argocd cli login command is not honoring --grpc-web when used. Instead, it uses grpc connection. See below example.
> argocd --grpc-web login k8s-argocd.example.com --sso --grpc-web-root-path k8s-0
WARNING: server is not configured with TLS. Proceed (y/n)? y
FATA[0097] rpc error: code = Unknown desc = Post "http://k8s-argocd.example.com:443/k8s-0/cluster.SettingsService/Get": EOF
Also, the POST request above appears to be incorrect. It should rather be https instead of http. Since HTTP request on port 443 doesn't make sense. It basically means, the server(i.e. LB/proxy) is serving http traffic on port 443.
To Reproduce
Create argocd-server behind a load balancer that doesn't support grpc or http2.
Ensure TLS is enabled on the argocd-server
Run the below argocd login command that uses --grpc-web. In my case the server is configured with --basehref=k8s-0.
> argocd --grpc-web login k8s-argocd.example.com --sso --grpc-web-root-path k8s-0
WARNING: server is not configured with TLS. Proceed (y/n)? y
FATA[0097] rpc error: code = Unknown desc = Post "http://k8s-argocd.example.com:443/k8s-0/cluster.SettingsService/Get": EOF
When running the command with --skip-test-tls it works.
Command argocd --grpc-web login should use grpc-web connection and if TLS is enabled the check should pass.
The below http post request should be in https
> argocd --grpc-web login k8s-argocd.example.com --sso --grpc-web-root-path k8s-0
WARNING: server is not configured with TLS. Proceed (y/n)? y
FATA[0097] rpc error: code = Unknown desc = Post "http://k8s-argocd.example.com:443/k8s-0/cluster.SettingsService/Get": EOF
Checklist:
argocd version
.Describe the bug
argocd cli login command is not honoring
--grpc-web
when used. Instead, it usesgrpc
connection. See below example.Also, the POST request above appears to be incorrect. It should rather be
https
instead ofhttp
. Since HTTP request on port443
doesn't make sense. It basically means, the server(i.e. LB/proxy) is serving http traffic on port 443.To Reproduce
--grpc-web
. In my case the server is configured with--basehref=k8s-0
.--skip-test-tls
it works.Expected behavior
argocd --grpc-web login
should usegrpc-web
connection and if TLS is enabled the check should pass.http
post request should be in httpsVersion