Closed cmoulliard closed 1 week ago
There is a trick which is to export from the secret the tls.crt
file and to set the following NODE_EXTRA_CA_CERTS env var
kubectl -o json -n argocd get secret/argocd-secret | jq -r '.data."tls.crt"' | base64 -d > tls.crt
export NODE_EXTRA_CA_CERTS=/path/to/argocd/tls.crt
but then we will got another error from backstage as the certificate do not include argocd.cnoe.localtest.me
request to https://argocd.cnoe.localtest.me:8443/api/v1/session failed,
reason: Hostname/IP does not match certificate's altnames
: Host: argocd.cnoe.localtest.me. is not in the cert's altnames
: DNS:localhost, DNS:argocd-server, DNS:argocd-server.argocd, DNS:argocd-server.argocd.svc, DNS:argocd-server.argocd.svc.cluster.local
Note: There is again a trick which is to set this env var NODE_TLS_REJECT_UNAUTHORIZED=0
but ideally the certificate generated should include as alt name: argocd.cnoe.localtest.me !
As this problem is fixed using a self certificate and CoreDNS rewrite rule (#317 and #316), I will then close it as I did a test manually
Issue
backstage cannot access non self signed https server as
https://argocd.cnoe.localtest.me:8443
and will raise this error when we scaffold a template using as action[argocd](argocd:create-resources)
and will report this error:request to https://argocd.cnoe.localtest.me:8443/api/v1/session failed, reason: self-signed certificate