Comments (5)
Is there any insight as to when this will be remediated?
I'm affected by this and unable to revert to older version due to other issues.
from argo-cd.
Related to #18464
from argo-cd.
I ran into this problem with the WebUI when installing from core-install.yaml
and logging in using argo login --core
. I'm only piling on because it doesn't seem to be limited to just the WebUI. See #18464 as already mentioned and some other commands as well:
❯ argocd app diff myapp
ERRO[0000] finished unary call with code Unknown error="error getting cached app managed resources: NOAUTH Authentication required." grpc.code=Unknown grpc.method=ManagedResources grpc.service=application.ApplicationService grpc.start_time="2024-07-04T08:54:24-07:00" grpc.time_ms=97.836 span.kind=server system=grpc
FATA[0000] rpc error: code = Unknown desc = error getting cached app managed resources: NOAUTH Authentication required.
from argo-cd.
This looks to be #3130.
I updated from 2.10.0 to 2.10.13 to fix another issue and ran into this.
IMO, this shouldn't have been applied on a patch release to 2.10. It substantially changes the underlying configuration, adds tooling, etc. I would strongly advocate for a rollback on 2.10 at least. The underlying security issue existed for years and it didn't need to be rushed into a patch release on a stable branch.
As to a fix for 2.11 and forward - the cli doesn't seem to have a way to set a redis password at runtime and should likely read it from a default location under normal circumstances.
There is a workaround documented here if you both need latest release and core. I suspect this can also be done with the built-in redis via Kustomize if you're managing argo with argo but I have not had time to try yet.
from argo-cd.
The following Kustomize patch appears to do the trick. Tested with 2.11.4 but should also work with 2.10.x.
Unfortunately the changes to the redis container are brittle. If the args list changes, the patch needs to be updated. I attempted to use deleteFromPrimitiveList
but it appears to be buggy when the key to delete doesn't currently exist and will re-add it, which results in constant sync churn of adding/removing the redis password flag. It is very possible there's a cleaner way to do this.
overlays/redis-nopassword.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: argocd-application-controller
spec:
template:
spec:
containers:
- name: argocd-application-controller
env:
- name: REDIS_PASSWORD
$patch: delete
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: argocd-repo-server
spec:
template:
spec:
containers:
- name: argocd-repo-server
env:
- name: REDIS_PASSWORD
$patch: delete
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: argocd-redis
spec:
template:
spec:
containers:
- name: redis
env:
- name: REDIS_PASSWORD
$patch: delete
args:
- '--save'
- ''
- '--appendonly'
- 'no'
initContainers:
- name: secret-init
$patch: delete
Include as an explicit SMP:
patchesStrategicMerge:
- overlays/redis-nopassword.yaml
from argo-cd.
Related Issues (20)
- Argo CD Release v2.12
- hydrator: make README template configurable via argocd-cm
- hydrator: throw error on conflicting write repo/branch/path
- hydrator: add UI/CLI to create/update repo write credentials
- hydrator: handle `sourceHydrator` fields from webhook
- hydrator: add unit tests for new git client functions
- hydrator: add metrics server to commit-server
- Helm chart values not rendered as expected
- UI - bad color contrast in filter components HOT 1
- hydrator: report hydration commands from kustomize
- hydrator: remove temp dir path from `helm template` commands
- Not able to add helm enable OCI Private repo through Argocd GUI as well as through command line HOT 2
- Follow logs not working on UI for applications or pods (multiple ArgoCD versions) HOT 1
- Navigation error with location.href ends with `/` HOT 2
- UI - Dark theme background on Application Details panel page HOT 3
- seems no diff restfulapi?
- Argo UI for Rollout has no Promote button and action HOT 2
- Can use list values inside generator HOT 6
- UI Application Details Tree not showing the complete name of applications/resources HOT 4
- grpc: error while marshaling: proto: required field \"resourceName\" not set HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from argo-cd.