cmoulliard
commented
2 weeks ago There is a trick which is to export from the secret the tls.crt file and to set the following NODE_EXTRA_CA_CERTS env var
kubectl -o json -n argocd get secret/argocd-secret | jq -r '.data."tls.crt"' | base64 -d > tls.crt
export NODE_EXTRA_CA_CERTS=/path/to/argocd/tls.crtbut then we will got another error from backstage as the certificate do not include argocd.cnoe.localtest.me
request to https://argocd.cnoe.localtest.me:8443/api/v1/session failed,
reason: Hostname/IP does not match certificate's altnames
: Host: argocd.cnoe.localtest.me. is not in the cert's altnames
: DNS:localhost, DNS:argocd-server, DNS:argocd-server.argocd, DNS:argocd-server.argocd.svc, DNS:argocd-server.argocd.svc.cluster.localNote: There is again a trick which is to set this env var NODE_TLS_REJECT_UNAUTHORIZED=0 but ideally the certificate generated should include as alt name: argocd.cnoe.localtest.me !
Issue
backstage cannot access non self signed https server as
https://argocd.cnoe.localtest.me:8443and will raise this error when we scaffold a template using as action[argocd](argocd:create-resources)and will report this error:request to https://argocd.cnoe.localtest.me:8443/api/v1/session failed, reason: self-signed certificate