openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
enterprise-4.21
openshift-docs/modules/gitops-configuring-tls-for-redis-with-autotls-enabled.adoc
dfitzmau ae8bd5136e add-content-type-modules
2025-08-12 09:20:08 +00:00

113 lines
4.0 KiB
Plaintext
Raw Permalink Blame History

// Module is included in the following assemblies:
//
// * /cicd/gitops/configuring-secure-communication-with-redis.adoc
:_mod-docs-content-type: PROCEDURE
[id="gitops-configuring-tls-for-redis-with-autotls-enabled_{context}"]
= Configuring TLS for Redis with autotls enabled
You can configure TLS encryption for Redis by enabling the `autotls` setting on a new or already existing Argo CD instance. The configuration automatically provisions the `argocd-operator-redis-tls` secret and does not require further steps. Currently, {product-title} is the only supported secret provider.
[NOTE]
====
By default, the `autotls` setting is disabled.
====
.Procedure
. Log in to the {product-title} web console.
. Create an Argo CD instance with `autotls` enabled:
.. In the *Administrator* perspective of the web console, use the left navigation panel to go to *Administration* -> *CustomResourceDefinitions*.
.. Search for `argocds.argoproj.io` and click `ArgoCD` custom resource definition (CRD).
.. On the *CustomResourceDefinition details* page, click the *Instances* tab, and then click *Create ArgoCD*.
.. Edit or replace the YAML similar to the following example:
+
.Example Argo CD CR with autotls enabled
[source,yaml]
----
apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
name: argocd <1>
namespace: openshift-gitops <2>
spec:
redis:
autotls: openshift <3>
ha:
enabled: true <4>
----
<1> The name of the Argo CD instance.
<2> The namespace where you want to run the Argo CD instance.
<3> The flag that enables the `autotls` setting and creates a TLS certificate for Redis.
<4> The flag value that enables the HA feature. If you do not want to enable HA, do not include this line or set the flag value as `false`.
+
[TIP]
====
Alternatively, you can enable the `autotls` setting on an already existing Argo CD instance by running the following command:
[source,terminal]
----
$ oc patch argocds.argoproj.io <instance-name> --type=merge -p '{"spec":{"redis":{"autotls":"openshift"}}}'
----
====
.. Click *Create*.
.. Verify that the Argo CD pods are ready and running:
+
[source,terminal]
----
$ oc get pods -n <namespace> <1>
----
<1> Specify a namespace where the Argo CD instance is running, for example `openshift-gitops`.
+
.Example output with HA disabled
[source,terminal]
----
NAME READY STATUS RESTARTS AGE
argocd-application-controller-0 1/1 Running 0 26s
argocd-redis-84b77d4f58-vp6zm 1/1 Running 0 37s
argocd-repo-server-5b959b57f4-znxjq 1/1 Running 0 37s
argocd-server-6b8787d686-wv9zh 1/1 Running 0 37s
----
+
[NOTE]
====
The HA-enabled TLS configuration requires a cluster with at least three worker nodes. It can take a few minutes for the output to appear if you have enabled the Argo CD instances with HA configuration.
====
+
.Example output with HA enabled
[source,terminal]
----
NAME READY STATUS RESTARTS AGE
argocd-application-controller-0 1/1 Running 0 10m
argocd-redis-ha-haproxy-669757fdb7-5xg8h 1/1 Running 0 10m
argocd-redis-ha-server-0 2/2 Running 0 9m9s
argocd-redis-ha-server-1 2/2 Running 0 98s
argocd-redis-ha-server-2 2/2 Running 0 53s
argocd-repo-server-576499d46d-8hgbh 1/1 Running 0 10m
argocd-server-9486f88b7-dk2ks 1/1 Running 0 10m
----
. Verify that the `argocd-operator-redis-tls` secret is created:
+
[source,terminal]
----
$ oc get secrets argocd-operator-redis-tls -n <namespace> <1>
----
<1> Specify a namespace where the Argo CD instance is running, for example `openshift-gitops`.
+
.Example output
[source,terminal]
----
NAME TYPE DATA AGE
argocd-operator-redis-tls kubernetes.io/tls 2 30s
----
+
The secret must be of the `kubernetes.io/tls` type and a size of `2`.
View Git Blame Copy Permalink