Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(argocd): add insecure parameter for argocd apps #721

Merged
merged 2 commits into from
Jul 1, 2022
Merged

feat(argocd): add insecure parameter for argocd apps #721

merged 2 commits into from
Jul 1, 2022

Conversation

ayeks
Copy link
Contributor

@ayeks ayeks commented Jul 1, 2022
edited
Loading

What does this PR do?

Added the optional insecure parameter for argocd apps. If you do not set the insecure parameter it will set to false by default. This does not break existing configurations.

Motivation

When using private repositories in private networks you often do not want to manage the public server certificates in addition to the private ones. The risk is very low that a man-in-the-middle attack is performed. Therefore I added the insecure parameter which can be set when creating an Argo app.

Argo Docs on the insecure flag: https://argo-cd.readthedocs.io/en/stable/user-guide/private-repositories/#self-signed-untrusted-tls-certificates

This parameter resolves repo server errors like error testing repository connectivity: ssh: handshake failed.

More

  • Yes, I have tested the PR using my local account setup (Provide any test evidence report under Additional Notes)
  • [ ] Yes, I have added a new example under examples to support my PR
    • not required in my opinion because its just a minor optional variable
  • [ ] Yes, I have created another PR for add-ons under add-ons repo (if applicable)
    • no change in the add-ons section
  • Yes, I have updated the docs for this feature
  • Yes, I ran pre-commit run -a with this PR

Note: Not all the PRs required examples and docs except a new pattern or add-on added.

For Moderators

  • E2E Test successfully complete before merge?

Additional Notes

Test report:

My config:

module "eks_blueprints_kubernetes_addons" {
  source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons?ref=v4.2.1"
  ...
  argocd_applications = {
    argo-app = {
      path                = var.path
      repo_url            = var.repo_url
      create_namespace    = true
      add_on_application  = true
      ssh_key_secret_name = var.ssh_key_secret_name
      insecure            = true    
    }
  }
}

ArgoCD Repo Server Logs:

time="2022-07-01T06:31:32Z" level=info msg="finished unary call with code OK" grpc.code=OK grpc.method=TestRepository grpc.request.deadline="2022-07-01T06:32:32Z" grpc.service=repository.RepoServerService grpc.start_time="2022-07-01T06:31:32Z" grpc.time_ms=392.957 span.kind=server system=grpc

@ayeks ayeks had a problem deploying to EKS Blueprints Test July 1, 2022 07:07 Failure
@ayeks ayeks changed the title WIP: feat(argocd): add insecure parameter for argocd apps feat(argocd): add insecure parameter for argocd apps Jul 1, 2022
@ayeks ayeks temporarily deployed to EKS Blueprints Test July 1, 2022 07:25 Inactive
@ayeks ayeks marked this pull request as ready for review July 1, 2022 07:37
bryantbiggs
bryantbiggs approved these changes Jul 1, 2022
View reviewed changes
Copy link
Contributor

@bryantbiggs bryantbiggs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems reasonable, thanks for the PR @ayeks 🎉

@bryantbiggs bryantbiggs merged commit c596f82 into aws-ia:main Jul 1, 2022
allamand pushed a commit to allamand/terraform-aws-eks-blueprints that referenced this pull request Dec 15, 2022
@ayeks @allamand
feat(argocd): add insecure parameter for argocd apps (aws-ia#721)
f12a720
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bryantbiggs bryantbiggs bryantbiggs approved these changes

@askulkarni2 askulkarni2 Awaiting requested review from askulkarni2

@kcoleman731 kcoleman731 Awaiting requested review from kcoleman731

@vara-bonthu vara-bonthu Awaiting requested review from vara-bonthu

@Zvikan Zvikan Awaiting requested review from Zvikan

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ayeks @bryantbiggs