From f52f1987f2ded7b9c11106bca8e2d6bbf06368f1 Mon Sep 17 00:00:00 2001
From: OmerSen <omerfsen@gmail.com>
Date: Sun, 25 Jun 2023 18:13:14 +0100
Subject: [PATCH 1/2] docs: Update Ingress Documentation for Istio.

Signed-off-by: Omer Sen <omerfsen@gmail.com>
Signed-off-by: OmerSen <omerfsen@gmail.com>
---
 docs/operator-manual/ingress.md | 126 ++++++++++++++++++++++++++++++++
 1 file changed, 126 insertions(+)

diff --git a/docs/operator-manual/ingress.md b/docs/operator-manual/ingress.md
index d60165e284542..b156d826df4ef 100644
--- a/docs/operator-manual/ingress.md
+++ b/docs/operator-manual/ingress.md
@@ -414,6 +414,132 @@ Once we create this service, we can configure the Ingress to conditionally route
       - argocd.argoproj.io
 ```
 
+## [Istio](https://www.istio.io)
+You can put ArgoCD behind Istio using following configurations. Here we will achive both serving ArgoCD behind istio and using subpath on Istio
+
+First we need to make sure that we can run ArgoCD with subpath (ie /argocd). For this we have used install.yaml from argocd project as is
+
+```bash
+curl -kLs -o install.yaml https://raw.githubusercontent.com/argoproj/argo-cd/master/manifests/install.yaml
+```
+
+save following file as kustomization.yml
+
+```yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ./install.yaml
+
+patches:
+- path: ./patch.yml
+``` 
+
+And following lines as patch.yml
+
+```yaml
+# Use --insecure so Ingress can send traffic with HTTP
+# --bashref /argocd is the subpath like https://IP/argocd
+# env was added because of https://github.com/argoproj/argo-cd/issues/3572 error
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: argocd-server
+spec:
+ template:
+   spec:
+     containers:
+     - args:
+       - /usr/local/bin/argocd-server
+       - --staticassets
+       - /shared/app
+       - --redis
+       - argocd-redis-ha-haproxy:6379
+       - --insecure
+       - --basehref
+       - /argocd
+       - --rootpath
+       - /argocd
+       name: argocd-server
+       env:
+       - name: ARGOCD_MAX_CONCURRENT_LOGIN_REQUESTS_COUNT
+         value: "0"
+```
+
+After that install ArgoCD  (there should be only 3 yml file defined above in current directory )
+
+```bash
+kubectl apply -k ./ -n argocd --wait=true
+```
+
+After that we create Istio Resources
+
+```yaml
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: argocd-gateway
+  namespace: argocd
+spec:
+  selector:
+    istio: ingressgateway
+  servers:
+  - port:
+      number: 80
+      name: http
+      protocol: HTTP
+    hosts:
+    - "*"
+    tls:
+     httpsRedirect: true
+  - port:
+      number: 443
+      name: https
+      protocol: HTTPS
+    hosts:
+    - "*"
+    tls:
+      credentialName: cloud-cert
+      maxProtocolVersion: TLSV1_3
+      minProtocolVersion: TLSV1_2
+      mode: SIMPLE
+      cipherSuites:
+        - ECDHE-ECDSA-AES128-GCM-SHA256
+        - ECDHE-RSA-AES128-GCM-SHA256
+        - ECDHE-ECDSA-AES128-SHA
+        - AES128-GCM-SHA256
+        - AES128-SHA
+        - ECDHE-ECDSA-AES256-GCM-SHA384
+        - ECDHE-RSA-AES256-GCM-SHA384
+        - ECDHE-ECDSA-AES256-SHA
+        - AES256-GCM-SHA384
+        - AES256-SHA
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: argocd-virtualservice
+  namespace: argocd
+spec:
+  hosts:
+  - "*"
+  gateways:
+  - argocd-gateway
+  http:
+  - match:
+    - uri:
+        prefix: /argocd
+    route:
+    - destination:
+        host: argocd-server
+        port:
+          number: 80
+```
+
+And now we can browse http://{{ IP }}/argocd (it will be rewritten to https://{{ IP }}/argocd
+
+
 ## Google Cloud load balancers with Kubernetes Ingress
 
 You can make use of the integration of GKE with Google Cloud to deploy Load Balancers using just Kubernetes objects.

From 3db066a8a06a73dc4f8905d7c5f4925ff53d86d0 Mon Sep 17 00:00:00 2001
From: OmerSen <omerfsen@gmail.com>
Date: Thu, 29 Jun 2023 11:19:41 +0100
Subject: [PATCH 2/2] Argocd manifest for Istio from master to stable and
 argocd-server-tls secret remark

---
 docs/operator-manual/ingress.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/operator-manual/ingress.md b/docs/operator-manual/ingress.md
index b156d826df4ef..a8387b352f6fd 100644
--- a/docs/operator-manual/ingress.md
+++ b/docs/operator-manual/ingress.md
@@ -420,7 +420,7 @@ You can put ArgoCD behind Istio using following configurations. Here we will ach
 First we need to make sure that we can run ArgoCD with subpath (ie /argocd). For this we have used install.yaml from argocd project as is
 
 ```bash
-curl -kLs -o install.yaml https://raw.githubusercontent.com/argoproj/argo-cd/master/manifests/install.yaml
+curl -kLs -o install.yaml https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
 ```
 
 save following file as kustomization.yml
@@ -473,7 +473,7 @@ After that install ArgoCD  (there should be only 3 yml file defined above in cur
 kubectl apply -k ./ -n argocd --wait=true
 ```
 
-After that we create Istio Resources
+Be sure you create secret for Isito ( in our case secretname is argocd-server-tls on argocd Namespace). After that we create Istio Resources
 
 ```yaml
 apiVersion: networking.istio.io/v1alpha3
@@ -500,7 +500,7 @@ spec:
     hosts:
     - "*"
     tls:
-      credentialName: cloud-cert
+      credentialName: argocd-server-tls
       maxProtocolVersion: TLSV1_3
       minProtocolVersion: TLSV1_2
       mode: SIMPLE