search

argoproj / argo-cd

Declarative Continuous Deployment for Kubernetes
https://argo-cd.readthedocs.io
Apache License 2.0
17.72k stars 5.4k forks source link

Response 401 randomly when viewing resource #20255

Open ram4444 opened 1 week ago

ram4444 commented 1 week ago

The issue is likely occur (9 out of 10) but not every time when I click to view an item in a project the screen it redirects me back to the login screen the browser shows it is a 401 response I have

Screenshot From 2024-10-06 19-54-05

Background: argocd installed from Helm Chart with config in values.yaml:

setarg_argocd="\
redis.image.tag=7.4.0,\
server.config.url=argocd.dionys.xyz,\
server.ingress.enabled=true,\
server.ingress.hostname=argocd.$hostname,\
server.ingress.tls=true,\
server.ingress.path=/,\
server.ingress.pathType=Prefix,\
server.ingress.annotations."nginx\.ingress\.kubernetes\.io/force-ssl-redirect"="true" \
server.ingress.annotations."nginx\.ingress\.kubernetes\.io/ssl-passthrough"="true" \
global.domain=dionys.xyz \
server.ingress.ingressClassName=nginx"

NGINX ingress

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: argo-cd-argocd-server
  namespace: argocd
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    cert-manager.io/acme-challenge-type: http01
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    # If you encounter a redirect loop or are getting a 307 response code
    # then you need to force the nginx ingress to connect to the backend using HTTPS.
    #
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
  ingressClassName: nginx
  rules:
  - host: argocd.dionys.xyz
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: argo-cd-argocd-server
            port:
              number: 443
  tls:
  - hosts:
    - argocd.dionys.xyz
    secretName: argocd-server-tls # as expected by argocd-server
agaudreault commented 2 days ago

@ram4444 Can you add more details on the redirection to the login screen? if it redirects you, do you need to authenticate again? What kind of login do you use? are you using a local users or an integration with an SSO? The cookie argocd.token that you share above is the JWT token you get after authentication. You can use https://jwt.io/ to see the content of this token, and make sure it is valid.