ArgoCD object should use argocd-server-tls secret in openshift-gitops namespace for TLS cert

[upr-kmd]

Is your feature request related to a problem? Please describe.
ArgoCD object doesn't use argocd-server-tls secret in openshift-gitops namespace for the openshift-gitops-server route.
Currently the TLS certificate has to be embedded inside the ArgoCD CR to make it deploy a TLS cert for the openshift-gitops-server route. This is counterproductive. Openshift-gitops operator should always use secrets instead of embedded certificates.

Describe the solution you'd like
The current setup according to the openshift-gitops documentation is:

$ oc edit argocd/openshift-gitops

 server:
      [...]
      route:
        enabled: true
        tls:
          certificate: |
            -----BEGIN CERTIFICATE-----
            ---                         <======= Add the custom-cert here
            -----END CERTIFICATE-----
          key: |
            -----BEGIN RSA PRIVATE KEY-----
            ---                        <======= Add the key here
            -----END RSA PRIVATE KEY-----
          insecureEdgeTerminationPolicy: Redirect
          termination: reencrypt
  [...]

Instead, it should be:

$ oc edit argocd/openshift-gitops

 server:
      [...]
      route:
        enabled: true
        tls:
          secret: <secret-name>
          insecureEdgeTerminationPolicy: Redirect
          termination: reencrypt
  [...]

Describe alternatives you've considered
N/A

Additional context
N/A

[ctrought]

OCP 4.16 is supposed to have a new field added to Route API "externalCertificate". I don't know the exact design details, but I assume the intention is to allow referencing a secret natively. Again assuming this is implemented, ArgoCD should be able to easily expose the field in the spec.server.route.tls.externalCertificate,

https://docs.openshift.com/container-platform/4.16/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls-externalcertificate

For now we've been overcoming this by leveraging either cert-manager combined with cert-manager routes and configuring the cert via annotations.
https://github.com/cert-manager/openshift-routes

The other option, and probably more stable would be simply using the ingress in ArgoCD CR as a means for configuring the route which does let you specify the TLS secret and OCP will generate the route + embed the certificate automatically.

[anandf]

ArgoCD operator should work with older versions of OCP as well. So it may not be a good idea to depend on the latest OCP 4.16 feature for the implementation.