what is the tls.crt in argocd-secret on k8s used for?

[amir-bialek]

I am deploying k8s on prem with argocd and as part of the preparation I am checking the certificate validation and expiry. We intend to connect to all svc on ui with http as this is a private network, so my only concern is any certs that are used for internal communication in the cluster.

I do not want anything to expired and the env to break. Cluster is deployed with kubespray, argocd is deployed with helm. In my argocd namespace I see secret name argocd-secret , in it data of tls.crt which is valid for 1 year. There are other data in the secret like admin.password, etc.. Anyone know what is this tls.crt used for? Why is it only valid for 1 year?

Thank you.

[ChristianCiach]

I am like 95% positive that this is the auto-generated certificate used for securely serving the Web-UI.

I actually don't even have a tls.crt in my argocd-secret, probably because I deployed the argocd-server with server.insecure: "true".

[ChristianCiach]

I was right about that and it's documented here: https://argo-cd.readthedocs.io/en/stable/operator-manual/argocd-secret-yaml/

[amir-bialek]

Hey Christian, thank you for the reply.

So if I understand it correctly, When they say

  # TLS certificate and private key for API server (required).
  # Autogenerated with a self-signed certificate when keys are missing or invalid.

It is only to connect to the UI via https, if the TLS will be added to the ingress.

Does this effect anything in the communication inside k8s with the argocd service?
Meaning if I do not care for the HTTPS (I deployed the ingress without the TLS), after this cert will expire nothing will happen?

Regards,