Open endophage opened 2 years ago
Adding onto this after more debugging.
It seems that the CLI only asks for github credentials when --app
is passed. If instead I just use --repo
everything works fine. The CLI help text says --recover
is meant to be used with --app
but based on my experience testing, it seems like --app
is redundant, you can just use --repo
instead. Am I missing something there?
Even more testing and running the command in a debugger. --recover
is really broken. When the bootstrap hands off to kustomize (via the krusty library), that asks for a github login rather than using the provided token because it's not at all integrated into your code (and our security policies won't allow us to login to our private repos using a username and password only).
So, the alternative would be to let a user checkout their private repo themselves and provide a local filepath to the bootstrap/argo-cd kustomization. However that doesn't work because kustomize throws a security error due to the local path being outside the temporary directory you create for your wrapping kustomization.
I can confirm the same bug when using a custom app specifier (--app
) as described here.
same issue as @debovema . I patched argocd's cm to exclude ciliumIdentity and then had to do a recover and thought I'd need to explicitly specify the app and ran into this as well.
I'm testing recovery against a local (docker desktop) k8s cluster. I've been able to install argocd using autopilot successfully. I then used docker desktop's "Reset Kubernetes Cluster" and I'm testing that recovery works.
Even with the
GIT_TOKEN
set in the env and passed using--git-token
, running anargocd-autopilot repo bootstrap --recover
is asking for my credentials to login to github.autopilot version is 0.3.7