Applying a Certificate Configuration to the Argo CD Notifications Controller (Control Plane)

To ensure custom certificates are used by the Argo CD Notifications Controller, the container can be configured with the SSL_CERT_DIR environment variable. This setup can be achieved via a Kustomization patch that updates the deployment.

Steps to Patch the Notifications Controller

1. Create a kustomization.yaml file with the following patch:

   apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
patches:
  - target:
      group: apps
      version: v1
      kind: Deployment
      name: argocd-notifications-controller
    patch: |-
      apiVersion: apps/v1
      kind: Deployment
      metadata:
        name: argocd-notifications-controller
      spec:
        template:
          spec:
            containers:
              - name: argocd-notifications-controller
                env:
                  - name: SSL_CERT_DIR
                    value: /app/config/tls
   
   This patch sets the SSL_CERT_DIR to /app/config/tls, allowing the container to reference mounted custom certificate paths.
2. Apply the patch via your deployment workflow
   
   On the Akuity Platform, this Kustomization patch should be part of the control plane configuration to be reconciled automatically.

Alternative for Agent-Level Configuration:

If the same customization is needed on an agent, a default agent Kustomization can be applied. This approach enables overriding the deployment for agent-hosted components in a similar way.

Setting an agent Kustomization default can serve as a temporary or permanent solution when control plane access is limited or declarative specs are not in use yet.

Reference:

• https://docs.akuity.io/argo-cd/clusters/agent-advanced-settings#kustomization
• https://docs.akuity.io/akuity-portal/reference/declarative-specs/argo-cd-instance-specs/configmap-spec#argocd-tls-certs-cm