Argoworkflows extraArgs authmode failes to start argo server

[lacion]

Pre-requisites

• [X] I have double-checked my configuration
• [X] I can confirm the issues exists when I tested with :latest
• [ ] I'd like to contribute the fix myself (see contributing guide)

What happened/what you expected to happen?

im currently deploying argo workflows with helm chart.

im using dex for auth

setting this.

  extraArgs:
    - --auth-mode=sso
    - --auth-mode=client

causes the argo workflows server to restart with the follow logs

time="2022-11-01T21:49:07.635Z" level=info msg="not enabling pprof debug endpoints"
time="2022-11-01T21:49:07.636Z" level=info authModes="[sso]" baseHRef=/ managedNamespace= namespace=argo-workflows secure=false ssoNamespace=argo-workflows
time="2022-11-01T21:49:07.636Z" level=warning msg="You are running in insecure mode. Learn how to enable transport layer security: https://argoproj.github.io/argo-workflows/tls/"
Usage:
  argo server [flags]

Examples:

See https://argoproj.github.io/argo-workflows/argo-server/

Flags:
      --access-control-allow-origin string   Set Access-Control-Allow-Origin header in HTTP responses.
      --allowed-link-protocol stringArray    Allowed link protocol in configMap. Used if the allowed configMap links protocol are different from http,https. Defaults to the environment variable ALLOWED_LINK_PROTOCOL (default [http,https])
      --api-rate-limit uint                  Set limit per IP for api ratelimiter (default 1000)
      --auth-mode stringArray                API server authentication mode. Any 1 or more length permutation of: client,server,sso (default [client])
      --basehref string                      Value for base href in index.html. Used if the server is running behind reverse proxy under subpath different from /. Defaults to the environment variable BASE_HREF. (default "/")
  -b, --browser                              enable automatic launching of the browser [local mode]
      --configmap string                     Name of K8s configmap to retrieve workflow controller configuration (default "workflow-controller-configmap")
      --event-async-dispatch                 dispatch event async
      --event-operation-queue-size int       how many events operations that can be queued at once (default 16)
      --event-worker-count int               how many event workers to run (default 4)
  -h, --help                                 help for server
      --hsts                                 Whether or not we should add a HTTP Secure Transport Security header. This only has effect if secure is enabled. (default true)
      --log-format string                    The formatter to use for logs. One of: text|json (default "text")
      --managed-namespace string             namespace that watches, default to the installation namespace
      --namespaced                           run as namespaced mode
  -p, --port int                             Port to listen on (default 2746)
      --x-frame-options string               Set X-Frame-Options header in HTTP responses. (default "DENY")

This started happening when we upgraded to the latest version. Though we are not certain why is happening.

Arguments being passed to the container server --configmap=argo-workflows-workflow-controller-configmap --auth-mode=sso --secure=false

Version

latest

Paste a small workflow that reproduces the issue. We must be able to run the workflow; don't enter a workflows that uses private images.

no workflows running

Logs from the workflow controller

workflow controller not involved

Logs from in your workflow's wait container

workflow controller not involved

[terrytangyuan]

Please report the issue to the helm chart repo.

[lacion]

@terrytangyuan actually trying to figure this out. I have been playing with this, and this seems to happen every time DEX is not running and auth-mode=sso is passed.

i am not sure why the logs show the cli help when this happens