search

argoproj / argo-cd

Declarative Continuous Deployment for Kubernetes
https://argo-cd.readthedocs.io
Apache License 2.0
17.65k stars 5.38k forks source link

Add cluster via API Rest and deploy Application Fails #13571

Open ZacharyU-1 opened 1 year ago

ZacharyU-1 commented 1 year ago

Discussed in https://github.com/argoproj/argo-cd/discussions/7943

Originally posted by **facundoalarcon** December 15, 2021 I'm trying to add cluster via the [API](https://argo-cd.readthedocs.io/en/stable/developer-guide/api-docs/) and works, but when try to deploy an application this fails. This works if I add the cluster via CLI. For example. If I'm login via the terminal `argocd login localhost:8080` and then use `argocd cluster arn:aws:eks:region:account-id:cluster/name` I think this use my kubeconfig file, but I not sure. I can deploy new applications. but If I add the cluster via API, In the first place I'm logging and get the session token using the `POST` method in `https://localhost:8080/api/v1/session` with this body: ``` { "username": "user" "password": "password" } ``` And trying to deploy an application, for example, executing `POST` method in this endpoint `https://localhost:8080/api/v1/clusters?upsert=true` with this body: ``` { "server": "https://server.gr7.region.eks.amazonaws.com", "name": "arn:aws:eks:region:account-id:cluster/name", "config": { "tlsClientConfig": { "insecure": false, "caData": "ca-from-kubeconfig" } }, "info": { "serverVersion": "1.21+" } } ``` the cluster is added but, when I try to deploy an application, this action fails and "unknow" error message is returned ![image](https://user-images.githubusercontent.com/12551772/146213938-9c88aaf6-5b5e-42cc-8a1c-3a80278647c6.png) ![image](https://user-images.githubusercontent.com/12551772/146214098-1f2cad57-d80b-4448-9b17-b23114bf7ea5.png) I'm trying to deploy this application ``` apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: guestbook spec: destination: name: '' namespace: default server: 'https://server.gr7.region.eks.amazonaws.com' source: path: guestbook repoURL: 'https://github.com/argoproj/argocd-example-apps' targetRevision: HEAD project: default syncPolicy: automated: prune: false selfHeal: false ``` The same app via API (using `POST` method in `https://localhost:8080/api/v1/applications`) is ``` { "metadata": { "name": "guestbook", "namespace": "argocd", "managedFields": [ { "manager": "argocd-application-controller", "operation": "Update", "apiVersion": "argoproj.io/v1alpha1", "fieldsType": "FieldsV1", "fieldsV1": { "f:status": { "f:conditions": {}, "f:health": { "f:status": {} }, "f:reconciledAt": {}, "f:sync": { "f:comparedTo": { "f:destination": { "f:namespace": {}, "f:server": {} }, "f:source": { "f:path": {}, "f:repoURL": {}, "f:targetRevision": {} } }, "f:status": {} } } } }, { "manager": "argocd-server", "operation": "Update", "apiVersion": "argoproj.io/v1alpha1", "fieldsType": "FieldsV1", "fieldsV1": { "f:spec": { ".": {}, "f:destination": { ".": {}, "f:namespace": {}, "f:server": {} }, "f:project": {}, "f:source": { ".": {}, "f:path": {}, "f:repoURL": {}, "f:targetRevision": {} }, "f:syncPolicy": { ".": {}, "f:automated": {} } }, "f:status": { ".": {}, "f:health": { ".": {}, "f:status": {} }, "f:summary": {}, "f:sync": { ".": {}, "f:comparedTo": { ".": {}, "f:destination": { ".": {}, "f:namespace": {}, "f:server": {} }, "f:source": { ".": {}, "f:path": {}, "f:repoURL": {}, "f:targetRevision": {} } } } } } } ] }, "spec": { "source": { "repoURL": "https://github.com/argoproj/argocd-example-apps", "path": "guestbook", "targetRevision": "HEAD" }, "destination": { "server": "https://server.gr7.region.eks.amazonaws.com", "namespace": "default" }, "project": "default", "syncPolicy": { "automated": {} } } } ``` I'm trying to add the cluster via sale and use `GET` method in `https://localhost:8080/api/v1/clusters` to get the cluster config, delete from Argo and add via `POST` in `https://localhost:8080/api/v1/clusters?upsert=true` endpoint to use the same configuration, but also fails. I think is for certificates reasons, but really I don't know.
todaywasawesome commented 1 year ago

Try examining the secret created and comparing. All the cli does is create a secret for the cluster that Argo picks up on.

reedjosh commented 1 year ago

I too am seeing this issue, any update or resolution found here?

🙏

facundoalarcon commented 1 year ago

Hi I post the same question, I solve this situation with this steps:

  1. After authenticate in https://localhost:8080/api/v1/session argo endpoint (with arago username and password) you receive a token from argo {"token": "xxx"}.

    If you use an external IdP, you should be use the jwt token from the IdP as argo token and skip this step.

  2. After that, in the https://localhost:8080/api/v1/clusters?upsert=true endpoint, you'll need the token if you use an external IdP provider. The token is provided from the provider. And the argo token as header Cookie:argocd.token=xxx

    {
        "server": "https://endpoint",
        "name": "cluster-name",
        "config": {
            "bearerToken": "idp-jwt-token-xxx",
            "tlsClientConfig": {
                "insecure": false,
                "caData": "your-cluster-ca-xxx"
            }
        },
        "info": {
            "serverVersion": "1.21+"
        }
    }

    I hope this response helps!