Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

notifications-controller doesn't trust certs from argocd-tls-certs-cm configmap #15392

Closed
svghadi opened this issue Sep 7, 2023 · 0 comments · Fixed by #15394
Closed

notifications-controller doesn't trust certs from argocd-tls-certs-cm configmap #15392

svghadi opened this issue Sep 7, 2023 · 0 comments · Fixed by #15394
Labels
bug Something isn't working

Comments

@svghadi
Copy link
Contributor

svghadi commented Sep 7, 2023

Describe the bug
notifications-controller doesn't trust custom certs added into argocd-tls-certs-cm causing failures to send notifications to webhook endpoints with self-signed/custom certificates.

To Reproduce

  1. Configure notification in argocd-notifications-cm 
    apiVersion: v1
kind: ConfigMap
metadata:
  name: argocd-notifications-cm
data:
  service.webhook.display: |-
    url: https://<endpoint-with-custom-cert>
  trigger.on-created: |-
    - description: Application is created.
      oncePer: app.metadata.name
      send:
      - app-created
      when: "true"
  2. Add custom tls cert in argocd-tls-certs-cm
  3. Restart the notifications-controller deployment
  4. Create an application with following annotation 
    annotations:
  notifications.argoproj.io/subscribe.on-created.display: ""
  5. Check notifications-controller deployment for tls: failed to verify certificate: x509

Expected behavior

notifications-controller should send notifications successfully to endpoint by trusting custom certs from argocd-tls-certs-cm configmap

Version

latest/master

Logs

time="2023-09-07T05:01:49Z" level=info msg="Start processing" resource=argocd-e2e/new-app
time="2023-09-07T05:01:49Z" level=info msg="Trigger on-created result: [{[0].X_5TO4MPCKAyY0ipFgr6_IraRNs new-app [app-created] true}]" resource=argocd-e2e/new-app
time="2023-09-07T05:01:49Z" level=info msg="Sending notification about condition 'on-created.[0].X_5TO4MPCKAyY0ipFgr6_IraRNs' to '{display }' using the configuration in namespace argocd-e2e" resource=argocd-e2e/new-app
time="2023-09-07T05:01:49Z" level=error msg="Failed to notify recipient {display } defined in resource argocd-e2e/new-app: Get \"https://endpoint.webhook/hooks/display\": tls: failed to verify certificate: x509: certificate signed by unknown authority using the configuration in namespace argocd-e2e" resource=argocd-e2e/new-app
time="2023-09-07T05:01:49Z" level=info msg="Processing completed" resource=argocd-e2e/new-app

Additional Info
The certs from argocd-tls-certs-cm are correctly mounted into notifications-controller pod at /app/config/tls path however seems like controller is not reading them.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
1 participant
@svghadi