Argo-cd: Can't use ArgoCD CLI with custom certs?

Created on 28 Oct 2019  路  3Comments  路  Source: argoproj/argo-cd

The current HTTPS ingress documentation indicates to use custom certs, you'll need to define the cert in the nginx ingress rule created, but set the backend to --insecure and point the ingress to it via HTTP. However, when using ArgoCD CLI, this prevents it from being able to log in successfully.

FATA[0000] rpc error: code = Internal desc = transport: received the unexpected content-type "text/plain; charset=utf-8"

If I want to use ArgoCD CLI, it'd appear I have to use the self-signed certificate and have the ingress configured for SSL passthrough. Is this intended? How do I configure it so that I can use both custom certificate and a working login to ArgoCD CLI?

bug verify
Source
picture eroji

Most helpful comment

The cli uses grpc which requires HTTP2 support. Unfortunately a lot of LBs don't support HTTP2 yet. CLI has --grpc-web flag as workaround https://argoproj.github.io/argo-cd/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode

picture alexmt on 28 Oct 2019
👍3

All 3 comments

The cli uses grpc which requires HTTP2 support. Unfortunately a lot of LBs don't support HTTP2 yet. CLI has --grpc-web flag as workaround https://argoproj.github.io/argo-cd/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode

alexmt picture alexmt on 28 Oct 2019
👍3

Thank you, that helped me too. Getting the nginx flag --enable-ssl-passthrough mentioned in #1415 and the docs didn't do it in my case. The --grpc-web flag did.

joe-sonrichard picture joe-sonrichard on 3 Apr 2020

So to be clear, using passthrough should work?
I have to deployed argo-cd server with the following config

  extraArgs:
    - --insecure

and

    annotations:
      kubernetes.io/ingress.class: nginx
      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
      nginx.ingress.kubernetes.io/ssl-passthrough: "true"

Login in the UI works fine but with cli does not work. However --grpc-web does not work with the Windows cli - yeah sorry in my company we still have mainly windows clients :disappointed: :

 .\argocd.exe login argocd.svc.dev.sc.intra --username admin --password xxxxxx --loglevel debug --insecure --grpc-web
FATA[0000] Failed to establish connection to argocd.svc.dev.intra:443: listen unix C:\Users\papanito\AppData\Local\Temp\2/argocd-ZqnbmsesmIlHgCGf.sock: socket: An address incompatible with the requested protocol was used.
  1. Should cli work without --grpc-web when using passthrough
  2. What can I do to make it work for my windows environment as --grpc-web
papanito picture papanito on 8 Jun 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

alexec picture alexec  路  3Comments
jutley picture jutley  路  3Comments
estahn picture estahn  路  3Comments
hulu1522 picture hulu1522  路  3Comments
KarstenSiemer picture KarstenSiemer  路  3Comments