fix: ensure certificate gets updated on reload

Fixes argoproj#10707. `GetCertificate` ensures that the most current version of `a.settings.Certificate` is used. It's still a bit of a mystery to me as to why the reloading of the server does not work for this, since it should fulfill the same function. Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
yyzxw · Jan 23, 2023 · 3553ef8 · 3553ef8
1 parent 1ab4026
commit 3553ef8
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/server/server.go b/server/server.go
@@ -469,8 +469,9 @@ func (a *ArgoCDServer) Run(ctx context.Context, listeners *Listeners) {
 
 		// If not matched, we assume that its TLS.
 		tlsl := tcpm.Match(cmux.Any())
-		tlsConfig := tls.Config{
-			Certificates: []tls.Certificate{*a.settings.Certificate},
+		tlsConfig := tls.Config{}
+		tlsConfig.GetCertificate = func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
+			return a.settings.Certificate, nil
 		}
 		if a.TLSConfigCustomizer != nil {
 			a.TLSConfigCustomizer(&tlsConfig)