search

argoproj / argo-cd

Declarative Continuous Deployment for Kubernetes
https://argo-cd.readthedocs.io
Apache License 2.0
18.04k stars 5.51k forks source link

ArgoCD : Redirect loop UI #12195

Open mravily opened 1 year ago

mravily commented 1 year ago

Discussed in https://github.com/argoproj/argo-cd/discussions/12175

Originally posted by **mravily** January 27, 2023 Checklist: * [x] I've searched in the docs and FAQ for my answer: https://bit.ly/argocd-faq. * [x] I've included steps to reproduce the bug. * [x] I've pasted the output of `argocd version`. **Describe the bug** 1. When installing ArgoCD at a root path (e.g., "/argocd") and accessing that root path, you get redirected to /argocd/applications, and then immediately redirected to /argocd/argocd/login?... This appears to enter a redirect loop. 2. When installing ArgoCD at a base href (e.g., "/argocd") and accessing that base href, the UI doesn't appear anymore and a error text was displayed `Unable to load data: Not Found.`.. Environment: K3D Cluster **To Reproduce** ``` ├── cluster.yaml ├── config │ ├── Kustomization.yaml │ └── argocd-cmd-params-cm-patch.yaml ├── ingress.yaml └── start.sh ``` 1. Install K3D Cluster with this minimal config `cluster.yaml` ```yaml apiVersion: k3d.io/v1alpha4 # this will change in the future as we make everything more stable kind: Simple # internally, we also have a Cluster config, which is not yet available externally metadata: name: argo-cd # name that you want to give to your cluster (will still be prefixed with `k3d-`) servers: 1 # same as `--servers 1` agents: 2 # same as `--agents 2` kubeAPI: # same as `--api-port myhost.my.domain:6445` (where the name would resolve to 127.0.0.1) hostIP: "127.0.0.1" # where the Kubernetes API will be listening on hostPort: "6445" # where the Kubernetes API listening port will be mapped to on your host system image: rancher/k3s:v1.22.17-k3s1 # same as `--image rancher/k3s:v1.20.4-k3s1` ports: - port: 8080:80 # same as `--port '8080:80@loadbalancer'` nodeFilters: - loadbalancer ``` 2. Install ArgoCD with Kustomize (separate in two file on a same folder config) `argocd-cmd-params-cm-patch.yaml` ```yaml apiVersion: v1 kind: ConfigMap metadata: name: argocd-cmd-params-cm data: server.insecure: "true" # server.basehref: "/argocd" server.rootpath: "/argocd" ``` `Kustomization.yaml` ```yaml apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml # ## changes to config maps patchesStrategicMerge: - argocd-cmd-params-cm-patch.yml namespace: argocd ``` 3. Setup an Ingress to redirect on GUI `ingress.yaml` ```yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: argocd-ingress namespace: argocd labels: app.kubernetes.io/component: server app.kubernetes.io/name: argocd-server app.kubernetes.io/part-of: argocd annotations: ingress.kubernetes.io/ssl-redirect: "false" spec: rules: - host: localhost http: paths: - path: /argocd pathType: Prefix backend: service: name: argocd-server port: number: 80 ``` 4. Launch start.sh `start.sh` ```shell k3d cluster create --config config/k3d-default.yaml kubectl create namespace argocd kubectl apply -k config/install kubectl apply -f config/ingress.yaml kubectl wait deploy/argocd-server -n argocd --for condition=available --timeout=600s ``` 5. Access on the `localhost:8080/argocd`, enter password and see the errors ```shell kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo ``` **Expected behavior** **Screenshots** **Version** ``` argocd: v2.5.5+fc3eaec.dirty BuildDate: 2022-12-16T18:45:12Z GitCommit: fc3eaec6f498ddbe49a5fa9d215a219191fba02f GitTreeState: dirty GoVersion: go1.19.4 Compiler: gc Platform: darwin/amd64 FATA[0000] configmap "argocd-cm" not found ``` **Logs** ```shell argocd login localhost:8080 --grpc-web-root-path /argo-cd ``` ``` FATA[0019] rpc error: code = Unknown desc = POST https://localhost:8080/argo-cd/session.SessionService/Create failed with status code 404 ```
shadowofmoo commented 1 year ago

same question

rafalkrupinski commented 1 year ago

I have a similar problem: I get a redirect loop when configuring networking.k8s.io/v1/Ingress with a custom domain and tls from cert-manager

shadowofmoo commented 1 year ago
  1. make sure server.insecure: "true" is configed in cm

  2. try this use ingress-nginx

    apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTP
nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
name: dev-argocd-ingress
namespace: argocd
spec:
ingressClassName: nginx
rules:
- host: argocd.example.io
  http:
    paths:
      - backend:
          service:
            name: argocd-server
            port:
              number: 80
        path: /
        pathType: Prefix

tls:
- hosts:
  - argocd.example.io
  secretName: argocd-secret
  3. config hosts, visit https://argocd.example.io
rafalkrupinski commented 1 year ago
  1. make sure server.insecure: "true" is configed in cm

Already did that

2. try this use ingress-nginx

I've seen it in the docs, but I'm just starting with k8s and I've no idea how to do it. Should I replace the built-in Traefik LB or add nginx as a second one?

shadowofmoo commented 1 year ago
  1. make sure server.insecure: "true" is configed in cm

Already did that

2. try this use ingress-nginx

I've seen it in the docs, but I'm just starting with k8s and I've no idea how to do it. Should I replace the built-in Traefik LB or add nginx as a second one?

you can show your ingress cm

rafalkrupinski commented 1 year ago 
2. try this use ingress-nginx

I've seen it in the docs, but I'm just starting with k8s and I've no idea how to do it. Should I replace the built-in Traefik LB or add nginx as a second one?

you can show your ingress cm

I don't have any ConfigMaps for Ingress. All I have for is 

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: argocd
  namespace: argocd
spec:
  tls:
  - secretName: apps-tls
  rules:
  - host: argocd.apps.dev.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: argocd-server
            port:
              name: http
shadowofmoo commented 1 year ago

Reference in new

This configuration seems fine, but I don't know about traefik. you can try delete argocd-server pod, in case of the argocd server doesn't use insecure config.

rafalkrupinski commented 1 year ago

Reference in new

This configuration seems fine, but I don't know about traefik. you can try delete argocd-server pod, in case of the argocd server doesn't use insecure config.

Thank you for looking at it. Interestingly, there is traefik svclb pod for Grafana, with pretty much identical ingress configuration, but not for argocd.

vyom-soft commented 11 months ago

I get this err with emissary-ingress.

edu-diaz commented 11 months ago

Same problem with nginx controller and metallb. Only works when using default / rootpath.

abstract-entity commented 8 months ago

Same here with nginx-ingress controller

ostapkostyk commented 6 months ago

same problem even using port-forward. ArgoCD v.2.10.9

Just enabling basehref and rootpath causes redirect loop to login page

  configs:
    params:
      server.insecure: true
      server.basehref: '/argocd'
      server.rootpath: '/argocd'

otherwise works well (with port-forwarding)

With Ingress just having Internal Server Error page

hustluh commented 2 months ago

is there still no resolution to this? it's happening with kubernetes' nginx-ingress controller too.

side note: if you allow the path to stay as / and leave the default settings in the values.yaml file (for helm installs) it works.. but as soon as you want to use ANYTHING ELSE, it starts a loop