Uploaded image for project: 'OpenShift GitOps'
  1. OpenShift GitOps
  2. GITOPS-6682

Not able to add AKS cluster using argocd-k8s-auth

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Obsolete
    • Icon: Normal Normal
    • None
    • None
    • ArgoCD
    • False
    • Hide

      None

      Show
      None
    • False
    • GitOps Crimson Sprint 14

      Description of Problem

      Not able to add AKS cluster using argocd-k8s-auth{}

      Reproducibility

      Always

      Steps to Reproduce

      Create a cluster secret as following:

       

      apiVersion: v1
kind: Secret
metadata:
  name: new1
  labels:
    argocd.argoproj.io/secret-type: cluster
type: Opaque
stringData:
  name: "new1"
  server: "https://test.example.com"
  config: |
    {
      "execProviderConfig": {
        "command": "argocd-k8s-auth",
        "env": {
          "AAD_ENVIRONMENT_NAME": "AzurePublicCloud",
          "AZURE_TENANT_ID": "d51dd12a707aexxxxxx",
          "AAD_SERVICE_PRINCIPAL_CLIENT_CERTIFICATE": "/home/argocd/decrypted.pfx",
          "AAD_SERVICE_PRINCIPAL_CLIENT_ID": "9c56e-6fbxxxxxxx",
          "AAD_LOGIN_METHOD": "spn"
        },
        "args": ["azure"],
        "apiVersion": "client.authentication.k8s.io/v1beta1"
      },
      "tlsClientConfig": {
        "insecure": true     
        }
    }

      The cluster is getting added but it is in unknown state.

      On trying to create applications, it shows the below mentioned error:

      Unable to create application: error while validating and normalizing app: error validating the repo: error getting k8s server version: Get "https://test.example.com/version?timeout=32s": getting credentials: exec: executable argocd-k8s-auth failed with exit code 20

      ArgoCD server shows below mentioned errors:

      time="2025-03-27T16:47:40Z" level=fatal msg="failed to get token: failed to decode pkcs12 certificate while creating spt: pkcs12: decryption password incorrect"
time="2025-03-27T16:47:40Z" level=error msg="finished unary call with code Unknown" error="error while validating and normalizing app: error validating the repo: error getting k8s server version: Get \"https://test.example.com/version?timeout=32s\": getting credentials: exec: executable argocd-k8s-auth failed with exit code 20" grpc.code=Unknown grpc.method=Create grpc.service=application.ApplicationService grpc.start_time="2025-03-27T16:47:40Z" grpc.time_ms=339.116 span.kind=server system=grpc

      Workaround (If Possible)

      If we create secret with the below mentioned options, it works, but this way we have to download the kubelogin manually:

      apiVersion: v1
kind: Secret
metadata:
  name: new2
  labels:
    argocd.argoproj.io/secret-type: cluster
type: Opaque
stringData:
  name: "new1"
  server: "https://test.example.com"
  config: |
    {
      "execProviderConfig": {
        "command": "/home/argocd/kubelogin",
        "args": [
          "get-token",
          "--login=spn",
          "--tenant-id=d51ddc6b-xxxxxx-xxxxx-xxxx",
          "--server-id=6dae42f8-xxxxxx-xxxxx-xxxxx",
          "--client-id=9c56ecbc-xxxx-xxxx-xxxx-xxxx",
          "--client-certificate=/home/argocd/result.pfx",
          "--client-certificate-password=test@"
        ],
        "apiVersion": "client.authentication.k8s.io/v1beta1"
      },
      "tlsClientConfig": {
        "insecure": true     
        }
    }

              Unassigned Unassigned
              rhn-support-disharma Diksha Sharma
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: