kubernetes - 访问 ArgoCD 服务器

Question

我正在关注Installation Instructions来自https://argoproj.github.io/argo-cd/getting_started/#3-access-the-argo-cd-api-server的内容 ，即使服务类型已更改为LoadBalancer我也无法登录.

我掌握的信息是：

$ oc describe svc argocd-server
Name:                     argocd-server
Namespace:                argocd
Labels:                   app.kubernetes.io/component=server
                          app.kubernetes.io/name=argocd-server
                          app.kubernetes.io/part-of=argocd
Annotations:              <none>
Selector:                 app.kubernetes.io/name=argocd-server
Type:                     LoadBalancer
IP:                       172.30.70.178
LoadBalancer Ingress:     a553569222264478ab2xx1f60d88848a-642416295.eu-west-1.elb.amazonaws.com
Port:                     http  80/TCP
TargetPort:               8080/TCP
NodePort:                 http  30942/TCP
Endpoints:                10.128.3.91:8080
Port:                     https  443/TCP
TargetPort:               8080/TCP
NodePort:                 https  30734/TCP
Endpoints:                10.128.3.91:8080
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>

如果我做：

$ oc login https://a553569222264478ab2xx1f60d88848a-642416295.eu-west-1.elb.amazonaws.com
The server is using a certificate that does not match its hostname: x509: certificate is valid for localhost, argocd-server, argocd-server.argocd, argocd-server.argocd.svc, argocd-server.argocd.svc.cluster.local, not a553569222264478ab2xx1f60d88848a-642416295.eu-west-1.elb.amazonaws.com
You can bypass the certificate check, but any data you send to the server could be intercepted by others.
Use insecure connections? (y/n): y

error: Seems you passed an HTML page (console?) instead of server URL.
Verify provided address and try again.

Answer 1

我设法通过以下方式成功登录 argocd-server

kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "LoadBalancer"}}'

argoPass=$(kubectl -n argocd get secret argocd-initial-admin-secret \
    -o jsonpath="{.data.password}" | base64 -d)

argocd login --insecure --grpc-web k3s_master:32761 --username admin \
    --password $argoPass

Answer 2

我能够使用以下命令登录 argocd-server

argocd 登录 --insecure --grpc-web test-server.companydomain.com --grpc-web-root-path /argocd

用户名：管理员

密码：

'admin:login' 登录成功

我正在使用 traefik 作为入口控制器。我的服务器可以通过浏览器访问https://test-server.companydomain.com/argocd

Answer 3

如果您希望通过入口公开 ArgoCD 服务器，您可以通过修补 argocd-server 部署来禁用 TLS：

无 tls.yaml

---

spec:
  template:
    spec:
      containers:
      - name: argocd-server
        command: 
          - argocd-server
          - --insecure

kubectl patch deployment -n argocd argocd-server --patch-file no-tls.yaml 

Answer 4

默认情况下，argocd 服务器在启用自签名 tls 的情况下运行。您正在尝试使用启用了 tls 的不同 url 访问 argocd 服务器。API 服务器应该在禁用 TLS 的情况下运行。编辑 argocd-server 部署以将 --insecure 标志添加到 argocd-server 命令。

      containers:
      - command:
        - argocd-server
        - --staticassets
        - /shared/app
        - --insecure