argocd-operator: Dex can't be disabled

Describe the bug

Hi, the documentation describing how to disable Dex is not correct. The following subscription configuration does NOT disable it:

To Reproduce

apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: argocd-operator
spec:
  # channel: alpha
  name: argocd-operator
  # source: argocd-catalog
  source: operatorhubio-catalog
  sourceNamespace: olm
  config:
    env:
      - name: DISABLE_DEX
        value: "true"
      - name: ARGOCD_CLUSTER_CONFIG_NAMESPACES
        value: argocd

Expected behavior

The configuration to stop dex from starting.

Additional context

Deployed version: v2.3.3-07ac038

About this issue

Original URL
State: closed
Created 2 years ago
Comments: 21

Most upvoted comments

@Morriz Thanks a lot.

wtam2018 on Jun 13, 2022

I redeployed everything fresh and could not reproduce it. I think this can be closed until we run into it again.

Morriz on Jun 13, 2022

@Morriz @wtam2018 @saumeya

Sorry for the confusion. I should have provided more details on the steps I followed to test it.

I was able to reproduce the issue on the latest version of Argo CD Operator on my K8s cluster(v1.23.4).

Steps Followed:

Follow the below steps to install OLM and Argo CD Operator on your Kuberentes cluster
- https://operatorhub.io/operator/argocd-operator (Click on Latest)
Use the below Argo CD CR to install Argo CD.

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: oauth
spec:
  dex:
    openShiftOAuth: true
  rbac:
    defaultPolicy: 'role:readonly'
    policy: |
      g, system:cluster-admins, role:admin
    scopes: '[groups]'
  server:
    route:
      enabled: true

Use the steps provided in the documentation to Disable Dex. https://argocd-operator.readthedocs.io/en/latest/usage/dex/#disable-dex

I expect operator to delete the dex pods from all the namespaces in which Argo CD is installed.

Note: After thinking hard, I understood why @saumeya was not able to reproduce the issue. I used the Argo CD CR configuration from examples folder that is similar to GitOps Operator (has .spec.dex.openShiftOAuth: true), I think @saumeya did not have this configuration in her CR or may be she is using the OOTB Argo CD CR that comes by installing Argo CD from OpenShift console.

This issue can be fixed in two ways.

Handle the Dex pod deletion even when .spec.dex.openshiftOAuth: true (or)
To prevent the backward compatibility we can just update our documentation(both upstream and downstream) to first remove the .spec.dex.openShiftOAuth: true(if present) along with adding DISABLE_DEX to subscription resource.

iam-veeramalla on Jun 6, 2022

I can reproduce the error. Thanks for reporting the issue 😃

iam-veeramalla on May 4, 2022