argo-cd icon indicating copy to clipboard operation
argo-cd copied to clipboard

Published 20 hours ago verified publisher icon argoproj

ArgoCD : Redirect loop UI

Open mravily opened this issue 2 years ago • 12 comments

Discussed in https://github.com/argoproj/argo-cd/discussions/12175

Originally posted by mravily January 27, 2023

Checklist:

  • [x] I've searched in the docs and FAQ for my answer: https://bit.ly/argocd-faq.
  • [x] I've included steps to reproduce the bug.
  • [x] I've pasted the output of argocd version.

Describe the bug

  1. When installing ArgoCD at a root path (e.g., "/argocd") and accessing that root path, you get redirected to /argocd/applications, and then immediately redirected to /argocd/argocd/login?...

This appears to enter a redirect loop.

  1. When installing ArgoCD at a base href (e.g., "/argocd") and accessing that base href, the UI doesn't appear anymore and a error text was displayed Unable to load data: Not Found...

Environment: K3D Cluster

To Reproduce

├── cluster.yaml
├── config
│   ├── Kustomization.yaml
│   └── argocd-cmd-params-cm-patch.yaml
├── ingress.yaml
└── start.sh
  1. Install K3D Cluster with this minimal config

cluster.yaml

apiVersion: k3d.io/v1alpha4 # this will change in the future as we make everything more stable
kind: Simple # internally, we also have a Cluster config, which is not yet available externally
metadata:
  name: argo-cd # name that you want to give to your cluster (will still be prefixed with `k3d-`)
servers: 1 # same as `--servers 1`
agents: 2 # same as `--agents 2`
kubeAPI: # same as `--api-port myhost.my.domain:6445` (where the name would resolve to 127.0.0.1)
  hostIP: "127.0.0.1" # where the Kubernetes API will be listening on
  hostPort: "6445" # where the Kubernetes API listening port will be mapped to on your host system
image: rancher/k3s:v1.22.17-k3s1 # same as `--image rancher/k3s:v1.20.4-k3s1`
ports:
  - port: 8080:80 # same as `--port '8080:80@loadbalancer'`
    nodeFilters:
      - loadbalancer
  1. Install ArgoCD with Kustomize (separate in two file on a same folder config)

argocd-cmd-params-cm-patch.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: argocd-cmd-params-cm
data:
  server.insecure: "true"
  # server.basehref: "/argocd"
  server.rootpath: "/argocd"

Kustomization.yaml

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
  - https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

# ## changes to config maps
patchesStrategicMerge:
  - argocd-cmd-params-cm-patch.yml

namespace: argocd
  1. Setup an Ingress to redirect on GUI

ingress.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
    name: argocd-ingress
    namespace: argocd
    labels:
      app.kubernetes.io/component: server
      app.kubernetes.io/name: argocd-server
      app.kubernetes.io/part-of: argocd
    annotations:
      ingress.kubernetes.io/ssl-redirect: "false"
spec:
  rules:
    - host: localhost 
      http:
        paths:
          - path: /argocd
            pathType: Prefix
            backend:
              service:
                name: argocd-server
                port:
                  number: 80
  1. Launch start.sh

start.sh

k3d cluster create --config config/k3d-default.yaml

kubectl create namespace argocd

kubectl apply -k config/install

kubectl apply -f config/ingress.yaml

kubectl wait deploy/argocd-server -n argocd --for condition=available --timeout=600s
  1. Access on the localhost:8080/argocd, enter password and see the errors
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo

Expected behavior

Screenshots

Version

argocd: v2.5.5+fc3eaec.dirty
  BuildDate: 2022-12-16T18:45:12Z
  GitCommit: fc3eaec6f498ddbe49a5fa9d215a219191fba02f
  GitTreeState: dirty
  GoVersion: go1.19.4
  Compiler: gc
  Platform: darwin/amd64
FATA[0000] configmap "argocd-cm" not found

Logs

argocd login localhost:8080 --grpc-web-root-path /argo-cd

FATA[0019] rpc error: code = Unknown desc = POST https://localhost:8080/argo-cd/session.SessionService/Create failed with status code 404

mravily avatar Jan 28 '23 13:01 mravily

same question

shadowofmoo avatar Mar 16 '23 16:03 shadowofmoo

I have a similar problem: I get a redirect loop when configuring networking.k8s.io/v1/Ingress with a custom domain and tls from cert-manager

rafalkrupinski avatar Mar 16 '23 20:03 rafalkrupinski

  1. make sure server.insecure: "true" is configed in cm
  2. try this use ingress-nginx
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/backend-protocol: HTTP
    nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
  name: dev-argocd-ingress
  namespace: argocd
spec:
  ingressClassName: nginx
  rules:
    - host: argocd.example.io
      http:
        paths:
          - backend:
              service:
                name: argocd-server
                port:
                  number: 80
            path: /
            pathType: Prefix

  tls:
    - hosts:
      - argocd.example.io
      secretName: argocd-secret
  1. config hosts, visit https://argocd.example.io

shadowofmoo avatar Mar 17 '23 03:03 shadowofmoo

  1. make sure server.insecure: "true" is configed in cm

Already did that

2. try this use ingress-nginx

I've seen it in the docs, but I'm just starting with k8s and I've no idea how to do it. Should I replace the built-in Traefik LB or add nginx as a second one?

rafalkrupinski avatar Mar 18 '23 07:03 rafalkrupinski

  1. make sure server.insecure: "true" is configed in cm

Already did that

2. try this use ingress-nginx

I've seen it in the docs, but I'm just starting with k8s and I've no idea how to do it. Should I replace the built-in Traefik LB or add nginx as a second one?

you can show your ingress cm

shadowofmoo avatar Mar 18 '23 12:03 shadowofmoo 

2. try this use ingress-nginx

I've seen it in the docs, but I'm just starting with k8s and I've no idea how to do it. Should I replace the built-in Traefik LB or add nginx as a second one?

you can show your ingress cm

I don't have any ConfigMaps for Ingress. All I have for is

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: argocd
  namespace: argocd
spec:
  tls:
  - secretName: apps-tls
  rules:
  - host: argocd.apps.dev.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: argocd-server
            port:
              name: http

rafalkrupinski avatar Mar 22 '23 08:03 rafalkrupinski

Reference in new

This configuration seems fine, but I don't know about traefik. you can try delete argocd-server pod, in case of the argocd server doesn't use insecure config.

shadowofmoo avatar Mar 22 '23 09:03 shadowofmoo

Reference in new

This configuration seems fine, but I don't know about traefik. you can try delete argocd-server pod, in case of the argocd server doesn't use insecure config.

Thank you for looking at it. Interestingly, there is traefik svclb pod for Grafana, with pretty much identical ingress configuration, but not for argocd.

rafalkrupinski avatar Mar 22 '23 10:03 rafalkrupinski

I get this err with emissary-ingress.

vyom-soft avatar Dec 21 '23 13:12 vyom-soft

Same problem with nginx controller and metallb. Only works when using default / rootpath.

edu-diaz avatar Jan 04 '24 13:01 edu-diaz

Same here with nginx-ingress controller

abstract-entity avatar Mar 27 '24 14:03 abstract-entity

same problem even using port-forward. ArgoCD v.2.10.9

Just enabling basehref and rootpath causes redirect loop to login page

  configs:
    params:
      server.insecure: true
      server.basehref: '/argocd'
      server.rootpath: '/argocd'

otherwise works well (with port-forwarding)

With Ingress just having Internal Server Error page

ostapkostyk avatar May 15 '24 08:05 ostapkostyk