Ability to configure TLS / HTTPS for Dex

[avidspartan1]

Summary

I would like to configure the bundled Dex deployment to serve over HTTPS instead of HTTP. Currently, HTTP is hard-coded in the ArgoCD wrapper for launching Dex.

Motivation

Encrypting all traffic between pods is a security requirement for me, and likely is for many others. Being able to configure this within ArgoCD (via the ArgoCD Helm chart) instead of having to maintain my own separate Dex Helm release is ideal; one less maintenance burden if it's supported by ArgoCD natively.

Proposal

Similar to how other keys in the Dex config are handled, particularly the web key should be checked to see if a value was given for it in the Dex config settings. My best guess is that this would be handled in util/dex/config.go: https://github.com/argoproj/argo-cd/blob/master/util/dex/config.go#L29-L31

The code currently looks like:

	dexCfg["web"] = map[string]interface{}{
		"http": "0.0.0.0:5556",
	}

I think it should look something like this:

        ok := dexCfg["web"].(map[string]interface{})
        if !ok {
	        dexCfg["web"] = map[string]interface{}{
		        "http": "0.0.0.0:5556",
	        }
	}

Take the above with a grain of salt; I'm not very familiar with Go. 😄

The point is to only set web if we didn't already find it in the Dex settings; this would allow a user like me to put the following in the Dex config:

web:
  https: 0.0.0.0:5554
  tlsCert: /etc/dex/tls.crt
  tlsKey: /etc/dex/tls.key

That definition of web would then be added to the generated /tmp/dex.yaml that the Dex pod then serves.