-
Notifications
You must be signed in to change notification settings - Fork 288
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change TLS termination to Reencrypt and Redirect on Insecure #644
base: master
Are you sure you want to change the base?
Conversation
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Hi @supernovae. Thanks for your PR. I'm waiting for a redhat-developer member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Signed-off-by: Byron Miller (MOBB) <[email protected]>
Signed-off-by: Byron Miller (MOBB) <[email protected]>
0f33837
to
e8dd445
Compare
/ok-to-test |
@supernovae: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
What type of PR is this?
What does this PR do / why we need it:
When this operator is installed, the default route created is pass through so users get an invalid certificate warning since the gitops secret for tls is a generic.
Lots of corporate managed browsers do NOT let users bypass invalid certificates through accepting cert or typing "thisisunsafe"
Default behavior for fresh install should be a working route using the apps* route.
Have you updated the necessary documentation?
No documentation necessary, without this PR, we should have a documentation bug. So if this isn't approved, we should update our docs on how to either update the certificate or update the CRD to use reencrypt.
Which issue(s) this PR fixes:
Fixes # GITOPS-3839
Test acceptance criteria:
How to test changes / Special notes to the reviewer:
Install operator, configure gitops CRD and open default link to ArgoCD - should no longer get SSL warning or blocked browser warning.