CNE: AWS Ready - Configuring ArgoCD Domain and TLS

Configure a custom domain and TLS certificate for ArgoCD to access the GitOps interface through a secure endpoint.

Prerequisites

Before configuring the ArgoCD domain, ensure you have these prerequisites:

• A deployed CNE environment
• A registered domain (for example, argocd.mydomain.com)
• A valid TLS certificate
• The certificate stored in your external secrets vault

Identify the Load Balancer Address

The CNE bootstrap process creates a load balancer for ArgoCD.

To find the load balancer DNS name, open the AWS console and navigate to EC2 → Load Balancers. Locate the correct resource using its tags, then copy the DNS name from the Details panel.

Alternatively, retrieve it using kubectl:

kubectl get gateway \
   --namespace argocd-system \
   --no-headers | awk '{print $3}'

Configure DNS

Create a CNAME record in your DNS provider pointing your ArgoCD subdomain to the load balancer.

Example:

argocd.mydomain.com → k8s-argocd-abc123.us-west-2.elb.amazonaws.com

Verify the record:

dig argocd.mydomain.com CNAME

Configure Hostname and TLS

Update the Terraform configuration in your GitOps repository:

gitops/resources/terraform.tfvars

Add the following configuration:

argocd_domain_config = {
   hostname = "argocd.mydomain.com"
   tls_external_secret_name = "liferay/certificates/mydomain"
}

Commit and Push the Changes

Commit and push the updated configuration to your Git repository:

git add gitops/resources/terraform.tfvars
git commit -m "Configure ArgoCD domain and TLS"
git push

Apply the Configuration

Apply the Terraform changes:

cd gitops/resources/
terraform apply

Verify the Configuration

Open the ArgoCD URL in your browser:

https://argocd.mydomain.com

If the configuration is correct, the ArgoCD UI loads using the configured TLS certificate.