argo-helm icon indicating copy to clipboard operation
argo-helm copied to clipboard

Published 20 hours ago verified publisher icon argoproj

Unable to use proxy for outgoing connections

Open jascsch opened this issue 2 years ago • 1 comments

Describe the bug

Error: looks like "https://helm.traefik.io/traefik" is not a valid chart repository or cannot be reached: Get "https://helm.traefik.io/traefik/index.yaml": dial tcp: lookup helm.traefik.io on 192.168.64.10:53: no such host

Related helm chart

argo-cd

Helm chart version

4.9.12

To Reproduce

  # -- Environment variables to pass to Argo CD server
  env:
  - name: http_proxy
    value: http://security-proxy.emea.svc.corpintra.net:3128/
  - name: https_proxy
    value: http://security-proxy.emea.svc.corpintra.net:3128/
  - name: no_proxy
    value: argocd-repo-server,argocd-application-controller,argocd-metrics,argocd-server,argocd-server-metrics,argocd-redis,192.168.0.0/8

Expected behavior

The corporate proxy should be able to resolve the DNS name helm.traefik.io correctly but it does not seem to work.

Screenshots

No response

Additional context

No response

jascsch avatar Jul 12 '22 08:07 jascsch

Hello, any news to this issue? this is currently a blocker for our use case. Is there any way to pass the dns resolution to the corporate proxy server?

jascsch avatar Jul 19 '22 09:07 jascsch

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

github-actions[bot] avatar Sep 18 '22 03:09 github-actions[bot]

Hi @jascsch, I would take a look on following thread https://github.com/argoproj/argo-cd/issues/2954. Argo CD server is just UI component, but cloning of the chart is actually done by repo-server. You can also try to use configuration for repository with proxy, however I believe this was implemented only for Git repo (not credential template) and doesn't work for Helm repositories.

Another thought about corporate proxies - IMHO I believe Argo CD should not access public internet directly in enterprise setup and should be pulling all your charts and images from solutions like Nexus, Artifactory or Harbor that acts as a local cache and some of them offers security scanning for downloaded images.

pdrastil avatar Sep 18 '22 20:09 pdrastil

Hi @pdrastil Thanks for your feedback. I found a solution in the meantime which is exactly what you said. The DNS resolution for external Helm Charts works if you set the http and https proxy env for both argocd-server and repo-server. Therefore I will close this ticket.

jascsch avatar Sep 19 '22 06:09 jascsch