Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

caData is not used when specifying the tlsClientConfig #192

Open
r-nasiri opened this issue Sep 18, 2024 · 1 comment
Open

caData is not used when specifying the tlsClientConfig #192

r-nasiri opened this issue Sep 18, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@r-nasiri
Copy link
Contributor

What happened?

I am trying to create a new Cluster that uses AWS AuthConfig. In addition to ClusterName and roleARN for authentication, we also need to configure tlsClientConfig. If I set the insecure=true everything works but If I set insecure=false and add the caData, it complains about certificate. I've confirmed that caData being passed is correct. I checked the code and it seems that caData is not passed from input parameters to ArgoCD cluster object.

How can we reproduce it?

Create a new cluster as below:

apiVersion: cluster.argocd.crossplane.io/v1alpha1
kind: Cluster
metadata:
  name: example-cluster
spec:
  forProvider:
    config:
      awsAuthConfig:
           clusterNmae: sample-cluster
           roleARN: arn:aws:iam::xxxxxxxx:role/argocd-cluster-access"
      tlsClientConfig:
        insecure: false
        caData: <base64 encoded ca cert from cluster>
    name: example-cluster
    server: https://kubernetes.default.svc
  providerConfigRef:
    name: argocd-provider

What environment did it happen in?

Crossplane version: 1.16
Crossplane Provider argocd version: 0.9.0
@r-nasiri r-nasiri added the bug Something isn't working label Sep 18, 2024
@jpachcuda
Copy link

Here to confirm I also ran into this issue. I tested creating an identical cluster secret manually and was able to successfully connect to the external cluster from argo.

Also, I deployed a secret and used the caDataSecretRef instead and was able to create the cluster resource. This is a usable workaround until the cluster resource caData field is fixed.

Cluster resource

apiVersion: cluster.argocd.crossplane.io/v1alpha1
kind: Cluster
metadata:
  name: sample-cluster
spec:
  forProvider:
    config:
      awsAuthConfig:
        clusterName: sample-cluster
        roleARN: arn:aws:iam:: xxxxxxxx:role/argocd-cluster-access
      tlsClientConfig:
        caDataSecretRef:
          key: caData
          name: sample-cluster-cadata
          namespace: crossplane-system
        insecure: false
    labels:
    name: sample-cluster
    server: https://xxxxxxxxxxxxxxxxxxxxxxxxx.sk1.us-east-2.eks.amazonaws.com
  providerConfigRef:
    name: provider-argocd

Secret

apiVersion: v1
kind: Secret
metadata:
  name:  sample-cluster-cadata
  namespace: crossplane-system
data:
  caData: <base64 encoded secret data>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@r-nasiri @jpachcuda