From 1e661b121de13152d46ecb11102d94cb0b32760a Mon Sep 17 00:00:00 2001 From: Leonardo Luz Almeida Date: Thu, 28 Sep 2023 17:26:08 -0400 Subject: [PATCH 1/4] docs: move self-signed certs gitlab scm docs Signed-off-by: Leonardo Luz Almeida --- .../applicationset/Add-self-signed-TLS-Certs.md | 9 --------- .../applicationset/Generators-SCM-Provider.md | 6 ++++++ 2 files changed, 6 insertions(+), 9 deletions(-) delete mode 100644 docs/operator-manual/applicationset/Add-self-signed-TLS-Certs.md diff --git a/docs/operator-manual/applicationset/Add-self-signed-TLS-Certs.md b/docs/operator-manual/applicationset/Add-self-signed-TLS-Certs.md deleted file mode 100644 index 4a4ed1b44426e..0000000000000 --- a/docs/operator-manual/applicationset/Add-self-signed-TLS-Certs.md +++ /dev/null @@ -1,9 +0,0 @@ -# Add support for self-signed TLS / Certificates for Gitlab SCM/PR Provider - -## Implementation details - -### Overview - -In order for a self-signed TLS certificate be used by an ApplicationSet's SCM / PR Gitlab Generator, the certificate needs to be mounted on the application-controller. The path of the mounted certificate must be explicitly set using the environment variable `ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH` or alternatively using parameter `--scm-root-ca-path`. The applicationset controller will read the mounted certificate to create the Gitlab client for SCM/PR Providers - -This can be achieved conveniently by setting `applicationsetcontroller.scm.root.ca.path` in the argocd-cmd-params-cm ConfigMap. Be sure to restart the ApplicationSet controller after setting this value. diff --git a/docs/operator-manual/applicationset/Generators-SCM-Provider.md b/docs/operator-manual/applicationset/Generators-SCM-Provider.md index befe7ad81cfdb..a965d060554bf 100644 --- a/docs/operator-manual/applicationset/Generators-SCM-Provider.md +++ b/docs/operator-manual/applicationset/Generators-SCM-Provider.md @@ -117,6 +117,12 @@ For label filtering, the repository tags are used. Available clone protocols are `ssh` and `https`. +### Self-signed TLS Certificates + +In order for a self-signed TLS certificate be used by an ApplicationSet's SCM / PR Gitlab Generator, the certificate needs to be mounted on the application-controller. The path of the mounted certificate must be explicitly set using the environment variable `ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH` or alternatively using parameter `--scm-root-ca-path`. The applicationset controller will read the mounted certificate to create the Gitlab client for SCM/PR Providers + +This can be achieved conveniently by setting `applicationsetcontroller.scm.root.ca.path` in the argocd-cmd-params-cm ConfigMap. Be sure to restart the ApplicationSet controller after setting this value. + ## Gitea The Gitea mode uses the Gitea API to scan organizations in your instance From bd2d5a9704837a6604cfb72a02c2caa20f7e8966 Mon Sep 17 00:00:00 2001 From: Leonardo Luz Almeida Date: Thu, 28 Sep 2023 19:26:45 -0400 Subject: [PATCH 2/4] docs: fix broken link Signed-off-by: Leonardo Luz Almeida --- docs/operator-manual/applicationset/Generators-Pull-Request.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/operator-manual/applicationset/Generators-Pull-Request.md b/docs/operator-manual/applicationset/Generators-Pull-Request.md index 8762bf572f243..298e5135392ce 100644 --- a/docs/operator-manual/applicationset/Generators-Pull-Request.md +++ b/docs/operator-manual/applicationset/Generators-Pull-Request.md @@ -105,7 +105,7 @@ spec: * `pullRequestState`: PullRequestState is an additional MRs filter to get only those with a certain state. Default: "" (all states) * `insecure`: By default (false) - Skip checking the validity of the SCM's certificate - useful for self-signed TLS certificates. -As a preferable alternative to setting `insecure` to true, you can configure self-signed TLS certificates for Gitlab by [mounting self-signed certificate to the applicationset controller](./Add-self-signed-TLS-Certs.md). +As a preferable alternative to setting `insecure` to true, you can configure self-signed TLS certificates for Gitlab by [mounting self-signed certificate to the applicationset controller](./Generators-SCM-Provider.md#self-signed-tls-certificates). ## Gitea From 445c98d2fedcefc187e3db99a680c01d0fa11ddf Mon Sep 17 00:00:00 2001 From: Leonardo Luz Almeida Date: Thu, 28 Sep 2023 19:32:42 -0400 Subject: [PATCH 3/4] docs: fix link Signed-off-by: Leonardo Luz Almeida --- .../operator-manual/applicationset/Generators-SCM-Provider.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/operator-manual/applicationset/Generators-SCM-Provider.md b/docs/operator-manual/applicationset/Generators-SCM-Provider.md index a965d060554bf..56694a61399de 100644 --- a/docs/operator-manual/applicationset/Generators-SCM-Provider.md +++ b/docs/operator-manual/applicationset/Generators-SCM-Provider.md @@ -111,14 +111,14 @@ spec: * `tokenRef`: A `Secret` name and key containing the GitLab access token to use for requests. If not specified, will make anonymous requests which have a lower rate limit and can only see public repositories. * `insecure`: By default (false) - Skip checking the validity of the SCM's certificate - useful for self-signed TLS certificates. -As a preferable alternative to setting `insecure` to true, you can configure self-signed TLS certificates for Gitlab by [mounting self-signed certificate to the applicationset controller](./Add-self-signed-TLS-Certs.md). - For label filtering, the repository tags are used. Available clone protocols are `ssh` and `https`. ### Self-signed TLS Certificates +As a preferable alternative to setting `insecure` to true, you can configure self-signed TLS certificates for Gitlab. + In order for a self-signed TLS certificate be used by an ApplicationSet's SCM / PR Gitlab Generator, the certificate needs to be mounted on the application-controller. The path of the mounted certificate must be explicitly set using the environment variable `ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH` or alternatively using parameter `--scm-root-ca-path`. The applicationset controller will read the mounted certificate to create the Gitlab client for SCM/PR Providers This can be achieved conveniently by setting `applicationsetcontroller.scm.root.ca.path` in the argocd-cmd-params-cm ConfigMap. Be sure to restart the ApplicationSet controller after setting this value. From d9e812dede7fdd72d51cca4acab10d8c5167a7d7 Mon Sep 17 00:00:00 2001 From: Leonardo Luz Almeida Date: Thu, 28 Sep 2023 19:46:32 -0400 Subject: [PATCH 4/4] fix typo Signed-off-by: Leonardo Luz Almeida --- docs/operator-manual/applicationset/Generators-SCM-Provider.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/operator-manual/applicationset/Generators-SCM-Provider.md b/docs/operator-manual/applicationset/Generators-SCM-Provider.md index 56694a61399de..5e3c4a6ab8aa4 100644 --- a/docs/operator-manual/applicationset/Generators-SCM-Provider.md +++ b/docs/operator-manual/applicationset/Generators-SCM-Provider.md @@ -119,7 +119,7 @@ Available clone protocols are `ssh` and `https`. As a preferable alternative to setting `insecure` to true, you can configure self-signed TLS certificates for Gitlab. -In order for a self-signed TLS certificate be used by an ApplicationSet's SCM / PR Gitlab Generator, the certificate needs to be mounted on the application-controller. The path of the mounted certificate must be explicitly set using the environment variable `ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH` or alternatively using parameter `--scm-root-ca-path`. The applicationset controller will read the mounted certificate to create the Gitlab client for SCM/PR Providers +In order for a self-signed TLS certificate be used by an ApplicationSet's SCM / PR Gitlab Generator, the certificate needs to be mounted on the applicationset-controller. The path of the mounted certificate must be explicitly set using the environment variable `ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH` or alternatively using parameter `--scm-root-ca-path`. The applicationset controller will read the mounted certificate to create the Gitlab client for SCM/PR Providers This can be achieved conveniently by setting `applicationsetcontroller.scm.root.ca.path` in the argocd-cmd-params-cm ConfigMap. Be sure to restart the ApplicationSet controller after setting this value.