty and `.spec.dex.openShiftOAuth` is set to `false`.
+ `DISABLE_DEX` environment variable is no longer supported in Argo CD operator v0.8.0 onwards.
-!!! warning
- `.spec.dex` is deprecated and support will be removed in Argo CD operator v0.8.0. Please use `.spec.sso.dex` to configure Dex.
-
-!!! note
- `.spec.dex` field was earlier scheduled for removal in Argo CD operator v0.7.0, but has been extended to Argo CD operator v0.8.0.
\ No newline at end of file
+Dex can be uninstalled either by removing `.spec.sso` from the Argo CD CR, or switching to a different SSO provider.
diff --git a/docs/usage/keycloak/kubernetes.md b/docs/usage/keycloak/kubernetes.md
index 87fa7acc1..c8a3db94f 100644
--- a/docs/usage/keycloak/kubernetes.md
+++ b/docs/usage/keycloak/kubernetes.md
@@ -46,10 +46,10 @@ spec:
```
If your keycloak is setup with a certificate which is not signed by one of the well known certificate authorities you can provide a custom certificate which will be used in verifying the Keycloak's TLS certificate when communicating with it.
-Add the rootCA to your Argo CD custom resource `.spec.keycloak.rootCA` field. The operator reconciles to this change and updates the `oidc.config` in `argocd-cm` configmap with the PEM encoded root certificate.
+Add the rootCA to your Argo CD custom resource `.spec.sso.keycloak.rootCA` field. The operator reconciles to this change and updates the `oidc.config` in `argocd-cm` configmap with the PEM encoded root certificate.
!!! note
- Argo CD server pod should be restarted after updating the `.spec.keycloak.rootCA`.
+ Argo CD server pod should be restarted after updating the `.spec.sso.keycloak.rootCA`.
Please refer to the below example:
@@ -74,14 +74,11 @@ spec:
enabled: true
```
-!!! warning
- `.spec.sso.Image`, `.spec.sso.Version`, `.spec.sso.Resources` and `.spec.sso.verifyTLS` are deprecated and support will be removed in Argo CD operator v0.8.0. Please use equivalent fields under `.spec.sso.keycloak` to configure your keycloak instance.
-
!!! note
- `.spec.sso.Image`, `.spec.sso.Version`, `.spec.sso.Resources` and `.spec.sso.verifyTLS` fields were earlier scheduled for removal in Argo CD operator v0.7.0, but have been extended to Argo CD operator v0.8.0.
+ `.spec.sso.Image`, `.spec.sso.Version`, `.spec.sso.Resources` and `.spec.sso.verifyTLS` fields are no longer supported in Argo CD operator v0.8.0 onwards. Please use equivalent fields under `.spec.sso.keycloak` to configure your keycloak instance.
!!! note
- If you test the operator locally using `make run`, please add `.spec.sso.verifyTLS: false`, or `.spec.sso.keycloak.verifyTLS: false` to your Argo CD CR. Specifying conflicting information in both specs will result in errors.
+ If you test the operator locally using `make run`, please add `.spec.sso.keycloak.verifyTLS: false` to your Argo CD CR. Specifying conflicting information in both specs will result in errors.
## Create
diff --git a/docs/usage/keycloak/openshift.md b/docs/usage/keycloak/openshift.md
index e3294671c..89bb4dacb 100644
--- a/docs/usage/keycloak/openshift.md
+++ b/docs/usage/keycloak/openshift.md
@@ -20,10 +20,10 @@ spec:
```
If your keycloak is setup with a certificate which is not signed by one of the well known certificate authorities you can provide a custom certificate which will be used in verifying the Keycloak's TLS certificate when communicating with it.
-Add the rootCA to your Argo CD custom resource `.spec.keycloak.rootCA` field. The operator reconciles to this change and updates the `oidc.config` in `argocd-cm` configmap with the PEM encoded root certificate.
+Add the rootCA to your Argo CD custom resource `.spec.sso.keycloak.rootCA` field. The operator reconciles to this change and updates the `oidc.config` in `argocd-cm` configmap with the PEM encoded root certificate.
!!! note
- Argo CD server pod should be restarted after updating the `.spec.keycloak.rootCA`.
+ Argo CD server pod should be restarted after updating the `.spec.sso.keycloak.rootCA`.
Please refer to the below example:
@@ -48,6 +48,9 @@ spec:
enabled: true
```
+!!! note
+ `.spec.sso.Image`, `.spec.sso.Version`, `.spec.sso.Resources` and `.spec.sso.verifyTLS` fields are no longer supported in Argo CD operator v0.8.0 onwards. Please use equivalent fields under `.spec.sso.keycloak` to configure your keycloak instance.
+
## Create
Create a new Argo CD Instance in the `argocd` namespace using the provided example.