search

argoproj / argo-cd

Declarative Continuous Deployment for Kubernetes
https://argo-cd.readthedocs.io
Apache License 2.0
17.47k stars 5.31k forks source link

Can't add a cluster, the server has asked for the client to provide credentials #3941

Open emirot opened 4 years ago

emirot commented 4 years ago

Describe the bug

I can't add another k8s cluster, it looks like I'm missing some credentials. What kind of credentials ? Certs needs to be created, https://github.com/argoproj/argo-cd/issues/3655 ?

To Reproduce

argocd cluster add my-cluster.com # I can see it when listing then
INFO[0000] ServiceAccount "argocd-manager" already exists in namespace "kube-system"
INFO[0000] ClusterRole "argocd-manager-role" updated
INFO[0001] ClusterRoleBinding "argocd-manager-role-binding" updated
FATA[0002] rpc error: code = Unknown desc = REST config invalid: the server has asked for the client to provide credentials

In order to argocd login I need the flag --grpc-web

Documentation: https://argoproj.github.io/argo-cd/getting_started/#5-register-a-cluster-to-deploy-apps-to-optional

Version

argocd version
argocd: v1.6.0+c10ae24
  BuildDate: 2020-06-16T22:41:56Z
  GitCommit: c10ae246ab02f1356147118a1979fedcd1ceb704
  GitTreeState: clean
  GoVersion: go1.14.1
  Compiler: gc
  Platform: darwin/amd64
argocd-server: v1.6.1+159674e
  BuildDate: 2020-06-19T00:41:05Z
  GitCommit: 159674ee844a378fb98fe297006bf7b83a6e32d2
  GitTreeState: clean
  GoVersion: go1.14.1
  Compiler: gc
  Platform: linux/amd64
  Ksonnet Version: v0.13.1
  Kustomize Version: {Version:kustomize/v3.6.1 GitCommit:c97fa946d576eb6ed559f17f2ac43b3b5a8d5dbd BuildDate:2020-05-27T20:47:35Z GoOs:linux GoArch:amd64}
  Helm Version: version.BuildInfo{Version:"v3.2.0", GitCommit:"e11b7ce3b12db2941e90399e874513fbd24bcb71", GitTreeState:"clean", GoVersion:"go1.13.10"}
  Kubectl Version: v1.14.0
gorkemozlu commented 4 years ago

Hi, I've similar issue. It seems to add cluster with cli. No error output. But if i list the clusters it shows below message :

Unable to connect to cluster: the server has asked for the client to provide credentials

elg0ch0 commented 3 years ago

This worked for me

mdreizin commented 3 years ago

Do you have any updates on this issue?

duclm2609 commented 3 years ago

I have the similar issue.

Kyeongrok commented 2 years ago

I have the same issue too.

ravishtiwari commented 2 years ago

running into the same issue trying to add a rancher managed cluster to argo: 

FATA[0010] rpc error: code = Unauthenticated desc = the server has asked for the client to provide credentials
adiii717 commented 1 year ago

having a similar issue while creating an app using ArgoCd CLI, and getting different error while adding cluster

WARNING: This will create a service account `argocd-manager` on the cluster referenced by context `arn:aws:eks:us-west-2:1223456679:cluster/mycluster` with full cluster level admin privileges. Do you want to continue [y/N]? y
INFO[0004] ServiceAccount "argocd-manager" created in namespace "kube-system"
INFO[0005] ClusterRole "argocd-manager-role" created
INFO[0005] ClusterRoleBinding "argocd-manager-role-binding" created
FATA[0008] rpc error: code = PermissionDenied desc = permission denied: clusters, create, mycluster/https://1223456679.gr7.us-west-2.eks.amazonaws.com, sub: gitlab, iat: 2021-09-02T10:42:15Z
audunsol commented 1 year ago

I was having this exact issue yesterday.

argocd cluster add MyOtherClusterContext

Output:

...
FATA[0001] rpc error: code = Unauthenticated desc = the server has asked for the client to provide credentials

The issue was actually that the certs in my local context (from ~/.kube/config) were expired a few days ago (even though kubectl worked just fine), so just resetting the context credentials worked for me!

In my case, on an Azure AKS cluster, that involved the following Az CLI command:

az aks get-credentials --resource-group my-k8s-resource-group --name MyOtherClusterContext

This is of course different for other clouds vendors and k8s distributions, but they all have a way to add your k8s cluster as a context.

Hope this helps.

fredleger commented 1 year ago

As @elg0ch0 stated, this is the solution for thoose landing here because they are trying to add a k8s cluster that is managed by Rancher (and still want to go through it):

This worked for me

sieczak-a commented 10 months ago

This worked for me

TL;DR

argocd cluster add k8s-cluster-0 --upsert

ElanHasson commented 10 months ago

level=error msg="could not unmarshal cluster secret prod-secret"... be sure not to have trailing commas on properties. json.Unmarshal is unforgiving 💀

bumarcell commented 9 months ago

I had this error and came across this. My error turned out to be a wrong token. After having used the token of the application-controller (not base64 encoded) from the target cluster everything worked just fine 👍 It's a pity that error message wasn't clear/helpful..

ravishtiwari commented 7 months ago

Look at a few things if you run into this issue:

in my case, I was trying to use Rancher managed cluster to Argo, and Rancher had a self-signed Certificate. So, I had to create a service member inside the rancher, permit it to manage the K8s cluster in question, and create a secret for ArgoCD to register that cluster.

Also, I moved to the ACME Certificate to avoid the nasty certificate issues.

justyns commented 3 months ago

I was running into a similar error in a cluster managed by talos+omni. Since it was the cluster argocd is running in, using --in-cluster fixed it for me:

argocd cluster add omni-talos-cluster-0 --in-cluster
AnubhavSabharwa commented 1 month ago

Any solution for this?