-
Feature Request
-
Resolution: Done
-
Major
-
None
-
None
-
None
-
None
-
Product / Portfolio Work
-
None
-
False
-
-
None
-
None
-
None
-
-
None
-
-
None
-
None
-
None
Description of problem:
When trying to connect to the git repository which is a GitHub Enterprise Server installation reachable from OpenShift through a proxy that requires authentication.
The repository connection from the secret is created successfully and it shows as connection status successful in the ArgoCD UI. The application also gets created but is stuck in an unknown state in the UI.
Version-Release number of selected component (if applicable):
OCP version: 4.8.26
Red Hat OpenShift GitOps version:1.5.1
Steps to Reproduce:
1. Create two resources Secret and Application in openshift-gitops namespace
Refer "Additional info" for the code details.
2. The repository connection from the secret is created successfully and it shows as connection status successful in the ArgoCD UI
3. The application also gets created but is stuck in an unknown state in the UI.
Following are the repo server logs :
time="2022-05-24T08:49:27Z" level=error msg="finished unary call with code Internal" error="rpc error: code = Internal desc = Failed to fetch default: `git fetch origin --tags --force` failed exit status 128: fatal: unable to access 'https://github.abn.itergo.com/Toolchain/testapp1-gitops/': Received HTTP code 407 from proxy after CONNECT" grpc.code=Internal grpc.method=GenerateManifest grpc.request.deadline="2022-05-24T08:50:26Z" grpc.service=repository.RepoServerService grpc.start_time="2022-05-24T08:49:26Z" grpc.time_ms=267.679 span.kind=server system=grpc
On further evaluation, it came to notice that the ArgoCD doesn't tell its git client to use proxy authentication. For a git client, it is not enough to simply configure a proxy URL containing a username and password, the client needs to be actually told to do proxy authentication by setting the config entry http.proxyAuthMethod or the environment variable GIT_HTTP_PROXY_AUTHMETHOD to the value "basic".
By setting the environment variable in the repo-server deployment, ArgoCD could successfully sync the repository.
So is there any way to configure the operator to accept an environment variable GIT_HTTP_PROXY_AUTHMETHOD=basic in the repo-server deployment?
Or would it be possible to fix the git client in ArgoCD when a proxy URL with a username and password is configured for a repository?
Additional info:
apiVersion: v1 kind: Secret metadata: name: repo-testapp1 labels: argocd.argoproj.io/secret-type: repository type: Opaque stringData: type: git url: https://github.abn.itergo.com/Toolchain/testapp1-gitops proxy: http://<proxy user>:<proxy password>@proxy.services.eden:81 password: <some token> project: default name: testapp1
apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: testapp1 namespace: openshift-gitops finalizers: - resources-finalizer.argocd.argoproj.io spec: project: default source: repoURL: https://github.abn.itergo.com/Toolchain/testapp1-gitops targetRevision: HEAD path: overlays/dvit destination: server: https://kubernetes.default.svc namespace: l1-testapp1 syncPolicy: syncOptions: - CreateNamespace=true
