Make helm chart compatible with custom CA for dex

[anton264]

Is your feature request related to a problem?

When using dex against self hosted sign-in methods with a custom CA dex will fail to contact the server.

Related helm chart

argo-cd

Describe the solution you'd like

It would be nice if there was a better method in the helm values to specify a CA certificate, either as a custom string or refering to a configmap.

Describe alternatives you've considered

This can be solved by using the volumemounts but can be tricky to get right.

Additional context

No response

[mkilchhofer]

Are you using the --dex-server-strict-tls parameter inside argocd-server? E.g by settings:

configs:
  params:
    server.dex.server.strict.tls: true

?

[anton264]

I dont see how that would solve the issue. To be clear the problem happens when dex is communicating with external auth-providers which have a self-signed CA, not in the internal communication between the argo services.

[mkilchhofer]

To be clear the problem happens when dex is communicating with external auth-providers which have a self-signed CA, not in the internal communication between the argo services.

Aah now I understand. I will try to understand how that is solved in both a vanilla dex and our bundled "customized" dex.

[mkilchhofer]

I studied the dex vanilla docs:
https://dexidp.io/docs/connectors/

It seems that

1. not all connectors supports using a custom CA
2. the ones who supports a custom CA have no common approach of using it

Do you have other opinions or ideas, @anton264 ?

[mkilchhofer]

@anton264 friendly ping/reminder