v2.8 and after
If you're running Argo Server you have three options with increasing transport security (note - you should also be running authentication):
v2.8 - 2.12
Defaults to Plain Text
v3.0 and after
Defaults to Encrypted if cert is available
Argo image/deployment defaults to Encrypted with a self-signed certificate which expires after 365 days.
Recommended for: development.
Everything is sent in plain text.
Start Argo Server with the --secure=false (or ARGO_SECURE=false) flag, e.g.:
export ARGO_SECURE=false
argo server --secure=falseTo secure the UI you may front it with a HTTPS proxy.
Recommended for: development and test environments.
You can encrypt connections without any real effort.
Start Argo Server with the --secure flag, e.g.:
argo server --secureIt will start with a self-signed certificate that expires after 365 days.
Run the CLI with --secure (or ARGO_SECURE=true) and --insecure-skip-verify (or ARGO_INSECURE_SKIP_VERIFY=true).
argo --secure --insecure-skip-verify listexport ARGO_SECURE=true
export ARGO_INSECURE_SKIP_VERIFY=true
argo --secure --insecure-skip-verify listTip: Don't forget to update your readiness probe to use HTTPS. To do so, edit your argo-server
Deployment's readinessProbe spec:
readinessProbe:
httpGet:
scheme: HTTPSRecommended for: production environments.
Run your HTTPS proxy in front of the Argo Server. You'll need to set-up your certificates (this is out of scope of this documentation).
Start Argo Server with the --secure flag, e.g.:
argo server --secureAs before, it will start with a self-signed certificate that expires after 365 days.
Run the CLI with --secure (or ARGO_SECURE=true) only.
argo --secure listexport ARGO_SECURE=true
argo listSet TLS_MIN_VERSION to be the minimum TLS version to use. This is v1.2 by default.
This must be one of these int values.
| Version | Value |
|---|---|
| v1.0 | 769 |
| v1.1 | 770 |
| v1.2 | 771 |
| v1.3 | 772 |