search

argoproj / argo-cd

Declarative Continuous Deployment for Kubernetes
https://argo-cd.readthedocs.io
Apache License 2.0
17.82k stars 5.44k forks source link

Allow providing multiple external URLs in ArgoCD config #8354

Closed zerodayyy closed 1 month ago

zerodayyy commented 2 years ago

Summary

As per #5388, it's currently impossible to use multiple external URLs with ArgoCD.

Motivation

The use case here would be accessing ArgoCD via multiple external URLs, for example I have ArgoCD set up on every Kubernetes cluster, which can be referred via multiple hostnames like argocd.k8s-production.example.com and argocd.k8s-green.example.com. Some SSO providers (like Azure AD in my case) support this fully, allowing to specify multiple redirect URLs, and the only blocker is the hardcoded single-url logic in redirect URL verification on ArgoCD side.

Proposal

I would implement it by adding config.urls parameter besides the existing config.url, which would accept a list of public URLs, then at some point deprecating config.url. Another approach is disconnecting SSO logic from config.url and using a separate config key for "allowed URLs".

jannfis commented 2 years ago

Isn't this a duplicate of #5388, which you already mentioned in your summary?

Or is there any substantial difference between the two that I've missed?

adyanth commented 2 years ago

I guess this is a proposal for a PR using config.urls. I would love to see this implemented too.

mechastorm commented 2 years ago

I too would like to see this implemented. Our use case is when we are trying to deploy a second ArgoCD in a different cluster for blue-green style deployment and need to validate the new installation but still using the same OIDC login.

SoulKyu commented 1 year ago

I have this issue too. I have différent user which should access the application from différents URL. This is no't possible actually (using SSO too)

willh99 commented 1 year ago

Would like to bump this as an issue we are also facing. We have external and internal domains in our infrastructure but are forced to only provide the external domain for SSO redirect.

SoulKyu commented 1 year ago

Any news on this issue ?

KelvinVenancio commented 1 year ago

We have the same needs here, by using ArgoCD with Cognito for SSO.

thekoma commented 1 month ago

+1

agaudreault commented 1 month ago

Merged in https://github.com/argoproj/argo-cd/pull/18927

akloss-cibo commented 1 month ago

I think some of us are pretty eager to see this released...

luispabon commented 1 month ago

It' part of https://github.com/argoproj/argo-cd/releases/tag/v2.13.0-rc1 @akloss-cibo

akloss-cibo commented 1 month ago

I tried it out and it seems good, but https://github.com/argoproj/argo-cd/issues/19968 is not-so-good. Can't wait for RC2...