search

argoproj / argo-cd

Declarative Continuous Deployment for Kubernetes
https://argo-cd.readthedocs.io
Apache License 2.0
17.69k stars 5.39k forks source link

--basehref with ingress nginx causes an infinite loop #2708

Open nutchalum opened 4 years ago

nutchalum commented 4 years ago

Checklist:

Describe the bug When using --basehref such as /cd with ingress nginx causes a frontend with an inifinite loop

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  namespace: sre
  name: server.example.com-cd
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/rewrite-target: /$1;
    nginx.ingress.kubernetes.io/use-regex: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
spec:
  tls:
    - hosts:
        - server.example.com
      secretName: server-cert
  rules:
    - host: server.example.com
      http:
        paths:
          - path: /cd/(.*)
            backend:
              serviceName: argocd-server
              servicePort: 80
  1. visit https://server.example.com/cd/
  2. redirect to https://server.example.com/cd/applications
  3. redirect to login with url https://server.example.com/cd/cd/login?return_url=https%3A%2F%2Fserver.example.com%2Fcd%2Fapplications

notice that there's /cd/cd when redirect to login which cause the loop

A clear and concise description of what the bug is.

To Reproduce

  1. start server --basehref /cd
  2. apply ingress with the above configuration
  3. visit the url in browser

Version 1.3.0

nutchalum commented 4 years ago

I forgot to add nginx.ingress.kubernetes.io/force-ssl-redirect: "true"

marian-margeta commented 4 years ago

Have you resolved this issue? I have the same problem, but when I tried to use the ingress you posted above together with force-ssl-redirect flag, the problem persists.

nutchalum commented 4 years ago

@marian-margeta unfortunately, no it seems like force-ssl-redirect has nothing to do with this I just went back to use a simple sub-domain instead of a path

goldsam commented 4 years ago

I'm also seeing this

goldsam commented 4 years ago

Think we could get this added to the 1.4 milestone? This is kind of a blocker for my team.

alexec commented 4 years ago

@goldsam would you be interested in submitting a PR?

omerfsen commented 4 years ago

For those needing it i solved it like ( I am serving it under /argocd/)

On install.yaml argocd-server 

      - command:
        - argocd-server
        - --staticassets
        - /shared/app
        - --insecure
        - --basehref
        - /{{argocd_path}}
        - --rootpath
        - /{{argocd_path}}
        name: argocd-server

and Nginx-Ingress will be:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: argocd-server-http-ingress
  namespace: {{argocd_ns}}
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
    nginx.ingress.kubernetes.io/rewrite-target: /{{argocd_path}}/$2
spec:
  rules:
  - http:
      paths:
      - backend:
          serviceName: argocd-server
          servicePort: http
        path: /{{argocd_path}}(/|$)(.*)
    host: {{services_subdomain}}.{{environment_domain}}
  tls:
  - hosts:
    - {{services_subdomain}}.{{environment_domain}}
    secretName: {{argocd_secret}} # do not change, this is provided by Argo CD

If i don't do that like that (bashref and rootpath are different I was getting a warning on argocd-server pods)

Plus3IT-Azure commented 2 years ago

For those needing it i solved it like ( I am serving it under /argocd/)

On install.yaml argocd-server

      - command:
        - argocd-server
        - --staticassets
        - /shared/app
        - --insecure
        - --basehref
        - /{{argocd_path}}
        - --rootpath
        - /{{argocd_path}}
        name: argocd-server

and Nginx-Ingress will be:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: argocd-server-http-ingress
  namespace: {{argocd_ns}}
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
    nginx.ingress.kubernetes.io/rewrite-target: /{{argocd_path}}/$2
spec:
  rules:
  - http:
      paths:
      - backend:
          serviceName: argocd-server
          servicePort: http
        path: /{{argocd_path}}(/|$)(.*)
    host: {{services_subdomain}}.{{environment_domain}}
  tls:
  - hosts:
    - {{services_subdomain}}.{{environment_domain}}
    secretName: {{argocd_secret}} # do not change, this is provided by Argo CD

If i don't do that like that (bashref and rootpath are different I was getting a warning on argocd-server pods)

This solution worked for me. thanks