ArgoCD using Self signed certificate – Argocd

by
Ali Hasan
argocd boot2docker google-kubernetes-engine jruby-openssl nexus3

Quick Fix: Configure ArgoCD to use a self-signed certificate by creating a certificate with a SAN that identifies the server and adding it to the /ca-certificates folder. Additionally, add the root CA to the docker/cert.d/ folder, modify the daemon.json file to include the insecure registry, and create a secret in the ArgoCD namespace for authentication.

The Solutions:

Solution 1: Using a detailed SAN to create the self-signed certificate

To resolve the issue with certificates in ArgoCD using self-signed certificates, follow these steps:

  1. Create a self-signed certificate with a detailed SAN, including the server name and IP address.
  2. Add the following to the subjectAltName field:
DNS:<server name>, DNS:<localhost>, DNS:<domain name>, IP:<server IP>, IP:<localhost IP>
  1. Add the root CA and server certificate to the /usr/share/ca-certificates folder.
  2. Add the root CA to the /etc/docker/certs.d/<server IP>:<port>/ folder.
  3. Modify the /etc/docker/daemon.json file to include the insecure registry.
  4. Create a secret in the ArgoCD namespace with the docker username, password, and server.
  5. Add an imagePullSecrets tag to the Helm chart deployment file, referencing the secret created in step 6.

Solution 2: Adding Certificate to Host’s Root CAs

When using self-signed certificates, the host doesn’t initially trust the certificates. To resolve this issue, you need to add the self-signed certificate to the host’s list of trusted root certificates:

  1. Convert the PEM certificate to a CRT certificate using the command: 
    openssl x509 -outform der -in ca-cert.pem -out ca-cert.crt
  2. Update the host’s CA certificates using the command: 
    sudo update-ca-certificates
  3. Restart the host or service that requires the certificate to ensure the updated CA certificates are loaded.

With this solution, the host will now recognize the self-signed certificate as trusted, resolving the issue.

Q&A

What is the correct sequence to install self-signed certificate in the host?

  1. Create the certificate and CA. 2. Update the ca-certificates in the host. 3. Add the created certificates to a proxy.

What is the SAN configuration for self-signed certificate?

subjectAltName=DNS:<servername>,DNS:localhost,IP:<ip>

Where is the root CA stored once installed?

In the host’s root CAs, typically in /usr/share/ca-certificates/.

Video Explanation:

The following video, titled "Getting Started with ArgoCD on OpenShift 4 - YouTube", provides additional insights and in-depth exploration related to the topics discussed in this post.

Play video

In this video, Christian Hernandez shows you how to get started with ArgoCD on OpenShift 4 as he deploys an application across two clusters.

Similar Posts

Ingress-NGINX – Set host header dynamically depending on path – Nginx

Bitnami Kafka docker container not starting on Ubuntu – Docker

[Solved] (Azure APGW / SSL certificate) Intermediate certificate is missing in Azure Application Gateway. Wrong certificate? – Azure

[Solved] Argocd Unable to create application: permission denied – Argocd

Dockerfile with java 17 – Java

Segmentation Fault when Using SentenceTransformer Inside Docker Container – Docker

OpenSSL Wrong version number on Ubuntu SSH – Ssl

[Fixed] How to resolve Docker-Engine stopped issue on MAC-OS Ventura? – Docker

[Fixed] Failed build Next.js 13 in Docker container because of relying to another container – Docker

bun not found in Docker, trying to do split base/build image – Docker

© 2024 ProgramingQA. All Rights Reserved.

About Contact Terms Privacy Policy