-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
None
-
5
-
False
-
None
-
False
-
-
-
GITOPS Sprint 239, GITOPS Sprint 243
Description of problem:
Login via Keycloak is broken when the provider is changed from dex to keycloak **
Workaround
Restart argocd-server pod
Prerequisites (if any, like setup, operators/versions):
GitOps operator installed on the cluster (Tested with version v1.8.0+)
Steps to Reproduce
1. Remove dex configuration from ArgoCD CR
$ oc -n openshift-gitops patch argocd openshift-gitops --type='json' -p='[\{""op"": ""remove"", ""path"": ""/spec/sso"" }]'
2. Add to the ArgoCD CR : ($ oc edit argocd -n openshift-gitops)
**
spec: extraConfig: oidc.tls.insecure.skip.verify: 'true' sso: provider: keycloak keycloak: rootCA: ""---BEGIN---END---""
3. Restart argocd server pod
$ oc rollout restart deployment.apps/openshift-gitops-server -n openshift-gitops
Wait for keycloak-1-deploy pod in openshift-gitops namespace to be Completed
Navigate to Networking -> Routes in openshift-gitops project and click on the link that takes you to the ArgoCD UI page
Up on clicking LOG IN VIA KEYCLOAK, the page refreshes and nothing changes
Actual results:
dex pod logs:
Failed to query provider "https://argocd-server-argocd.apps.ci-ln-55sjckk-72292.gcp-2.ci.openshift.org/api/dex": Get "https://argocd-dex-server.argocd.svc.cluster.local:5556/api/dex/.well-known/openid-configuration": dial tcp: lookup argocd-dex-server.argocd.svc.cluster.local on 172.30.0.10:53: no such host
Expected results:
Login should succeed without having to restart the server pod
Reproducibility (Always/Intermittent/Only Once):
Always
Acceptance criteria:
- Login Via Keycloak succeeds without having to restart the server pod
- Bug fix is tested thoroughly
Definition of Done:
- Acceptance criteria is met
Build Details:
Additional info (Such as Logs, Screenshots, etc):