Skip to content

[GITOPS-9258]: Configurable TLS server settings for argocd and argocd-agent components #2139

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
akhilnittala wants to merge 14 commits into
base: master
Choose a base branch
from
Open

[GITOPS-9258]: Configurable TLS server settings for argocd and argocd-agent components #2139

Show file tree
Hide file tree
Changes from 10 commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
d4f2fc0
[GITOPS-9258]: Configurable TLS server settings for argocd and argocd…
akhilnittala Mar 27, 2026
c9c94bf
[GITOPS-9258]: Configurable TLS server settings for argocd and argocd…
akhilnittala Apr 8, 2026
64c8711
[GITOPS-9258]: Configurable TLS server settings for argocd and argocd…
akhilnittala Apr 8, 2026
62f9bc2
[GITOPS-9258]: Configurable TLS server settings for argocd and argocd…
akhilnittala Apr 9, 2026
0f8d5f9
[GITOPS-9258]: Configurable TLS server settings for argocd and argocd…
akhilnittala Apr 9, 2026
50819de
[GITOPS-9258]: Configurable TLS server settings for argocd and argocd…
akhilnittala Apr 9, 2026
820f50a
[GITOPS-9258]: Configurable TLS server settings for argocd and argocd…
akhilnittala Apr 9, 2026
d4ebec4
Update Makefile
akhilnittala Apr 9, 2026
b75e5f9
[GITOPS-9258]: Configurable TLS server settings for argocd and argocd…
akhilnittala Apr 13, 2026
0b02ab8
[GITOPS-9258]: Configurable TLS server settings for argocd and argocd…
akhilnittala Apr 13, 2026
a52a41d
[GITOPS-9258]: Configurable TLS server settings for argocd and argocd…
akhilnittala Apr 13, 2026
127a922
[GITOPS-9258]: Configurable TLS server settings for argocd and argocd…
akhilnittala Apr 13, 2026
74f8596
Merge branch 'master' into usr/akhil/GITOPS-9260
akhilnittala Apr 13, 2026
46cbcc2
[GITOPS-9258]: Configurable TLS server settings for argocd and argocd…
akhilnittala Apr 14, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 19 additions & 0 deletions api/v1beta1/argocd_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -515,6 +515,9 @@ type ArgoCDRedisSpec struct {

// Remote specifies the remote URL of the Redis container. (optional, by default, a local instance managed by the operator is used.)
Remote *string `json:"remote,omitempty"`

// TlsConfig defines the TLS configuration for the Redis server
TlsConfig *ArgoCDTlsConfig `json:"tlsConfig,omitempty"`
}

func (a *ArgoCDRedisSpec) IsEnabled() bool {
Expand Down Expand Up @@ -600,6 +603,18 @@ type ArgoCDRepoSpec struct {

// Custom certificates to inject into the repo server container and its plugins to trust source hosting sites
SystemCATrust *ArgoCDSystemCATrustSpec `json:"systemCATrust,omitempty"`
// TLS configuration for the repo server
TlsConfig *ArgoCDTlsConfig `json:"tlsConfig,omitempty"`
}

type ArgoCDTlsConfig struct {
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Enum="1.1";"1.2";"1.3";"tls1.1";"tls1.2";"tls1.3";"TLSv1.1";"TLSv1.2";"TLSv1.3"
MinVersion string `json:"minVersion,omitempty"`
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Enum="1.1";"1.2";"1.3";"TLSv1.1";"TLSv1.2";"TLSv1.3";"tls1.1";"tls1.2";"tls1.3"
MaxVersion string `json:"maxVersion,omitempty"`
CipherSuites []string `json:"cipherSuites,omitempty"`
}

func (a *ArgoCDRepoSpec) IsEnabled() bool {
Expand Down Expand Up @@ -734,6 +749,8 @@ type ArgoCDServerSpec struct {

// Custom labels to pods deployed by the operator
Labels map[string]string `json:"labels,omitempty"`
// TLS configuration for the Argo CD Server component
TlsConfig *ArgoCDTlsConfig `json:"tlsConfig,omitempty"`
}

func (a *ArgoCDServerSpec) IsEnabled() bool {
Expand Down Expand Up @@ -1361,6 +1378,8 @@ type PrincipalTLSSpec struct {

// InsecureGenerate is the flag to allow the principal to generate its own set of TLS cert and key on startup when none are configured
InsecureGenerate *bool `json:"insecureGenerate,omitempty"`
// TLS configuration for the repo server
TlsConfig *ArgoCDTlsConfig `json:"tlsConfig,omitempty"`
}

// ArgoCDAgentPrincipalServiceSpec defines the options for the Service backing the ArgoCD Agent Principalcomponent.
Expand Down
40 changes: 40 additions & 0 deletions api/v1beta1/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

129 changes: 129 additions & 0 deletions bundle/manifests/argoproj.io_argocds.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11920,6 +11920,38 @@ spec:
description: SecretName is The name of the secret containing
the TLS certificate and key.
type: string
tlsConfig:
description: TLS configuration for the repo server
properties:
cipherSuites:
items:
type: string
type: array
maxVersion:
enum:
- "1.1"
- "1.2"
- "1.3"
- TLSv1.1
- TLSv1.2
- TLSv1.3
- tls1.1
- tls1.2
- tls1.3
type: string
minVersion:
enum:
- "1.1"
- "1.2"
- "1.3"
- tls1.1
- tls1.2
- tls1.3
- TLSv1.1
- TLSv1.2
- TLSv1.3
type: string
type: object
type: object
type: object
type: object
Expand Down Expand Up @@ -18656,6 +18688,39 @@ spec:
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
type: object
tlsConfig:
description: TlsConfig defines the TLS configuration for the Redis
server
properties:
cipherSuites:
items:
type: string
type: array
maxVersion:
enum:
- "1.1"
- "1.2"
- "1.3"
- TLSv1.1
- TLSv1.2
- TLSv1.3
- tls1.1
- tls1.2
- tls1.3
type: string
minVersion:
enum:
- "1.1"
- "1.2"
- "1.3"
- tls1.1
- tls1.2
- tls1.3
- TLSv1.1
- TLSv1.2
- TLSv1.3
type: string
type: object
version:
description: Version is the Redis container image tag.
type: string
Expand Down Expand Up @@ -22240,6 +22305,38 @@ spec:
x-kubernetes-map-type: atomic
type: array
type: object
tlsConfig:
description: TLS configuration for the repo server
properties:
cipherSuites:
items:
type: string
type: array
maxVersion:
enum:
- "1.1"
- "1.2"
- "1.3"
- TLSv1.1
- TLSv1.2
- TLSv1.3
- tls1.1
- tls1.2
- tls1.3
type: string
minVersion:
enum:
- "1.1"
- "1.2"
- "1.3"
- tls1.1
- tls1.2
- tls1.3
- TLSv1.1
- TLSv1.2
- TLSv1.3
type: string
type: object
verifytls:
description: VerifyTLS defines whether repo server API should
be accessed using strict TLS validation
Expand Down Expand Up @@ -27920,6 +28017,38 @@ spec:
- name
type: object
type: array
tlsConfig:
description: TLS configuration for the Argo CD Server component
properties:
cipherSuites:
items:
type: string
type: array
maxVersion:
enum:
- "1.1"
- "1.2"
- "1.3"
- TLSv1.1
- TLSv1.2
- TLSv1.3
- tls1.1
- tls1.2
- tls1.3
type: string
minVersion:
enum:
- "1.1"
- "1.2"
- "1.3"
- tls1.1
- tls1.2
- tls1.3
- TLSv1.1
- TLSv1.2
- TLSv1.3
type: string
type: object
volumeMounts:
description: VolumeMounts adds volumeMounts to the Argo CD Server
container.
Expand Down
Loading
Loading