Argo-cd: [Feature] Allow adding private repositories with Custom CA via UI

This would be a good issue for community contribution.

PR #1807 introduced ability to skip TLS verification for repositories as well as an API for managing custom repository certificates, so implementing it in the UI should now be a piece of cake for the frontend cracks :) Unfortunately, I'm allergic to JavaScript, but the foundation is there now.

I haven't been able to use ArgoCD because of this issue. Even when the host has the CA as trusted. The workloads seem to be running their own CA copies.

You can use the CLI or use declarative configuration to perform the necessary changes. You might want to check out https://argoproj.github.io/argo-cd/user-guide/private-repositories/#self-signed-untrusted-tls-certificates and https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#repositories-using-self-signed-tls-certificates-or-are-signed-by-custom-ca for further pointers. It's not in the release yet, and I don't know the actual milestone for it, but it's in latest and you can give it a try.

@gabrielcalderon You might want to checkout PR #1979 which partly addresses your feature request (skip server certificate verification via UI). Adding custom CA certificates is a whole different beast - maybe we'll get the UI to feature parity with the CLI in this regard, but it'll definitely take some time.

@jannfis How about adding a field for pasting the CA in the UI?

I'm using Helm to install ArgoCD, I tried modifying the deployments as the operational guide says but it doesnt work.

Another option could be to add support for Custom CA as a secret to ArgoCD Helm Charts?

@jannfis How about adding a field for pasting the CA in the UI?

I'm working on it already, to bring the UI on feature parity with the CLI in terms of certificate management. However, I'm not very proficient in JavaScript or React (the framework used by the UI), so it can take a little. I'll update this issue once I have a PR ready.

I'm using Helm to install ArgoCD, I tried modifying the deployments as the operational guide says but it doesnt work.

Hm, are you using argocd:latest image? This feature is not yet in any release version (I think it'll come with v1.2). If you use latest, make sure that a) the new ConfigMap objects are created in the argocd namespace and that you use latest manifests, i.e. with the volume mounts from the new config maps applied.

@gabrielcalderon PR #1987 was merged to master an hour or so ago and the argocd:latest docker image containing this change has already been built. It adds a new "Certificates" sub-menu under "Settings", where you can add and remove TLS certificates and SSH public keys for repository server verification.

You just have to setup the TLS certificate for validation once for any number of repositories you'll be connecting from the same repository server, so if you have a repository at https://example.com/repos/test, you would add a TLS certificate for example.com in the certificate form. Afterwards, you should be able to connect your repository.

I'd be grateful if you wouldn't mind testing if it works for you!

@jannfis That's great news! I will give it a try today/tomorrow when I get home. :-)