argo-cd
argo-cd copied to clipboard
argoproj
proxy in repository config not working at all
Checklist:
- [x] I've searched in the docs and FAQ for my answer: https://bit.ly/argocd-faq.
- [x] I've included steps to reproduce the bug.
- [x] I've pasted the output of
argocd version.
Describe the bug
Adding a helm or git repository with the proxy parameter will not work at all. Argocd-repo-server will still try to connect to the URL directly without using the proxy.
To Reproduce
create secret like this.
---
apiVersion: v1
kind: Secret
metadata:
name: sealed-secrets-repo
namespace: argocd
labels:
argocd.argoproj.io/secret-type: repository
stringData:
name: bakito
url: https://bakito.github.io/helm-charts
type: helm
proxy: http://proxy.domain:3128
check the argocd ui and see that the repo is not connected (failed) check the argocd-repo-server pods logs and see
time="2021-11-02T10:32:32Z" level=error msg="finished unary call with code Unknown" error="Get \"https://bakito.github.io/helm-charts/index.yaml\": dial tcp 185.199.108.153:443: connect: connection timed out" grpc.code=Unknown grpc.method=TestRepository grpc.request.deadline="2021-11-02T10:24:49Z" grpc.service=repository.RepoServerService grpc.start_time="2021-11-02T10:23:49Z" grpc.time_ms=523175.62 span.kind=server system=grpc
Expected behavior
argocd connecting to the repo via proxy.domain:3128
Screenshots
If applicable, add screenshots to help explain your problem.
Version
argocd: v2.1.3+d855831
BuildDate: 2021-09-29T21:51:21Z
GitCommit: d855831540e51d8a90b1006d2eb9f49ab1b088af
GitTreeState: clean
GoVersion: go1.16.5
Compiler: gc
Platform: linux/amd64
Logs
time="2021-11-02T10:32:32Z" level=error msg="finished unary call with code Unknown" error="Get \"https://bakito.github.io/helm-charts/index.yaml\": dial tcp 185.199.108.153:443: connect: connection timed out" grpc.code=Unknown grpc.method=TestRepository grpc.request.deadline="2021-11-02T10:24:49Z" grpc.service=repository.RepoServerService grpc.start_time="2021-11-02T10:23:49Z" grpc.time_ms=523175.62 span.kind=server system=grpc
Hi @philipp1992, I'm not able to reproduce the issue. I tried connecting the repository https://bakito.github.io/helm-charts using a proxy and it worked fine. Can you please check if your proxy is handling the requests as expected?
We (@swisspost) also encountered this behavior with newest 2.4.7. Our AWS EKS clusters cannot reach the internet directly, only via proxy. Until now we did not configure proxy settings in Argo at all as we use our onpremise Bitbucket servers which are reachable via AWS direct connect. But now our first customer want to use their own GHE (github enterprise, cloud hosted) which requires setting the proxy. If we set it on repository level, it does not work and we see in Cilium's Hubble that repo-server want to reach Github directly. Only if we configure the env vars on repo-server it works. I tried repository credential templates and repositories directly.
Ah but maybe I have to say that we use GitHub App login method and not personal access token. Maybe the initial login/get access token process to GitHub requires a global proxy.
xref:
- https://github.com/argoproj/argo-cd/pull/5355
- https://github.com/argoproj/argo-cd/pull/6286
Maybe I am wrong but it seems that the constructor (NewGitHubAppCreds) here doesn't care about setting the proxy
https://github.com/argoproj/argo-cd/blob/81630e6d5075ac53ac60457b51343c2a09a666f4/util/git/creds.go#L290-L293
, while the one for generic http creds (NewHTTPSCreds) does.
https://github.com/argoproj/argo-cd/blob/81630e6d5075ac53ac60457b51343c2a09a666f4/util/git/creds.go#L122-L132
