argo-cd: v2.4.0-rc5 plz. update documentation about repo-creds (ssh rsa keys can no longer be used to access git repo)
Checklist:
- I’ve searched in the docs and FAQ for my answer: https://bit.ly/argocd-faq.
- I’ve included steps to reproduce the bug.
- I’ve pasted the output of
argocd version.
Describe the bug
argocd-2.4.0-rc5 no longer able to use ssh rsa keys to access git repos Perhaps also note this in the 2.3 to 2.4 upgrade guide and the braking changes blog
within the update of the base image to ubuntu 22.04 LTS rsa keys can no longer be used to pull repos
create a ssh rsa repo-cred to access git repos
- ssh-keygen -t rsa -C argo-git-ssh
- give argocd read only access to the git repo via the generated ssh key
- create argocd repo-creds with git ssh url and id_rsa [1]
- update from argocd-v2.4.0-rc4 to rc5 -> repo no longer accessible
[1]
apiVersion: v1
type: Opaque
data:
sshPrivateKey: ....
url: ....
kind: Secret
metadata:
annotations:
managed-by: argocd.argoproj.io
labels:
argocd.argoproj.io/secret-type: repo-creds
name: argocd-ssh-git-creds
namespace: argocd
Version
argocd: v2.4.0-rc5+b84dd8b
BuildDate: 2022-06-06T19:39:46Z
GitCommit: b84dd8bbfab22426aaba4a509e0a5072724e4ff2
GitTreeState: clean
GoVersion: go1.18.2
Compiler: gc
Platform: linux/amd64
argocd-server: v2.4.0-rc5+b84dd8b
BuildDate: 2022-06-06T19:15:07Z
GitCommit: b84dd8bbfab22426aaba4a509e0a5072724e4ff2
GitTreeState: clean
GoVersion: go1.18.3
Compiler: gc
Platform: linux/amd64
Kustomize Version: v4.4.1 2021-11-11T23:36:27Z
Helm Version: v3.8.1+g5cb9af4
Kubectl Version: v0.23.1
Jsonnet Version: v0.18.0
Logs
Paste any relevant application logs here.
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Comments: 22 (2 by maintainers)
Commits related to this issue
- docs: document OpenSSH upgrade (#9598) Signed-off-by: Michael Crenshaw <michael@crenshaw.dev> — committed to crenshaw-dev/argo-cd by crenshaw-dev 2 years ago
- docs: document OpenSSH upgrade (#9598) (#9615) docs: document OpenSSH upgrade (#9598) (#9615) Signed-off-by: Michael Crenshaw <michael@crenshaw.dev> — committed to argoproj/argo-cd by crenshaw-dev 2 years ago
- docs: document OpenSSH upgrade (#9598) (#9615) docs: document OpenSSH upgrade (#9598) (#9615) Signed-off-by: Michael Crenshaw <michael@crenshaw.dev> — committed to argoproj/argo-cd by crenshaw-dev 2 years ago
OK. After Lots of testing and playing around with Azure DevOps git repositories I finally figured out exactly what needs to be done to make this work. I am adding here a bunch of my info you may move it to the Docsa if you wish but this may help others if they find this issue and do not understand how to fix it. This is not the only way to accomplish it but it was the easiest way to accomplish it.
Basically even though Azure DevOps has added support for ssh-rsa-2 they do not really talk it. Azure DevOPS will only ever offer rsa-ssh for git communications. If you use ssh access for Azure DevOps you have to add these items below to your configurations.
Articles of Interest I found:
First I created a configmap that contains the information that is needed in the ssh_config that will be mounted, it also contains the default information that should already be in that file. Then in my kustomization file I added a couple of patches to add this mount to not only the repo-server but also the applicationset controller (needs it for the git generator).
repo-server-ssh-cm.yaml:
kustomization.yaml:
Yes you can. That is why I put it here. Here is my updated version based on adding the config to the argocd user rather than the root one.
repo-server-ssh-cm.yaml:
kustomization.yaml:
@34fathombelow Did not even think about that. But I did just test it and it does work also. I can update the above examples with that if you wish me to.
new key was created as ecdsa
and then used again in a secret like [1] in https://github.com/argoproj/argo-cd/issues/9598#issue-1263497264