From a fresh installed okd (4.12.0-0.okd-2023-02-04-212953) with sealedsecret installed (pretty sure it's not him the problem) and argocd (tested 2.6.2, 2.4.19, 2.4.22, 2.1.7) I'm unable to make the authentification against okd through oauth.
When I reach the argocd webui, I got the «Login via Openshift», then got the Openshift login interface then...wait until timeout end up with «login failed» in argocd webui
The cluster wide proxy are configured.
Because of the log (check below) I can see a timeout for the connection to the oauth service in openshift, I try to do a wget inside the argocd-dex-server pod, and end up with the same timeout. It seem the argocd-dex-server don't use the proxy, because if I manually do a export https_proxy etc. the wget work. But because I'm total newbie I'm not sure if my diagnostic are correct
To Reproduce
Installed OKD 4.12 and argocd. Using a service account for the oauth okd.
Expected behavior
After the authentification on okd console we should redirect to the argocd console
Logs
In the log of the argocd-dex-server
Defaulted container "dex" out of: dex, copyutil (init)
time="2023-02-24T09:10:31Z" level=info msg="ArgoCD Dex Server is starting" built="2023-02-16T15:05:14Z" commit=6e02f8b23201b0620a4ff1bce5d38229ba1eb02e namespace=argocd version=v2.6.2+6e02f8b
time="2023-02-24T09:10:31Z" level=info msg="Generating self-signed TLS certificate for this session"
time="2023-02-24T09:10:31Z" level=info msg="Starting configmap/secret informers"
time="2023-02-24T09:10:31Z" level=info msg="Configmap/secret informer synced"
time="2023-02-24T09:10:31Z" level=info msg="0xc0003125a0 subscribed to settings updates"
time="2023-02-24T09:10:32Z" level=info msg="Dex Version: v2.35.3-dirty, Go Version: go1.19.2, Go OS/ARCH: linux amd64"
time="2023-02-24T09:10:32Z" level=info msg="config issuer: https://argocd.apps.paas.DOMAIN_NAME/api/dex"
time="2023-02-24T09:10:32Z" level=info msg="config storage: memory"
time="2023-02-24T09:10:32Z" level=info msg="config static client: Argo CD"
time="2023-02-24T09:10:32Z" level=info msg="config static client: Argo CD CLI"
time="2023-02-24T09:10:32Z" level=info msg="config connector: openshift"
time="2023-02-24T09:10:32Z" level=info msg="config skipping approval screen"
time="2023-02-24T09:10:32Z" level=info msg="config refresh tokens rotation enabled: true"
time="2023-02-24T09:10:32Z" level=info msg="keys expired, rotating"
time="2023-02-24T09:10:32Z" level=info msg="keys rotated, next rotation: 2023-02-24 15:10:32.373142598 +0000 UTC"
time="2023-02-24T09:10:32Z" level=info msg="listening (telemetry) on 0.0.0.0:5558"
time="2023-02-24T09:10:32Z" level=info msg="listening (https) on 0.0.0.0:5556"
time="2023-02-24T09:10:32Z" level=info msg="listening (grpc) on 0.0.0.0:5557"
time="2023-02-24T09:20:33Z" level=error msg="Failed to authenticate: oidc: failed to get token: Post \"https://oauth-openshift.apps.paas.DOMAIN_NAME/oauth/token\": net/http: TLS handshake timeout"
BugsBuggy
commented
9 months ago
Checklist:
argocd version.Describe the bug
From a fresh installed okd (4.12.0-0.okd-2023-02-04-212953) with sealedsecret installed (pretty sure it's not him the problem) and argocd (tested 2.6.2, 2.4.19, 2.4.22, 2.1.7) I'm unable to make the authentification against okd through oauth. When I reach the argocd webui, I got the «Login via Openshift», then got the Openshift login interface then...wait until timeout end up with «login failed» in argocd webui
The cluster wide proxy are configured.
Because of the log (check below) I can see a timeout for the connection to the oauth service in openshift, I try to do a wget inside the argocd-dex-server pod, and end up with the same timeout. It seem the argocd-dex-server don't use the proxy, because if I manually do a export https_proxy etc. the wget work. But because I'm total newbie I'm not sure if my diagnostic are correct
To Reproduce
Installed OKD 4.12 and argocd. Using a service account for the oauth okd.
Expected behavior
After the authentification on okd console we should redirect to the argocd console
Logs In the log of the argocd-dex-server