search

argoproj / argo-cd

Declarative Continuous Deployment for Kubernetes
https://argo-cd.readthedocs.io
Apache License 2.0
17.61k stars 5.37k forks source link

Multiple external URLs for SSO access #5388

Closed Timoses closed 2 months ago

Timoses commented 3 years ago

Summary

Currently, only one url can be configured in ArgoCD ConfigMap (argocd-cm.yaml; see https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/). It should be possible to specify more than one valid url.

Motivation

Our clusters generally have two access paths:

  1. via F5 BigIP and
  2. via a management network (directly to cluster via nginx Ingress).

This also means that we use 2 differing URLs to access these endpoints.

In general, the F5 path is for end users, whereas the management path is for system administrator use as a last resort mechanism in case the F5 path experiences a downtime. For failure analysis it is important to still be able to access ArgoCD (preferrable via GUI).

Currently, if trying to access ArgoCD via a URL which is not specified in url of ArgoCD ConfigMap the response is 

Invalid return_url

Proposal

url in argocd-cm.yaml should accept a list of valid URLs which can be used for SSO.

zerodayyy commented 2 years ago

I've got a similar use case, where an ArgoCD instance can be referred to via multiple URLs, and the SSO provider fully supports it. However, due to the hard-coded single-URL logic implemented in #4780, it's only possible to have a single external URL. The fix would be as simple as adding urls config parameter which would accept the list of external URLs, and at some point deprecating the url parameter.

I think I'd be able to make a PR for this.

alfsch commented 1 year ago

any news on this?

KelvinVenancio commented 1 year ago

Any news? We have the same needs here, by using ArgoCD with Cognito for SSO.

crenshaw-dev commented 1 year ago

There's an open PR: https://github.com/argoproj/argo-cd/pull/14208/files

The PR backlog is currently long. The best way to help move PRs like this along is to review the code and to build/test in an internal environment, reporting any successes or issues on the PR thread.

tjamet commented 1 year ago

Thanks for your comment @crenshaw-dev

To ease testing, I have pushed an image with those changes, using the standard master build scripts, just adapted to work on my fork: https://github.com/tjamet/argo-cd/pkgs/container/argo-cd%2Fargocd/126159769?tag=2.9.0-1eb72892