Consume the CA in ArgoCD sidecar containers

jtudelag · Feb 7, 2024 · 902168a · 902168a
1 parent 2efdd6f
commit 902168a
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/base/openshift-gitops-instance-avp/manifests/argocd-avp.yaml b/base/openshift-gitops-instance-avp/manifests/argocd-avp.yaml
@@ -37,6 +37,10 @@ spec:
       - configMap:
           name: cmp-plugin
         name: cmp-plugin
+      - configMap:
+          name: user-ca-bundle
+        name: user-ca-bundle
+        optional: true
     # This is our sidecar container spec for the vault plugin
     # Specifically note the mounting of our vault config env vars
     # via secretRef.
@@ -51,6 +55,10 @@ spec:
           runAsNonRoot: true
           readOnlyRootFilesystem: true
         volumeMounts:
+          # https://access.redhat.com/solutions/7000863
+          - mountPath: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+            subPath: ca-bundle.crt
+            name: user-ca-bundle
           - mountPath: /var/run/argocd
             name: var-files
           - mountPath: /home/argocd/cmp-server/plugins
@@ -71,6 +79,10 @@ spec:
           runAsNonRoot: true
           readOnlyRootFilesystem: true
         volumeMounts:
+          # https://access.redhat.com/solutions/7000863
+          - mountPath: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+            subPath: ca-bundle.crt
+            name: user-ca-bundle
           - mountPath: /var/run/argocd
             name: var-files
           - mountPath: /home/argocd/cmp-server/plugins
@@ -91,6 +103,10 @@ spec:
           runAsNonRoot: true
           readOnlyRootFilesystem: true
         volumeMounts:
+          # https://access.redhat.com/solutions/7000863
+          - mountPath: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+            subPath: ca-bundle.crt
+            name: user-ca-bundle
           - mountPath: /var/run/argocd
             name: var-files
           - mountPath: /home/argocd/cmp-server/plugins