From 297702f3f3fb7da24264896a7510ff2cd36bc62b Mon Sep 17 00:00:00 2001 From: Ishita Sequeira <46771830+ishitasequeira@users.noreply.github.com> Date: Wed, 6 Sep 2023 06:23:23 -0400 Subject: [PATCH] Add support for tls self signed certs in AppSet Gitlab SCM Provider (#985) * add support for tls self signed certs in AppSet Gitlab SCM Provider Signed-off-by: ishitasequeira * add e2e test Signed-off-by: ishitasequeira * add unit tests Signed-off-by: ishitasequeira * renamed field ScmRootCaPath to SCMRootCaPath Signed-off-by: ishitasequeira * Add documentation and address comments Signed-off-by: ishitasequeira * Address comments Signed-off-by: ishitasequeira --------- Signed-off-by: ishitasequeira --- api/v1beta1/argocd_types.go | 3 + bundle/manifests/argoproj.io_argocds.yaml | 5 ++ common/values.go | 3 + config/crd/bases/argoproj.io_argocds.yaml | 5 ++ controllers/argocd/applicationset.go | 39 +++++++++- controllers/argocd/applicationset_test.go | 36 +++++++-- controllers/argocd/argocd_controller.go | 2 +- controllers/argocd/configmap.go | 8 ++ controllers/argocd/custommapper.go | 28 +++++++ controllers/argocd/util.go | 8 +- .../0.8.0/argoproj.io_argocds.yaml | 5 ++ docs/reference/argocd.md | 19 +++++ .../01-assert.yaml | 75 +++++++++++++++++++ .../01-install.yaml | 56 ++++++++++++++ 14 files changed, 281 insertions(+), 11 deletions(-) create mode 100644 tests/k8s/1-033_validate_applicationset_tls_scm_volume_mount/01-assert.yaml create mode 100644 tests/k8s/1-033_validate_applicationset_tls_scm_volume_mount/01-install.yaml diff --git a/api/v1beta1/argocd_types.go b/api/v1beta1/argocd_types.go index 49af9f7cc..5c55851f4 100644 --- a/api/v1beta1/argocd_types.go +++ b/api/v1beta1/argocd_types.go @@ -159,6 +159,9 @@ type ArgoCDApplicationSet struct { LogLevel string `json:"logLevel,omitempty"` WebhookServer WebhookServerSpec `json:"webhookServer,omitempty"` + + // SCMRootCAConfigMap is the name of the config map that stores the Gitlab SCM Provider's TLS certificate which will be mounted on the ApplicationSet Controller (optional). + SCMRootCAConfigMap string `json:"scmRootCAConfigMap,omitempty"` } // ArgoCDCASpec defines the CA options for ArgCD. diff --git a/bundle/manifests/argoproj.io_argocds.yaml b/bundle/manifests/argoproj.io_argocds.yaml index 6ec5ab017..f0a7218e7 100644 --- a/bundle/manifests/argoproj.io_argocds.yaml +++ b/bundle/manifests/argoproj.io_argocds.yaml @@ -6655,6 +6655,11 @@ spec: to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + scmRootCAConfigMap: + description: SCMRootCAConfigMap is the name of the config map + that stores the Gitlab SCM Provider's TLS certificate which + will be mounted on the ApplicationSet Controller (optional). + type: string version: description: Version is the Argo CD ApplicationSet image tag. (optional) diff --git a/common/values.go b/common/values.go index da6707919..9c3adda5c 100644 --- a/common/values.go +++ b/common/values.go @@ -77,6 +77,9 @@ const ( // ArgoCDTLSCertsConfigMapName is the upstream hard-coded TLS certificate data ConfigMap name. ArgoCDTLSCertsConfigMapName = "argocd-tls-certs-cm" + // ArgoCDAppSetGitlabSCMTLSCertsConfigMapName is the hard-coded ApplicationSet Gitlab SCM TLS certificate data ConfigMap name. + ArgoCDAppSetGitlabSCMTLSCertsConfigMapName = "argocd-appset-gitlab-scm-tls-certs-cm" + // ArgoCDRedisServerTLSSecretName is the name of the TLS secret for the redis-server ArgoCDRedisServerTLSSecretName = "argocd-operator-redis-tls" diff --git a/config/crd/bases/argoproj.io_argocds.yaml b/config/crd/bases/argoproj.io_argocds.yaml index 3674c2001..c00bc7677 100644 --- a/config/crd/bases/argoproj.io_argocds.yaml +++ b/config/crd/bases/argoproj.io_argocds.yaml @@ -6646,6 +6646,11 @@ spec: to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + scmRootCAConfigMap: + description: SCMRootCAConfigMap is the name of the config map + that stores the Gitlab SCM Provider's TLS certificate which + will be mounted on the ApplicationSet Controller (optional). + type: string version: description: Version is the Argo CD ApplicationSet image tag. (optional) diff --git a/controllers/argocd/applicationset.go b/controllers/argocd/applicationset.go index 3aa0e19ec..8e3f62205 100644 --- a/controllers/argocd/applicationset.go +++ b/controllers/argocd/applicationset.go @@ -33,6 +33,10 @@ import ( "github.com/argoproj-labs/argocd-operator/controllers/argoutil" ) +const ( + ApplicationSetGitlabSCMTlsCertPath = "/app/tls/scm/cert" +) + // getArgoApplicationSetCommand will return the command for the ArgoCD ApplicationSet component. func getArgoApplicationSetCommand(cr *argoproj.ArgoCD) []string { cmd := make([]string, 0) @@ -46,6 +50,11 @@ func getArgoApplicationSetCommand(cr *argoproj.ArgoCD) []string { cmd = append(cmd, "--loglevel") cmd = append(cmd, getLogLevel(cr.Spec.ApplicationSet.LogLevel)) + if cr.Spec.ApplicationSet.SCMRootCAConfigMap != "" { + cmd = append(cmd, "--scm-root-ca-path") + cmd = append(cmd, ApplicationSetGitlabSCMTlsCertPath) + } + // ApplicationSet command arguments provided by the user extraArgs := cr.Spec.ApplicationSet.ExtraCommandArgs err := isMergable(extraArgs, cmd) @@ -144,9 +153,26 @@ func (r *ReconcileArgoCD) reconcileApplicationSetDeployment(cr *argoproj.ArgoCD, }, }, } + addSCMGitlabVolumeMount := false + if scmRootCAConfigMapName := getSCMRootCAConfigMapName(cr); scmRootCAConfigMapName != "" { + cm := newConfigMapWithName(scmRootCAConfigMapName, cr) + if argoutil.IsObjectFound(r.Client, cr.Namespace, cr.Spec.ApplicationSet.SCMRootCAConfigMap, cm) { + addSCMGitlabVolumeMount = true + podSpec.Volumes = append(podSpec.Volumes, corev1.Volume{ + Name: "appset-gitlab-scm-tls-cert", + VolumeSource: corev1.VolumeSource{ + ConfigMap: &corev1.ConfigMapVolumeSource{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: common.ArgoCDAppSetGitlabSCMTLSCertsConfigMapName, + }, + }, + }, + }) + } + } podSpec.Containers = []corev1.Container{ - applicationSetContainer(cr), + applicationSetContainer(cr, addSCMGitlabVolumeMount), } AddSeccompProfileForOpenShift(r.Client, podSpec) @@ -185,7 +211,7 @@ func (r *ReconcileArgoCD) reconcileApplicationSetDeployment(cr *argoproj.ArgoCD, } -func applicationSetContainer(cr *argoproj.ArgoCD) corev1.Container { +func applicationSetContainer(cr *argoproj.ArgoCD, addSCMGitlabVolumeMount bool) corev1.Container { // Global proxy env vars go first appSetEnv := []corev1.EnvVar{{ Name: "NAMESPACE", @@ -202,7 +228,7 @@ func applicationSetContainer(cr *argoproj.ArgoCD) corev1.Container { // Environment specified in the CR take precedence over everything else appSetEnv = argoutil.EnvMerge(appSetEnv, proxyEnvVars(), false) - return corev1.Container{ + container := corev1.Container{ Command: getArgoApplicationSetCommand(cr), Env: appSetEnv, Image: getApplicationSetContainerImage(cr), @@ -252,6 +278,13 @@ func applicationSetContainer(cr *argoproj.ArgoCD) corev1.Container { RunAsNonRoot: boolPtr(true), }, } + if addSCMGitlabVolumeMount { + container.VolumeMounts = append(container.VolumeMounts, corev1.VolumeMount{ + Name: "appset-gitlab-scm-tls-cert", + MountPath: ApplicationSetGitlabSCMTlsCertPath, + }) + } + return container } func (r *ReconcileArgoCD) reconcileApplicationSetServiceAccount(cr *argoproj.ArgoCD) (*corev1.ServiceAccount, error) { diff --git a/controllers/argocd/applicationset_test.go b/controllers/argocd/applicationset_test.go index d09f29d3f..9a7022baf 100644 --- a/controllers/argocd/applicationset_test.go +++ b/controllers/argocd/applicationset_test.go @@ -27,6 +27,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" + "sigs.k8s.io/controller-runtime/pkg/client" logf "sigs.k8s.io/controller-runtime/pkg/log" argoproj "github.com/argoproj-labs/argocd-operator/api/v1beta1" @@ -92,14 +93,14 @@ func TestReconcileApplicationSet_CreateDeployments(t *testing.T) { deployment)) // Ensure the created Deployment has the expected properties - checkExpectedDeploymentValues(t, deployment, &sa, a) + checkExpectedDeploymentValues(t, r, deployment, &sa, a) } -func checkExpectedDeploymentValues(t *testing.T, deployment *appsv1.Deployment, sa *corev1.ServiceAccount, a *argoproj.ArgoCD) { +func checkExpectedDeploymentValues(t *testing.T, r *ReconcileArgoCD, deployment *appsv1.Deployment, sa *corev1.ServiceAccount, a *argoproj.ArgoCD) { assert.Equal(t, deployment.Spec.Template.Spec.ServiceAccountName, sa.ObjectMeta.Name) appsetAssertExpectedLabels(t, &deployment.ObjectMeta) - want := []corev1.Container{applicationSetContainer(a)} + want := []corev1.Container{applicationSetContainer(a, false)} if diff := cmp.Diff(want, deployment.Spec.Template.Spec.Containers); diff != "" { t.Fatalf("failed to reconcile applicationset-controller deployment containers:\n%s", diff) @@ -150,6 +151,19 @@ func checkExpectedDeploymentValues(t *testing.T, deployment *appsv1.Deployment, }, } + if a.Spec.ApplicationSet.SCMRootCAConfigMap != "" && argoutil.IsObjectFound(r.Client, a.Namespace, common.ArgoCDAppSetGitlabSCMTLSCertsConfigMapName, a) { + volumes = append(volumes, corev1.Volume{ + Name: "appset-gitlab-scm-tls-cert", + VolumeSource: corev1.VolumeSource{ + ConfigMap: &corev1.ConfigMapVolumeSource{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: common.ArgoCDAppSetGitlabSCMTLSCertsConfigMapName, + }, + }, + }, + }) + } + if diff := cmp.Diff(volumes, deployment.Spec.Template.Spec.Volumes); diff != "" { t.Fatalf("failed to reconcile applicationset-controller deployment volumes:\n%s", diff) } @@ -261,7 +275,7 @@ func TestReconcileApplicationSet_UpdateExistingDeployments(t *testing.T) { deployment)) // Ensure the updated Deployment has the expected properties - checkExpectedDeploymentValues(t, deployment, &sa, a) + checkExpectedDeploymentValues(t, r, deployment, &sa, a) } @@ -287,7 +301,7 @@ func TestReconcileApplicationSet_Deployments_resourceRequirements(t *testing.T) assert.Equal(t, deployment.Spec.Template.Spec.ServiceAccountName, sa.ObjectMeta.Name) appsetAssertExpectedLabels(t, &deployment.ObjectMeta) - containerWant := []corev1.Container{applicationSetContainer(a)} + containerWant := []corev1.Container{applicationSetContainer(a, false)} if diff := cmp.Diff(containerWant, deployment.Spec.Template.Spec.Containers); diff != "" { t.Fatalf("failed to reconcile argocd-server deployment:\n%s", diff) @@ -346,6 +360,14 @@ func TestReconcileApplicationSet_Deployments_SpecOverride(t *testing.T) { envVars: map[string]string{common.ArgoCDImageEnvName: "custom-env-image"}, expectedContainerImage: "custom-image:custom-version", }, + { + name: "ensure scm tls cert mount is present", + appSetField: &argoproj.ArgoCDApplicationSet{ + SCMRootCAConfigMap: "test-scm-tls-mount", + }, + envVars: map[string]string{common.ArgoCDImageEnvName: "custom-env-image"}, + expectedContainerImage: "custom-env-image", + }, } for _, test := range tests { @@ -357,6 +379,8 @@ func TestReconcileApplicationSet_Deployments_SpecOverride(t *testing.T) { a := makeTestArgoCD() r := makeTestReconciler(t, a) + cm := newConfigMapWithName(getCAConfigMapName(a), a) + r.Client.Create(context.Background(), cm, &client.CreateOptions{}) a.Spec.ApplicationSet = test.appSetField @@ -374,7 +398,7 @@ func TestReconcileApplicationSet_Deployments_SpecOverride(t *testing.T) { specImage := deployment.Spec.Template.Spec.Containers[0].Image assert.Equal(t, test.expectedContainerImage, specImage) - + checkExpectedDeploymentValues(t, r, deployment, &sa, a) }) } diff --git a/controllers/argocd/argocd_controller.go b/controllers/argocd/argocd_controller.go index 642dc405c..85cd17e48 100644 --- a/controllers/argocd/argocd_controller.go +++ b/controllers/argocd/argocd_controller.go @@ -198,6 +198,6 @@ func (r *ReconcileArgoCD) Reconcile(ctx context.Context, request ctrl.Request) ( // SetupWithManager sets up the controller with the Manager. func (r *ReconcileArgoCD) SetupWithManager(mgr ctrl.Manager) error { bldr := ctrl.NewControllerManagedBy(mgr) - r.setResourceWatches(bldr, r.clusterResourceMapper, r.tlsSecretMapper, r.namespaceResourceMapper, r.clusterSecretResourceMapper) + r.setResourceWatches(bldr, r.clusterResourceMapper, r.tlsSecretMapper, r.namespaceResourceMapper, r.clusterSecretResourceMapper, r.applicationSetSCMTLSConfigMapMapper) return bldr.Complete(r) } diff --git a/controllers/argocd/configmap.go b/controllers/argocd/configmap.go index 5d64fab95..e8f6e5a51 100644 --- a/controllers/argocd/configmap.go +++ b/controllers/argocd/configmap.go @@ -63,6 +63,14 @@ func getCAConfigMapName(cr *argoproj.ArgoCD) string { return nameWithSuffix(common.ArgoCDCASuffix, cr) } +// getSCMRootCAConfigMapName will return the SCMRootCA ConfigMap name for the given ArgoCD ApplicationSet Controller. +func getSCMRootCAConfigMapName(cr *argoproj.ArgoCD) string { + if cr.Spec.ApplicationSet.SCMRootCAConfigMap != "" && len(cr.Spec.ApplicationSet.SCMRootCAConfigMap) > 0 { + return cr.Spec.ApplicationSet.SCMRootCAConfigMap + } + return "" +} + // getConfigManagementPlugins will return the config management plugins for the given ArgoCD. func getConfigManagementPlugins(cr *argoproj.ArgoCD) string { plugins := common.ArgoCDDefaultConfigManagementPlugins diff --git a/controllers/argocd/custommapper.go b/controllers/argocd/custommapper.go index 502373571..f97e6db19 100644 --- a/controllers/argocd/custommapper.go +++ b/controllers/argocd/custommapper.go @@ -182,3 +182,31 @@ func (r *ReconcileArgoCD) clusterSecretResourceMapper(o client.Object) []reconci return result } + +// applicationSetSCMTLSConfigMapMapper maps a watch event on a configmap with name "argocd-appset-gitlab-scm-tls-certs-cm", +// back to the ArgoCD object that we want to reconcile. +func (r *ReconcileArgoCD) applicationSetSCMTLSConfigMapMapper(o client.Object) []reconcile.Request { + var result = []reconcile.Request{} + + if o.GetName() == common.ArgoCDAppSetGitlabSCMTLSCertsConfigMapName { + argocds := &argoproj.ArgoCDList{} + if err := r.Client.List(context.TODO(), argocds, &client.ListOptions{Namespace: o.GetNamespace()}); err != nil { + return result + } + + if len(argocds.Items) != 1 { + return result + } + + argocd := argocds.Items[0] + namespacedName := client.ObjectKey{ + Name: argocd.Name, + Namespace: argocd.Namespace, + } + result = []reconcile.Request{ + {NamespacedName: namespacedName}, + } + } + + return result +} diff --git a/controllers/argocd/util.go b/controllers/argocd/util.go index 687189b6c..17680c131 100644 --- a/controllers/argocd/util.go +++ b/controllers/argocd/util.go @@ -931,7 +931,7 @@ func removeString(slice []string, s string) []string { } // setResourceWatches will register Watches for each of the supported Resources. -func (r *ReconcileArgoCD) setResourceWatches(bldr *builder.Builder, clusterResourceMapper, tlsSecretMapper, namespaceResourceMapper, clusterSecretResourceMapper handler.MapFunc) *builder.Builder { +func (r *ReconcileArgoCD) setResourceWatches(bldr *builder.Builder, clusterResourceMapper, tlsSecretMapper, namespaceResourceMapper, clusterSecretResourceMapper, applicationSetGitlabSCMTLSConfigMapMapper handler.MapFunc) *builder.Builder { deploymentConfigPred := predicate.Funcs{ UpdateFunc: func(e event.UpdateEvent) bool { @@ -1046,12 +1046,18 @@ func (r *ReconcileArgoCD) setResourceWatches(bldr *builder.Builder, clusterResou clusterSecretResourceHandler := handler.EnqueueRequestsFromMapFunc(clusterSecretResourceMapper) + appSetGitlabSCMTLSConfigMapHandler := handler.EnqueueRequestsFromMapFunc(applicationSetGitlabSCMTLSConfigMapMapper) + tlsSecretHandler := handler.EnqueueRequestsFromMapFunc(tlsSecretMapper) bldr.Watches(&source.Kind{Type: &v1.ClusterRoleBinding{}}, clusterResourceHandler) bldr.Watches(&source.Kind{Type: &v1.ClusterRole{}}, clusterResourceHandler) + bldr.Watches(&source.Kind{Type: &corev1.ConfigMap{ObjectMeta: metav1.ObjectMeta{ + Name: common.ArgoCDAppSetGitlabSCMTLSCertsConfigMapName, + }}}, appSetGitlabSCMTLSConfigMapHandler) + // Watch for secrets of type TLS that might be created by external processes bldr.Watches(&source.Kind{Type: &corev1.Secret{Type: corev1.SecretTypeTLS}}, tlsSecretHandler) diff --git a/deploy/olm-catalog/argocd-operator/0.8.0/argoproj.io_argocds.yaml b/deploy/olm-catalog/argocd-operator/0.8.0/argoproj.io_argocds.yaml index 6ec5ab017..f0a7218e7 100644 --- a/deploy/olm-catalog/argocd-operator/0.8.0/argoproj.io_argocds.yaml +++ b/deploy/olm-catalog/argocd-operator/0.8.0/argoproj.io_argocds.yaml @@ -6655,6 +6655,11 @@ spec: to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + scmRootCAConfigMap: + description: SCMRootCAConfigMap is the name of the config map + that stores the Gitlab SCM Provider's TLS certificate which + will be mounted on the ApplicationSet Controller (optional). + type: string version: description: Version is the Argo CD ApplicationSet image tag. (optional) diff --git a/docs/reference/argocd.md b/docs/reference/argocd.md index 53112b10e..4bb5f1b74 100644 --- a/docs/reference/argocd.md +++ b/docs/reference/argocd.md @@ -85,6 +85,7 @@ Resources | [Empty] | The container compute resources. LogLevel | info | The log level to be used by the ArgoCD Application Controller component. Valid options are debug, info, error, and warn. LogFormat | text | The log format to be used by the ArgoCD Application Controller component. Valid options are text or json. ParallelismLimit | 10 | The kubectl parallelism limit to set for the controller (`--kubectl-parallelism-limit` flag) +SCMRootCAConfigMap (#add-tls-certificate-for-gitlab-scm-provider-to-applicationsets-controller) | [Empty] | The name of the config map that stores the Gitlab SCM Provider's TLS certificate which will be mounted on the ApplicationSet Controller at `"/app/tls/scm/cert"` path. ### ApplicationSet Controller Example @@ -119,6 +120,24 @@ spec: - bar ``` +### Add Self signed TLS Certificate for Gitlab SCM Provider to ApplicationSets Controller + +ApplicationSetController added a new option `--scm-root-ca-path` and expects the self-signed TLS certificate to be mounted on the path specified and to be used for Gitlab SCM Provider and Gitlab Pull Request Provider. To set this option, you can store the certificate in the config map and specify the config map name using `spec.applicationSet.SCMRootCAConfigMap` in ArgoCD CR. When the parameter `spec.applicationSet.SCMRootCAConfigMap` is set in ArgoCD CR, the operator checks for ConfigMap in the same namespace as the ArgoCD instance and mounts the Certificate stored in ConfigMap to ApplicationSet Controller pods at the path `/app/tls/scm/cert`. + +Below example shows how a user can add scmRootCaPath to the ApplicationSet controller. +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: ArgoCD +metadata: + name: example-argocd + labels: + example: applicationset +spec: + applicationSet: + SCMRootCAConfigMap: example-gitlab-scm-tls-cert +``` + + ## Config Management Plugins Configuration to add a config management plugin. This property maps directly to the `configManagementPlugins` field in the `argocd-cm` ConfigMap. diff --git a/tests/k8s/1-033_validate_applicationset_tls_scm_volume_mount/01-assert.yaml b/tests/k8s/1-033_validate_applicationset_tls_scm_volume_mount/01-assert.yaml new file mode 100644 index 000000000..38eee67c7 --- /dev/null +++ b/tests/k8s/1-033_validate_applicationset_tls_scm_volume_mount/01-assert.yaml @@ -0,0 +1,75 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +timeout: 120 +--- +apiVersion: argoproj.io/v1beta1 +kind: ArgoCD +metadata: + name: argocd + namespace: test-1-32-appsets-scm-tls-mount +spec: + applicationSet: + scmRootCAConfigMap: test-1-32-appsets-scm-tls-cm +status: + phase: Available +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: argocd-applicationset-controller + namespace: test-1-32-appsets-scm-tls-mount + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/managed-by: argocd + app.kubernetes.io/name: argocd-applicationset-controller + app.kubernetes.io/part-of: argocd-applicationset +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-applicationset-controller + template: + spec: + containers: + - command: + - entrypoint.sh + - argocd-applicationset-controller + - --argocd-repo-server + - argocd-repo-server.test-1-32-appsets-scm-tls-mount.svc.cluster.local:8081 + - --loglevel + - info + - --scm-root-ca-path + - /app/tls/scm/cert + volumeMounts: + - mountPath: /app/config/ssh + name: ssh-known-hosts + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/gpg/source + name: gpg-keys + - mountPath: /app/config/gpg/keys + name: gpg-keyring + - mountPath: /tmp + name: tmp + - mountPath: /app/tls/scm/cert + name: appset-gitlab-scm-tls-cert + volumes: + - configMap: + defaultMode: 420 + name: argocd-ssh-known-hosts-cm + name: ssh-known-hosts + - configMap: + defaultMode: 420 + name: argocd-tls-certs-cm + name: tls-certs + - configMap: + defaultMode: 420 + name: argocd-gpg-keys-cm + name: gpg-keys + - emptyDir: {} + name: gpg-keyring + - emptyDir: {} + name: tmp + - configMap: + defaultMode: 420 + name: argocd-appset-gitlab-scm-tls-certs-cm + name: appset-gitlab-scm-tls-cert diff --git a/tests/k8s/1-033_validate_applicationset_tls_scm_volume_mount/01-install.yaml b/tests/k8s/1-033_validate_applicationset_tls_scm_volume_mount/01-install.yaml new file mode 100644 index 000000000..8895fecb2 --- /dev/null +++ b/tests/k8s/1-033_validate_applicationset_tls_scm_volume_mount/01-install.yaml @@ -0,0 +1,56 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: test-1-32-appsets-scm-tls-mount +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: test-1-32-appsets-scm-tls-cm + namespace: test-1-32-appsets-scm-tls-mount +data: + cert: | + -----BEGIN CERTIFICATE----- + AIIEBCCA7+gAwIBAgIUQdTcSHY2Sxd3Tq/v1eIEZPCNbOowDQYJKoZIhvcNAQEL + BQAwezELMAkGA1UEBhMCREUxFTATBgNVBAgMDExvd2VyIFNheG9ueTEQMA4GA1UE + BwwHSGFub3ZlcjEVMBMGA1UECgwMVGVzdGluZyBDb3JwMRIwEAYDVQQLDAlUZXN0 + c3VpdGUxGDAWBrNVBAMMD2Jhci5leGFtcGxlLmNvbTAeFw0xOTA3MDgxMzU2MTda + Fw0yMDA3MDcxMzU2MTdaMHsxCzAJBgNVBAYTAkRFMRUwEwYDVQQIDAxMb3dlciBT + YXhvbnkxEDAOBgNVBAcMB0hhbm92ZXIxFTATBgNVBAoMDFRlc3RpbmcgQ29ycDES + MBAGA1UECwwJVGVzdHN1aXRlMRgwFgYDVQQDDA9iYXIuZXhhbXBsZS5jb20wggIi + MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCv4mHMdVUcafmaSHVpUM0zZWp5 + NFXfboxA4inuOkE8kZlbGSe7wiG9WqLirdr39Ts+WSAFA6oANvbzlu3JrEQ2CHPc + CNQm6diPREFwcDPFCe/eMawbwkQAPVSHPts0UoRxnpZox5pn69ghncBR+jtvx+/u + P6HdwW0qqTvfJnfAF1hBJ4oIk2AXiip5kkIznsAh9W6WRy6nTVCeetmIepDOGe0G + ZJIRn/OfSz7NzKylfDCat2z3EAutyeT/5oXZoWOmGg/8T7pn/pR588GoYYKRQnp+ + YilqCPFX+az09EqqK/iHXnkdZ/Z2fCuU+9M/Zhrnlwlygl3RuVBI6xhm/ZsXtL2E + Gxa61lNy6pyx5+hSxHEFEJshXLtioRd702VdLKxEOuYSXKeJDs1x9o6cJ75S6hko + Ml1L4zCU+xEsMcvb1iQ2n7PZdacqhkFRUVVVmJ56th8aYyX7KNX6M9CD+kMpNm6J + kKC1li/Iy+RI138bAvaFplajMF551kt44dSvIoJIbTr1LigudzWPqk31QaZXV/4u + kD1n4p/XMc9HYU/was/CmQBFqmIZedTLTtK7clkuFN6wbwzdo1wmUNgnySQuMacO + gxhHxxzRWxd24uLyk9Px+9U3BfVPaRLiOPaPoC58lyVOykjSgfpgbus7JS69fCq7 + bEH4Jatp/10zkco+UQIDAQABo1MwUTAdBgNVHQ4EFgQUjXH6PHi92y4C4hQpey86 + r6+x1ewwHwYDVR0jBBgwFoAUjXH6PHi92y4C4hQpey86r6+x1ewwDwYDVR0TAQH/ + BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFE4SdKsX9UsLy+Z0xuHSxhTd0jfn + Iih5mtzb8CDNO5oTw4z0aMeAvpsUvjJ/XjgxnkiRACXh7K9hsG2r+ageRWGevyvx + CaRXFbherV1kTnZw4Y9/pgZTYVWs9jlqFOppz5sStkfjsDQ5lmPJGDii/StENAz2 + XmtiPOgfG9Upb0GAJBCuKnrU9bIcT4L20gd2F4Y14ccyjlf8UiUi192IX6yM9OjT + +TuXwZgqnTOq6piVgr+FTSa24qSvaXb5z/mJDLlk23npecTouLg83TNSn3R6fYQr + d/Y9eXuUJ8U7/qTh2Ulz071AO9KzPOmleYPTx4Xty4xAtWi1QE5NHW9/Ajlv5OtO + OnMNWIs7ssDJBsB7VFC8hcwf79jz7kC0xmQqDfw51Xhhk04kla+v+HZcFW2AO9so + 6ZdVHHQnIbJa7yQJKZ+hK49IOoBR6JgdB5kymoplLLiuqZSYTcwSBZ72FYTm3iAr + jzvt1hxpxVDmXvRnkhRrIRhK4QgJL0jRmirBjDY+PYYd7bdRIjN7WNZLFsgplnS8 + 9w6CwG32pRlm0c8kkiQ7FXA6BYCqOsDI8f1VGQv331OpR2Ck+FTv+L7DAmg6l37W + AIIEBCCA7+gAwIBAgIUQdTcSHY2Sxd3Tq/v1eIEZPCNbOowDQYJKoZIhvcNAQEL + XWyb96wrUlv+E8I= + -----END CERTIFICATE----- + +--- +apiVersion: argoproj.io/v1beta1 +kind: ArgoCD +metadata: + name: argocd + namespace: test-1-32-appsets-scm-tls-mount +spec: + applicationSet: + scmRootCAConfigMap: test-1-32-appsets-scm-tls-cm \ No newline at end of file