Setting proxy in argocd server fails to start #2954
Comments
|
Hi
So i then went ahead and added the 172.17.0.1 address.
I will continue to test and see if i can figure out a working config. |
|
@Kyrklund Could you check if env:
- name: http_proxy
value: http://proxy:8080/
- name: https_proxy
value: http://proxy:8080/
- name: NO_PROXY
value: argocd-repo-server,argocd-application-controller,argocd-metrics,argocd-server,argocd-server-metrics,argocd-redis,argocd-dex-server,10.0.0.0/8 |
|
@toVersus That could absolutely be something missing in the config. At the moment we settled for just letting our developers use our in-house private repositories. Thank you so much for the tip |
|
Additional information for people that stumble upon this issue thread. I use GitHub OIDC via Dex. I had to also add the proxy envars to the Additionally, I have an HA ArgoCD deployment, so I needed to add Below is what I have added for the envars: env:
- name: HTTP_PROXY
value: http://proxy.example.com:3128/
- name: HTTPS_PROXY
value: http://proxy.example.com:3128/
- name: NO_PROXY
value: argocd-repo-server,argocd-application-controller,argocd-metrics,argocd-server,argocd-server-metrics,argocd-redis,argocd-redis-ha-haproxy,argocd-dex-server,localhost,10.0.0.0/8
If you're using kustomize to deploy ArgoCD, use the following JSON6902 patches: [
{
"op": "add",
"path": "/spec/template/spec/containers/0/env/-",
"value": {
"name": "HTTP_PROXY",
"value": "http://proxy.example.com:3128/"
}
},
{
"op": "add",
"path": "/spec/template/spec/containers/0/env/-",
"value": {
"name": "HTTPS_PROXY",
"value": "http://proxy.example.com:3128/"
}
},
{
"op": "add",
"path": "/spec/template/spec/containers/0/env/-",
"value": {
"name": "NO_PROXY",
"value": "argocd-repo-server,argocd-application-controller,argocd-metrics,argocd-server,argocd-server-metrics,argocd-redis,argocd-redis-ha-haproxy,argocd-dex-server,localhost,10.0.0.0/8"
}
}
]For [
{
"op": "add",
"path": "/spec/template/spec/containers/0/env",
"value": [
{
"name": "HTTP_PROXY",
"value": "http://proxy.example.com:3128/"
},
{
"name": "HTTPS_PROXY",
"value": "http://proxy.example.com:3128/"
},
{
"name": "NO_PROXY",
"value": "argocd-repo-server,argocd-application-controller,argocd-metrics,argocd-server,argocd-server-metrics,argocd-redis,argocd-redis-ha-haproxy,argocd-dex-server,localhost,10.0.0.0/8"
}
]
}
] |
|
@matthewhembree I am brand new to argoCD. I created values.yaml file as your comment above and then installed argoCD All servers started, however, I could not connect github on web UI. |
|
Never mind. I now can set proxy settings for argoCD by using values.yaml below |
|
maybe that's better? extraObjects:
- apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/instance: argocd
app.kubernetes.io/name: my-proxy
app.kubernetes.io/part-of: argocd
name: my-proxy
namespace: argocd
data:
HTTP_PROXY: http://my-proxy:3128
HTTPS_PROXY: http://my-proxy:3128
NO_PROXY: argocd-repo-server,argocd-application-controller,argocd-metrics,argocd-server,argocd-server-metrics,argocd-redis,argocd-dex-server,my-network,10.0.0.0/8
server:
env:
envFrom:
- configMapRef:
name: my-proxy
repoServer:
env:
envFrom:
- configMapRef:
name: my-proxy
dex:
env:
envFrom:
- configMapRef:
name: my-proxy |
|
In my case I wanted to use Tailscale as a sidecar via ExtraContainers to enable private access to remote clusters in different clouds. It took a bit of finagling to get right, but here is my configuration: server:
env:
- name: ALL_PROXY
value: "socks5://localhost:1055"
- name: HTTP_PROXY
value: "http://localhost:1055"
- name: HTTPS_PROXY
value: "http://localhost:1055"
- name: NO_PROXY
value: |
argo-cd-argocd-repo-server,
argo-cd-argocd-application-controller,
argo-cd-argocd-applicationset-controller,
argo-cd-argocd-metrics,argo-cd-argocd-server,
argo-cd-argocd-server-metrics,
argo-cd-argocd-redis,
argo-cd-argocd-dex-server,
localhost,
127.0.0.1,
kubernetes.default.svc,
.svc.cluster.local,
172.29.0.0/16,
extraContainers:
- name: tailscale
image: tailscale/tailscale
command: ["/bin/sh", "-c"]
args:
- |
tailscaled --tun=userspace-networking --socks5-server=0.0.0.0:1055 --outbound-http-proxy-listen=0.0.0.0:1055 &
sleep 5
until tailscale up --authkey $TS_AUTHKEY --accept-routes; do
echo "Tailscale up failed, retrying in 5 seconds"
sleep 5
done
echo "Tailscale up succeeded"
tail -f /dev/null
env:
- name: ALL_PROXY
value: "socks5://localhost:1055"
- name: TS_AUTHKEY
valueFrom:
secretKeyRef:
name: tailscale-authkey
key: TS_AUTHKEY Where Note that argo does not seem to support ALL_PROXY, only HTTP_PROXY and HTTPS_PROXY env variables seemed to be respected. In particular, as noted elsewhere, it is important to make the local network and services excluded from proxy configuration. Also verify that the services referenced in NO_PROXY match up with services listed at |
|
So stumbled on this issue trying to add corporate proxy to a deployKF managed argocd deployment with a special plugin that is heavily customized and has no option to install with helm. I discovered that I can add these variables quite simply using kubectl post-deployment in a way that can be easily understood and reproduced in an ansible playbook. Might also be useful for debugging: Rather than reverse engineering their code and rebuilding a customized custom repo from scratch or installing it separately and integrating their special plugin manually (huge headache), this approach seems to be just as good as helm values for my purposes. You can exec into the pods and confirm the variables have been applied successfully. Hope this is helpful to someone. |
While this is true and when executed manually |
Checklist:
argocd version.Describe the bug
I run Argo CD behind a proxy server.
I set proxy to environment variable of argocd-repo-server and installed ArgoCD. It worked fine, but argocd-server could not communicate with github.
After configuring proxy in the same way for argocd-server and installing ArgoCD, argocd-server failed to start.
To Reproduce
Set proxy in argocd-repo-server and start.
Once, uninstall argocd.
Set proxy in argocd-server and install again.
Expected behavior
I expected that github.com repository could be used by setting proxy in argocd-server
Looking at the log, it seems that argocd-server could not get the configmap required for startup.
I think no_proxy needs additional settings, but I didn't know what to set.
Version
$ argocd version argocd: v1.3.6+89be1c9 BuildDate: 2019-12-10T22:46:45Z GitCommit: 89be1c9ce6db0f727c81277c1cfdfb1e385bf248 GitTreeState: clean GoVersion: go1.12.6 Compiler: gc Platform: linux/amd64 argocd-server: v1.3.6+89be1c9 BuildDate: 2019-12-10T22:47:48Z GitCommit: 89be1c9ce6db0f727c81277c1cfdfb1e385bf248 GitTreeState: clean GoVersion: go1.12.6 Compiler: gc Platform: linux/amd64 Ksonnet Version: v0.13.1 Kustomize Version: Version: {Version:kustomize/v3.2.1 GitCommit:d89b448c745937f0cf1936162f26a5aac688f840 BuildDate:2019-09-27T00:10:52Z GoOs:linux GoArch:amd64} Helm Version: v2.15.2 Kubectl Version: v1.14.0Logs
Log at normal startup with proxy setting only for argocd-repo-server.
Failure log.
The text was updated successfully, but these errors were encountered: