search

argoproj / argo-cd

Declarative Continuous Deployment for Kubernetes
https://argo-cd.readthedocs.io
Apache License 2.0
16.9k stars 5.13k forks source link

ArgoCD CLI unexpected behaviour for login --insecure --grpc-web #12548

Open janosmiko opened 1 year ago

janosmiko commented 1 year ago

Checklist:

Describe the bug

When I'm using an insecure ArgoCD instance and I'm trying to login using --grpc-web and --insecure the argocd cli asks for confirmation. When I add the --skip-test-tls flag it will retry on port 443 even nothing is configured to use TLS. The --assumeYes flag is not available for this subcommand.

To Reproduce

~> mkdir tmp
~> cd tmp
~/tmp> kind create cluster --name test
~/tmp> kubectl config use-context kind-test
Switched to context "kind-test".
~/tmp> helm repo add argo https://argoproj.github.io/argo-helm
~/tmp> ARGO_PWD="ThisIsNotSafe"
~/tmp> ENCRYPTED_PWD=$(htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/')
~/tmp> cat <<EOF >values.yaml
configs:
  cm:
    url: http://argocd-server.argocd
  params:
    server.insecure: true
    server.rootpath: ''
  secret:
    argocdServerAdminPassword: "${ENCRYPTED_PWD}"
applicationSet:
  enabled: false
notifications:
  enabled: false
dex:
  enabled: false
EOF

~/tmp> helm upgrade argocd argo/argo-cd \
  --install \
  --namespace argo-cd \
  --create-namespace \
  -f values.yaml

~/tmp> kubectl run --namespace=default --rm -it --image=alpine alpine -- /bin/sh

/ # wget -q -O /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64
/ # chmod +x /usr/local/bin/argocd
/ # argocd login --insecure --grpc-web --username admin --password ThisIsNotSafe argocd-server.argo-cd
WARNING: server is not configured with TLS. Proceed (y/n)? ^C
/ #
/ #
/ # argocd login --skip-test-tls --insecure --grpc-web --username admin --password ThisIsNotSafe argocd-server.argo-cd
FATA[0001] rpc error: code = Unknown desc = Post "https://argocd-server.argo-cd:443/session.SessionService/Create": read tcp 10.244.0.9:35188->10.96.152.158:443: read: connection reset by peer
/ #
/ #
/ # echo y | argocd login --insecure --grpc-web --username admin --password ThisIsNotSafe argocd-server.argo-cd
WARNING: server is not configured with TLS. Proceed (y/n)? 'admin:login' logged in successfully
Context 'argocd-server.argo-cd' updated

Expected behavior

Version

argocd version
argocd: v2.6.2+6e02f8b
  BuildDate: 2023-02-16T15:26:43Z
  GitCommit: 6e02f8b23201b0620a4ff1bce5d38229ba1eb02e
  GitTreeState: clean
  GoVersion: go1.18.10
  Compiler: gc
  Platform: linux/amd64
argocd-server: v2.6.2+6e02f8b
  BuildDate: 2023-02-16T15:05:14Z
  GitCommit: 6e02f8b23201b0620a4ff1bce5d38229ba1eb02e
  GitTreeState: clean
  GoVersion: go1.18.10
  Compiler: gc
  Platform: linux/arm64
  Kustomize Version: v4.5.7 2022-08-02T16:35:54Z
  Helm Version: v3.10.3+g835b733
  Kubectl Version: v0.24.2
  Jsonnet Version: v0.19.1
AgarwalMaddy commented 3 months ago

Hi, Which flag should be used to make argocd login work without complaining about the TLS . I tried doing all three mentioned above, None of them worked.

CameronMukherjee commented 2 months ago

Hi all, I'm facing the same issue as this. Is there a solution?

I've tried using --skip-test-tls but this has resulted with a 'connection reset by peer` issues instead of bypassing the warning.

Bv-Lucas commented 2 months ago

Hello guys,

I also would like some way to auto-confirm on this command to ignore the flag warning about TLS, I think most people are using argo in kube clusters and probably have TLS termination on the ingress so when connecting to argo-cd from inside cluster in most cases TLS would be absent.

To come back to this topic, you can use --plaintext flag to make your login command work, I use these 3 flags to connect to argocd from a pod in the same cluster as argo : --insecure --grpc-web --plaintext

From the manual of the CLI : --plaintext: Disable TLS

Hope this helps !

EDIT: for my use case, using only --plaintext works aswell