search

argoproj / argo-cd

Declarative Continuous Deployment for Kubernetes
https://argo-cd.readthedocs.io
Apache License 2.0
16.9k stars 5.13k forks source link

argocd cli does not honor --grpc-web command line option #12359

Open nareshku opened 1 year ago

nareshku commented 1 year ago

Checklist:

Describe the bug

argocd cli login command is not honoring --grpc-web when used. Instead, it uses grpc connection. See below example.

> argocd --grpc-web login k8s-argocd.example.com --sso --grpc-web-root-path k8s-0
WARNING: server is not configured with TLS. Proceed (y/n)? y
FATA[0097] rpc error: code = Unknown desc = Post "http://k8s-argocd.example.com:443/k8s-0/cluster.SettingsService/Get": EOF

Also, the POST request above appears to be incorrect. It should rather be https instead of http. Since HTTP request on port 443 doesn't make sense. It basically means, the server(i.e. LB/proxy) is serving http traffic on port 443.

To Reproduce

  1. Create argocd-server behind a load balancer that doesn't support grpc or http2.
  2. Ensure TLS is enabled on the argocd-server
  3. Run the below argocd login command that uses --grpc-web. In my case the server is configured with --basehref=k8s-0. 
    > argocd --grpc-web login k8s-argocd.example.com --sso --grpc-web-root-path k8s-0
WARNING: server is not configured with TLS. Proceed (y/n)? y
FATA[0097] rpc error: code = Unknown desc = Post "http://k8s-argocd.example.com:443/k8s-0/cluster.SettingsService/Get": EOF
  4. When running the command with --skip-test-tls it works. 
    > argocd --grpc-web login k8s-argocd.example.com --sso --grpc-web-root-path k8s-0 --skip-test-tls
Opening browser for authentication
INFO[0000] RequestedClaims: map[groups:essential:true ]
Performing authorization_code flow login:

Expected behavior

  1. Command argocd --grpc-web login should use grpc-web connection and if TLS is enabled the check should pass.
  2. The below http post request should be in https 
    > argocd --grpc-web login k8s-argocd.example.com --sso --grpc-web-root-path k8s-0
WARNING: server is not configured with TLS. Proceed (y/n)? y
FATA[0097] rpc error: code = Unknown desc = Post "http://k8s-argocd.example.com:443/k8s-0/cluster.SettingsService/Get": EOF

Version

❯ argocd version

argocd: v2.5.10+d311fad.dirty
  BuildDate: 2023-02-02T18:50:12Z
  GitCommit: d311fad538178ef97528edf7f09d1d5b57268f45
  GitTreeState: dirty
  GoVersion: go1.19.5
  Compiler: gc
  Platform: darwin/amd64
argocd-server: v2.4.11+3d9e9f2
  BuildDate: 2022-08-22T09:35:38Z
  GitCommit: 3d9e9f2f95b7801b90377ecfc4073e5f0f07205b
  GitTreeState: clean
  GoVersion: go1.18.5
  Compiler: gc
  Platform: linux/amd64
  Kustomize Version: v3.5.4 2020-01-11T03:12:59Z
  Helm Version: v3.9.4+gdbc6d8e
  Kubectl Version: v0.23.1
  Jsonnet Version: v0.18.0
algo7 commented 4 months ago

Any news one this?

yann-soubeyrand commented 1 month ago

Hello, it seems to work in v2.11.2.