Allow connecting from the Notification Controller to the Repo Server without TLS #19629
Labels
enhancement
New feature or request
Comments
14 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
All of the Argo CD components I have worked with have a way to disable TLS between each other via the
argocd-cmd-params-cmConfigMap. One issue I've run into is, when calling.repo.GetCommitMetadatain notifications templates, it tries to reach out to the Repo Server over TLS. There does not seem to be an easy way to disable it, short of overlaying the notifications template deployment itself and adding a command line flag.Motivation
This is necessary for environments where Istio is managing mutual TLS between each component (#2784).
Proposal
Similar to the other controllers, we can add
notificationscontroller.repo.server.plaintextto theargocd-cmd-params-cmConfigMap, and then in the deployment template, map that to theARGOCD_NOTIFICATION_CONTROLLER_REPO_SERVER_PLAINTEXTenvironment variable. In the go code for the notifications controller, we can attach this to&argocdRepoServerPlaintext. I'm proposing a singular "NOTIFICATION" here to match the existingARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_ENABLED, but happy to change it.It should be a small change so I'm happy to make a PR.
The text was updated successfully, but these errors were encountered: