ERR_TOO_MANY_REDIRECTS #2953
Comments
|
Same problem, any workaround ? |
|
Same problem! |
|
After searching for a while I found a solution that works in my case. The problem is that by default Argo-CD handles TLS termination itself and always redirects HTTP requests to HTTPS. Combine that with an ingress controller that also handles TLS termination and always communicates with the backend service with HTTP and you get Argo-CD's server always responding with a redirects to HTTPS. So one of the solutions would be to disable HTTPS on Argo-CD, which you can do by using the This is actually documented here: It would be nice if there was a page with command line flags for the server somewhere in the docs. |
|
Using NGINX ingress, send --insecure arg for container of argocd-server Deployment. It works for me. spec:
containers:
- command:
- argocd-server
- --staticassets
- /shared/app
- --insecureHelp: https://argoproj.github.io/argo-cd/operator-manual/ingress/ |
|
Somehow I ran into the same issue with a 308 redirect. I added the --insecure arg but no change so far. Any ideas? |
|
Nginx and other reverse proxies send the header X-Forwarded-Proto to indicate that TLS is being handled by the proxy. This could be checked in addition to checking the secure setting in the useSecure function. I have yet to venture into writing Go, so I am not sure of how that is done exactly. Maybe I will give it a shot. |
|
For my case, i have AWS ELB where the SSL is offloaded, then ingress controller receives on port 80, then forward to argocd-server service on insecure port (80). I fixed the issue of too-many-redirects by implementing the above solution: spec:
containers:
- command:
- argocd-server
- --staticassets
- /shared/app
- --insecure # <-- this thing needs to be added |
|
I was struggling with this issue for ours, and finally found this thread. @georgepaoli suggesiton worked. Adding |
|
Spent half a day with ingress settings only to figure out this small piece of information missing. Thanks @leandro-manifesto |
|
Is it safer to use in production also? --insecure? |
|
Its not ideal, but it works. |
|
I'm using 'Option 2: Multiple Ingress Objects And Hosts' as per the argocd ingress documentation for nginx ingress. I was still getting a 308 response back from nginx-ingress-controller even after setting the argocd-server insecure flag. nginx logged: W0608 15:05:42.385812 6 controller.go:1206] Unexpected error validating SSL certificate "argocd/argocd-secret" for server "argocd-ui.x.x.com": x509: certificate is valid for localhost, argocd-server, argocd-server.argocd, argocd-server.argocd.svc, argocd-server.argocd.svc.cluster.local, not argocd-ui.x.x.com ...where argocd-ui.x.x.com (redacted) is the dns name i chose for the aws nlb in front of nginx. And following this I could access the UI using argocd-ui.x.x.com with no apparent issues. Not sure if I was meant to set argocd-ui.x.x.com as the tls host nor not, but the argocd docs suggest this is what you are meant to do i.e. they use argocd.example.com as their example which isn't in compatible with their default tls.crt either. |
|
cluster rancher
|
|
i also have this problem |
|
This works for me: |
also works with me |
|
I encountered the same error and found that when installing ArgoCD, one can either add the # [snip]
---
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: argocd-cmd-params-cm
app.kubernetes.io/part-of: argocd
name: argocd-cmd-params-cm
data:
server.insecure: "true"
---
# [snip]Unfortunately you can't apply this after running the installer since it will have no effect on the already deployed service, and applying it before the install will have the install overwrite it. -- edit: While the install yaml file will overwrite this definition, you can put this in a separate file and apply it after the install yaml and then force a restart of the argocd-server deployment, like so:
|
|
I use passthrough mode in my Ingress, but I forget the annotation |
|
Following configuration works without further modifications apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: argocd-server-http-ingress
namespace: argocd
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
rules:
- http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: argocd-server
port:
name: https
host: argocd.example.com
tls:
- hosts:
- argocd.example.com
secretName: argocd-secret |
|
|
This fixed my redirection issue on openshift: redhat-developer/gitops-operator#277 (comment) |
|
Fixed via this |
Did you have a possibility to implement it? |
|
Thank you @kszpakowski
Beautiful, this worked for me too, the main lines: nginx.ingress.kubernetes.io/backend-protocol: HTTPS |
its working thanks |
These three annotations did the magic for me ! Thanks |
|
On a newer version of Bitnami ArgoCD (Helm chart version: argo-cd-4.4.0, application version: 2.5.5) I just run this: k patch $(k get deployment -l app.kubernetes.io/component=server -oname) --type=json \
-p='[{
"op" : "add" ,
"path" : "/spec/template/spec/containers/0/args/-" ,
"value" : "--insecure"
}]'
k get deployment -l app.kubernetes.io/component=server -ojsonpath='{.items[0].spec.template.spec.containers[0].args}' | jq |
|
I used this in aanotations and it worked for me kubernetes.io/ingress.class: "nginx" |
|
After many hours of debugging.... |
|
Using Helm, I managed to set the server:
ingress:
enabled: "true"
ingressClassName: "nginx"
configs:
params:
server.insecure: "true"$ helm install argocd -n argocd argo/argo-cd -f values.yaml |
|
ERROR: err_too_many_redirects using Nginx ingress For argocd 2.7.4 version, set server.insecure: "true" in the argocd-cmd-params-cm ConfigMap. apiVersion: v1 Also edit the env optional value of ARGOCD_SERVER_INSECURE to false in argocd-server deployment.
|
|
The solution for me
|
|
Thanks to all #2953 (comment) , We also resolved this problem. |
|
I have followed the quickstart of ArgoCD documentation https://argo-cd.readthedocs.io/en/stable/#quick-start The only difference is that I deployed in Now, I'm having issues to access this application through my Nginx ingress. It's throwing On the ArgoCD server, I've setted the This is my Ingress: apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: argocd-ingress
namespace: argo-cd
annotations:
cert-manager.io/issuer: prod-issuer
cert-manager.io/issuer-kind: OriginIssuer
cert-manager.io/issuer-group: cert-manager.k8s.cloudflare.com
nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
spec:
tls:
- hosts:
- '*.my_site.dev'
secretName: argocd-secret
ingressClassName: nginx
rules:
- host: argocd.my_site.dev
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: argocd-server
port:
name: httpI've tried to set apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: argocd-ingress
namespace: argo-cd
annotations:
cert-manager.io/issuer: prod-issuer
cert-manager.io/issuer-kind: OriginIssuer
cert-manager.io/issuer-group: cert-manager.k8s.cloudflare.com
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
tls:
- hosts:
- '*.my_site.dev'
secretName: argocd-secret
ingressClassName: nginx
rules:
- host: argocd.my_site.dev
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: argocd-server
port:
name: httpsI've tried even to use another secret to store my TLS given that I'm using cloudflare certificates. PS: Of course I've deleted the argo-cd-server between the changes on the ConfigMap. Nothing is working. Do you guys have any idea how to solve this? |
|
I have a similar case as @abdennour , of a load balancer that terminates TLS and behind it a kubernetes ingress nginx controller that is used for routing. The thing I'm trying to do is use paths e.g. |
|
Documentation suggests disabling the TLS on the Argo server side using deployment flags - https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#traefik-v22. Personally I don't think this is a good idea to use the server without the encryption, as you could get sensitive data by running tcpdump, or am I missing something? |
Helm Deployment [Nginx Ingress]I struggled with this issue for 3 days, the only thing worked for me was the following:
ingress:
# -- Enable an ingress resource for the Argo CD server
enabled: true
# -- Additional ingress annotations
annotations:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
# -- Additional ingress labels
labels: {}
# -- Defines which ingress controller will implement the resource
ingressClassName: "nginx"
# -- List of ingress hosts
## Argo Ingress.
## Hostnames must be provided if Ingress is enabled.
## Secrets must be manually created in the namespace
hosts:
- argocd.example.com
# -- List of ingress paths
paths:
- /
# -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific`
pathType: Prefix
# -- Additional ingress paths
extraPaths: []
# - path: /*
# pathType: Prefix
# backend:
# service:
# name: ssl-redirect
# port:
# name: use-annotation
# -- Ingress TLS configuration
tls:
- secretName: <Secret>
hosts:
- argocd.example.com
# -- Uses 'server.service.servicePortHttps' instead 'server.service.servicePortHttp'
https: false |
|
I succeeded on a kind cluster where ingress nginx controller is deployed using this and |
|
I believe the original issue was solved by @kszpakowski's post #issuecomment-93219085. It's also documented. Therefore I'm closing this issue. Please open another issue or ping us on Slack if you are still experiencing issues. |
|
On v2.9.3, this worked for me with an nginx controller k patch $(k get deployment -l app.kubernetes.io/component=server -oname) --type=json \
-p='[{
"op" : "add" ,
"path" : "/spec/template/spec/containers/0/args/-" ,
"value" : "--insecure"
}]'---
# NOTE: I did not had to use any special annotatations
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: argocd
namespace: argocd
spec:
ingressClassName: nginx
rules:
- host: argocd.example.com
http:
paths:
- backend:
service:
name: argocd-server
port:
name: http
path: /
pathType: Prefix |
|
Thanks to this thread, I was able to resolve it well. it's also necessary in Istio. |
|
fixed this issue adding |
|
just adding in values yaml of argocd helm chart fixed it for me then I ran I'm using istio-ingressgateway and GCP load balancer in case someone else stuck with this bug |
I hope this helps! |
|
Stumbling into 307 with a gateway-api tlsroute. Is there some possible way to solve this? okay this is interesting. Its working fine now^^. |
and others
The following configuration was performed according to the official documentation(https://argoproj.github.io/argo-cd/getting_started/):
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: argocd-server-ingress
annotations:
kubernetes.io/ingress.class: crs-nginx
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
spec:
rules:
http:
paths:
serviceName: argocd-server
servicePort: 443
now,encounter a redirect loop or are getting a 307 response code.So I added nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" according to the official documentation to the configuration above.
The web page can be opened normally,But I got the following error during argocd login command
FATA[0008] rpc error: code = Internal desc = transport: received the unexpected content-type "text/plain; charset=utf-8"I don't know how to configure it to open the page normally and the argocd login command can log in normally.
The text was updated successfully, but these errors were encountered: