search

aws-quickstart / cdk-eks-blueprints

AWS Quick Start Team
Apache License 2.0
460 stars 207 forks source link

ArgoCDAddOn: Unable to configure bootstrapRepo #550

Open marcuskrantz opened 1 year ago

marcuskrantz commented 1 year ago

Describe the bug

ArgoCDAddOn cannot synchronize bootstrap repository with credentials from AWS Secrets Manager of type TOKEN

Expected Behavior

ArgoCDAddOn should be able to synchronzie the bootstrap repository.

Current Behavior

The repository is added to argo cd but with status error: rpc error: code = Unknown desc = authentication required

Reproduction Steps


// Secret example/eks/argocd-bootstrap-token in AWS Secrets Manager
// {
//     "username" : "argocd-token",
//     "password" : "secret",
//     "url":"https://gitlab.com/example"
//}

const appOfAppsRepository: ApplicationRepository = {
  repoUrl: "https://gitlab.com/example/argocd-bootstrap.git",
  targetRevision: "aws-sandbox-eu-west-1", // Branch in Git
  path: "k8s",
  credentialsSecretName: "example/eks/argocd-bootstrap-token", // Get this from aws secrets manager
  credentialsType: "TOKEN",
  name: "platform-apps"
};

const clusterAddons: Array<ClusterAddOn> = [
    new SecretsStoreAddOn,
    new ArgoCDAddOn({
        bootstrapRepo: appOfAppsRepository,
        adminPasswordSecretName: "test",
    }),
];

this.stack = EksBlueprint.builder()
    .name("example-cluster)
    .addOns(...clusterAddons)
    .build(app, this.name);

Possible Solution

No response

Additional Information/Context

The targetRevision is set to an existing branch in the bootstrap repository and according to source code this should work. However, a status message in Argo CD says: Unknown aws-sandbox-eu-west-1

CDK CLI Version

v2.53.0

EKS Blueprints Version

v1.5.1

Node.js Version

v14.19.3

Environment details (OS name and version, etc.)

Fedora 37

Other information

No response

shapirov103 commented 1 year ago

@marcuskrantz there was a similar issue against gitlab previously and we worked through the format of the credentials to make it work. Have you validated if you can bootstrap that repository manually through ArgoCD UI? E.g. defining credentials and repo through the web interface?

marcuskrantz commented 1 year ago

@shapirov103 Yes, we've tried adding the repo from ArgoCD with the same credentials as stored in AWS Secrets Manager and that works.

shapirov103 commented 1 year ago

@marcuskrantz I suspect it is a defect that may have been caused by the secret name containing "/" characters. The kubernetes secret name that is created through the CSI Secret Store uses that name and that character might be escaped in some way. While it is still a defect, do you mind trying (as a workaround) a secret name in AWS that does not have "/" and is a valid kubernetes object name, e.g. "argocd-bootstrap-token"?

marcuskrantz commented 1 year ago

@shapirov103 That solved the issue! Thanks for your input in this. However, we still think this should be seen as a workaround since example secrets in AWS secrets manager are stated like "prod/.../.../secret-x".

shapirov103 commented 1 year ago

It is a workaround, I will use this issue to fix the secret name mapping issue.

elamaran11 commented 1 year ago

@shapirov103 Is this still an open issue?