Cannot use SSO login when argocd client run in a container

[claudusd]

Describe the bug

To avoid the install of the argocli I want to provide a docker image. I use SSO to login.

When I call the callback url in the browser, it cannot reach the server running in the container to handle the callback url.

There is a connection reset by peer.

To Reproduce

Run docker with the mapping port to ensure the callback request goes to the container.

docker run -p 8085:8085 --rm -it alpine:3.20.1 sh

Install the argocd cli and dependencies.

apk add xdg-utils
wget https://github.com/argoproj/argo-cd/releases/download/v2.11.3/argocd-linux-amd64 -O argocd
chmod +x argocd

./argocd login cd.argoproj.io --sso

Click on the link after Performing authorization_code flow login:

Expected behavior

Authentication successful
'claude.dioudonnat@fun-mooc.fr' logged in successfully
Context 'cd.argoproj.io' updated

Fix

https://github.com/argoproj/argo-cd/blob/9347d8d587bfc83fcf0863d756d1a37c100d72ea/cmd/argocd/commands/login.go#L306

-       srv := &http.Server{Addr: "localhost:" + strconv.Itoa(port)}
+       srv := &http.Server{Addr: "0.0.0.0:" + strconv.Itoa(port)}

Listen on localhost only allow network from the interface lo. But when you want to receive network from the outside we need to listen on 0.0.0.0 in the container.

Version

argocd: v2.11.3+3f344d5
  BuildDate: 2024-06-06T09:27:36Z
  GitCommit: 3f344d54a4e0bbbb4313e1c19cfe1e544b162598
  GitTreeState: clean
  GoVersion: go1.21.10
  Compiler: gc
  Platform: linux/amd64

[christianh814]

PR #17041 could potentially fix this issue.

[ChristianCiach]

Instead of using docker run -p 8085:8085 you could also use docker run --network=host as a workaround, as long as you are not using docker-rootless.