Welcome to the Linux Foundation Forum!

Unable to update ArgoCD account password

johchung
johchung Posts: 4
edited April 18 in LFS256 Class Forum

Lab 3.3 Argo CD Security and RBAC says to set the password with the following command. I've included the errors and my other attempts

$ argocd account update-password --account developer --new-password Developer123
FATA[0000] Argo CD server address unspecified

$ argocd account update-password --account developer --new-password Developer123 --server localhost:8080
FATA[0000] Failed to establish connection to localhost:8080: tls: failed to verify certificate: x509: certificate signed by unknown authority

Then I tried to trust the cert on my Mac via the following steps
1. export cert by going to my ArgoCD server URL via https://localhost:8080 on my browser
2. Added certificate to login keychain in Keychain Access utility.
3. Configure cert to "Always Trust"

Then when I try to update the password again, I get the following error

$ argocd account update-password --account developer --new-password Developer123 --server localhost:8080
FATA[0000] rpc error: code = Unauthenticated desc = no session information

I am using a work computer with a vpn that has caused me issues in the past with minikube, k3d, etc. Don't know if it is related.

Answers

  • johchung
    johchung Posts: 4

    Using the username and password from the previous section, I logged in before executing the update-password command.

    argocd login localhost:8080 --name admin --password <secret:argocd-initial-admin-secret>
    
  • Hi @johchung
    I tried to reproduce the issue on a kind cluster as shown below:

    kind version
    kind v0.22.0 go1.21.7 darwin/arm64
    
    kubectl get no
    NAME                 STATUS   ROLES           AGE     VERSION
    kind-control-plane   Ready    control-plane   3d21h   v1.29.2
    kind-worker          Ready    <none>          3d21h   v1.29.2
    kind-worker2         Ready    <none>          3d21h   v1.29.2
    
    kubectl create namespace argocd
    kubectl apply --namespace argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
    
    kubectl --namespace argocd get po
    NAME                                                READY   STATUS    RESTARTS   AGE
    argocd-application-controller-0                     1/1     Running   0          2m
    argocd-applicationset-controller-6c8fbc69b5-2kfkn   1/1     Running   0          2m
    argocd-dex-server-b6fc796d7-glsbp                   1/1     Running   0          2m
    argocd-notifications-controller-6b66d47b45-gh9zr    1/1     Running   0          2m
    argocd-redis-76748db5f4-vfdp7                       1/1     Running   0          2m
    argocd-repo-server-6f87db89c7-g92df                 1/1     Running   0          2m
    argocd-server-7cbbdb87d7-84vg6                      1/1     Running   0          2m
    
    kubectl port-forward svc/argocd-server --namespace argocd 8080:443
    Forwarding from 127.0.0.1:8080 -> 8080
    Forwarding from [::1]:8080 -> 8080
    
    

    Then I tried to log in using the admin credentials:

    kubectl --namespace argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo
    <PASSWORD>
    
    argocd login localhost:8080
    WARNING: server certificate had error: tls: failed to verify certificate: x509: certificate signed by unknown authority. Proceed insecurely (y/n)? y
    Username: admin
    Password:
    'admin:login' logged in successfully
    Context 'localhost:8080' updated
    

    Then I added a new user to the ArgoCD config map as follows:

    kubectl edit cm argocd-cm --namespace argocd
    apiVersion: v1
    data:
      accounts.developer: login
    kind: ConfigMap
    metadata:
      labels:
        app.kubernetes.io/name: argocd-cm
        app.kubernetes.io/part-of: argocd
      name: argocd-cm
      namespace: argocd
    

    Finally, I updated the password for the new user:

    argocd account update-password --account developer --new-password Developer123
    *** Enter password of currently logged in user (admin):
    Password updated
    

    And I tried to log in using the new user:

    argocd login localhost:8080
    WARNING: server certificate had error: tls: failed to verify certificate: x509: certificate signed by unknown authority. Proceed insecurely (y/n)? y
    Username: developer
    Password:
    'developer:login' logged in successfully
    Context 'localhost:8080' updated
    

    Here is the version of the ArgoCD and the CLI I used:

    argocd version
    argocd: v2.10.7+b060053.dirty
      BuildDate: 2024-04-15T12:31:39Z
      GitCommit: b060053b099b4c81c1e635839a309c9c8c1863e9
      GitTreeState: dirty
      GoVersion: go1.22.2
      Compiler: gc
      Platform: darwin/arm64
    argocd-server: v2.10.6+d504d2b
      BuildDate: 2024-04-05T00:27:47Z
      GitCommit: d504d2b1d92f0cf831a124a5fd1a96ee29fa7679
      GitTreeState: clean
      GoVersion: go1.21.3
      Compiler: gc
      Platform: linux/arm64
      Kustomize Version: v5.2.1 2023-10-19T20:13:51Z
      Helm Version: v3.14.3+gf03cc04
      Kubectl Version: v0.26.11
      Jsonnet Version: v0.20.0
    

    Can you please confirm that you have done the same steps?
    Thanks

  • johchung
    johchung Posts: 4

    Yup, after I logged in everything worked. Unfortunately, that step was not included in the lesson.

  • cvoigt
    cvoigt Posts: 4

    Hey @johchung,
    thank you for pointing this out. We will make sure to update the course material accordingly.

  • mstepien
    mstepien Posts: 470

    Hi @johchung,

    Thank you for flagging this. The course content has been updated to include this missing step.

    Best regards,
    Magda
    The Linux Foundation Training Team

Categories

Upcoming Training