feat: Allow disabling TLS from notifications controller and reposerver (

#19630) Signed-off-by: Matthew Wynn <matthew@matthewwynn.com>
argoproj · Aug 28, 2024 · c1d3373 · c1d3373
1 parent beb71a8
commit c1d3373
Show file tree

Hide file tree

Showing 7 changed files with 33 additions and 1 deletion.
diff --git a/cmd/argocd-notification/commands/controller.go b/cmd/argocd-notification/commands/controller.go
@@ -159,7 +159,7 @@ func NewCommand() *cobra.Command {
 	command.Flags().StringVar(&logFormat, "logformat", env.StringFromEnv("ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT", "text"), "Set the logging format. One of: text|json")
 	command.Flags().IntVar(&metricsPort, "metrics-port", defaultMetricsPort, "Metrics port")
 	command.Flags().StringVar(&argocdRepoServer, "argocd-repo-server", common.DefaultRepoServerAddr, "Argo CD repo server address")
-	command.Flags().BoolVar(&argocdRepoServerPlaintext, "argocd-repo-server-plaintext", false, "Use a plaintext client (non-TLS) to connect to repository server")
+	command.Flags().BoolVar(&argocdRepoServerPlaintext, "argocd-repo-server-plaintext", env.ParseBoolFromEnv("ARGOCD_NOTIFICATION_CONTROLLER_REPO_SERVER_PLAINTEXT", false), "Use a plaintext client (non-TLS) to connect to repository server")
 	command.Flags().BoolVar(&argocdRepoServerStrictTLS, "argocd-repo-server-strict-tls", false, "Perform strict validation of TLS certificates when connecting to repo server")
 	command.Flags().StringVar(&configMapName, "config-map-name", "argocd-notifications-cm", "Set notifications ConfigMap name")
 	command.Flags().StringVar(&secretName, "secret-name", "argocd-notifications-secret", "Set notifications Secret name")

diff --git a/docs/operator-manual/argocd-cmd-params-cm.yaml b/docs/operator-manual/argocd-cmd-params-cm.yaml
@@ -247,3 +247,5 @@ data:
   notificationscontroller.log.format: "text"
   # Enable self-service notifications config. Used in conjunction with apps-in-any-namespace. (default "false")
   notificationscontroller.selfservice.enabled: "false"
+  # Disable TLS on connections to repo server
+  notificationscontroller.repo.server.plaintext: "false"
diff --git a/manifests/base/notification/argocd-notifications-controller-deployment.yaml b/manifests/base/notification/argocd-notifications-controller-deployment.yaml
@@ -60,6 +60,12 @@ spec:
                   key: notificationscontroller.selfservice.enabled
                   name: argocd-cmd-params-cm
                   optional: true
+            - name: ARGOCD_NOTIFICATION_CONTROLLER_REPO_SERVER_PLAINTEXT
+              valueFrom:
+                configMapKeyRef:
+                  key: notificationscontroller.repo.server.plaintext
+                  name: argocd-cmd-params-cm
+                  optional: true
           workingDir: /app
           livenessProbe:
             tcpSocket:

diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml
diff --git a/manifests/ha/namespace-install.yaml b/manifests/ha/namespace-install.yaml
diff --git a/manifests/install.yaml b/manifests/install.yaml
diff --git a/manifests/namespace-install.yaml b/manifests/namespace-install.yaml