argo-cd: Exec in apps outside of ArgoCD namespace not working
Together with the 2.5.0 update I deployed all ArgoCD apps apart from ArgoCD itself to their respective namespaces. When I want to exec into an ArgoCD pod everything works as usual. However when I try to exec into a pod in a different namespace I receive the error Terminal Connection Error: Internal error.
My policy.csv
p, admin, exec, create, */*, allow
g, group-name, admin
Checking the RBAC permissions for the argocd-server serviceaccount everything also looks good.
kubectl auth can-i create pods --subresource='exec' --as=system:serviceaccount:argocd:argocd-server
yes
The logs unfortunately don’t print anything useful.
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Reactions: 7
- Comments: 15
Links to this issue
Commits related to this issue
- fix: web terminal outside argocd namespace (#11166) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> — committed to crenshaw-dev/argo-cd by crenshaw-dev 2 years ago
- fix: web terminal outside argocd namespace (#11166) (#11400) * fix: web terminal outside argocd namespace (#11166) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> ... — committed to argoproj/argo-cd by crenshaw-dev 2 years ago
- fix: web terminal outside argocd namespace (#11166) (#11400) * fix: web terminal outside argocd namespace (#11166) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> ... — committed to argoproj/argo-cd by crenshaw-dev 2 years ago
- fix: web terminal outside argocd namespace (#11166) (#11400) * fix: web terminal outside argocd namespace (#11166) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> ... — committed to argoproj/argo-cd by crenshaw-dev 2 years ago
- fix: web terminal outside argocd namespace (#11166) (#11400) * fix: web terminal outside argocd namespace (#11166) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * r... — committed to emirot/argo-cd by crenshaw-dev 2 years ago
- fix: web terminal outside argocd namespace (#11166) (#11400) * fix: web terminal outside argocd namespace (#11166) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * r... — committed to schakrad/argo-cd by crenshaw-dev 2 years ago
- feat: Container statuses on summary tab of pod and detailed info in tooltip for pod on resource tree (#11513) * docs: Improve Keycloak documentation for command line sign-in (#8758) Documenting w... — committed to argoproj/argo-cd by schakrad a year ago
- feat: Container statuses on summary tab of pod and detailed info in tooltip for pod on resource tree (#11513) * docs: Improve Keycloak documentation for command line sign-in (#8758) Documenting w... — committed to yyzxw/argo-cd by schakrad a year ago
@quentinlacrouts thanks for the nudge! I’ll get it merged today.
Are there any updates? 😃 I would really dislike having to revert all apps to the ArgoCD namespace due to this bug.
it was my misconfiguration, sorry. we occasionally moved to HA cluster and there are need to patch ClusterRole instead of Role
Same here, web terminal stopped work for us after the upgrade to 2.5