Unable to update ArgoCD account password

johchung

Lab 3.3 Argo CD Security and RBAC says to set the password with the following command. I've included the errors and my other attempts

$ argocd account update-password --account developer --new-password Developer123
FATA[0000] Argo CD server address unspecified

$ argocd account update-password --account developer --new-password Developer123 --server localhost:8080
FATA[0000] Failed to establish connection to localhost:8080: tls: failed to verify certificate: x509: certificate signed by unknown authority

Then I tried to trust the cert on my Mac via the following steps
1. export cert by going to my ArgoCD server URL via https://localhost:8080 on my browser
2. Added certificate to login keychain in Keychain Access utility.
3. Configure cert to "Always Trust"

Then when I try to update the password again, I get the following error

$ argocd account update-password --account developer --new-password Developer123 --server localhost:8080
FATA[0000] rpc error: code = Unauthenticated desc = no session information

I am using a work computer with a vpn that has caused me issues in the past with minikube, k3d, etc. Don't know if it is related.

johchung

Using the username and password from the previous section, I logged in before executing the update-password command.

argocd login localhost:8080 --name admin --password <secret:argocd-initial-admin-secret>

hossein.salahi

Hi @johchung
I tried to reproduce the issue on a kind cluster as shown below:

kind version
kind v0.22.0 go1.21.7 darwin/arm64

kubectl get no
NAME                 STATUS   ROLES           AGE     VERSION
kind-control-plane   Ready    control-plane   3d21h   v1.29.2
kind-worker          Ready    <none>          3d21h   v1.29.2
kind-worker2         Ready    <none>          3d21h   v1.29.2

kubectl create namespace argocd
kubectl apply --namespace argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

kubectl --namespace argocd get po
NAME                                                READY   STATUS    RESTARTS   AGE
argocd-application-controller-0                     1/1     Running   0          2m
argocd-applicationset-controller-6c8fbc69b5-2kfkn   1/1     Running   0          2m
argocd-dex-server-b6fc796d7-glsbp                   1/1     Running   0          2m
argocd-notifications-controller-6b66d47b45-gh9zr    1/1     Running   0          2m
argocd-redis-76748db5f4-vfdp7                       1/1     Running   0          2m
argocd-repo-server-6f87db89c7-g92df                 1/1     Running   0          2m
argocd-server-7cbbdb87d7-84vg6                      1/1     Running   0          2m

kubectl port-forward svc/argocd-server --namespace argocd 8080:443
Forwarding from 127.0.0.1:8080 -> 8080
Forwarding from [::1]:8080 -> 8080

Then I tried to log in using the admin credentials:

kubectl --namespace argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo
<PASSWORD>

argocd login localhost:8080
WARNING: server certificate had error: tls: failed to verify certificate: x509: certificate signed by unknown authority. Proceed insecurely (y/n)? y
Username: admin
Password:
'admin:login' logged in successfully
Context 'localhost:8080' updated

Then I added a new user to the ArgoCD config map as follows:

kubectl edit cm argocd-cm --namespace argocd
apiVersion: v1
data:
  accounts.developer: login
kind: ConfigMap
metadata:
  labels:
    app.kubernetes.io/name: argocd-cm
    app.kubernetes.io/part-of: argocd
  name: argocd-cm
  namespace: argocd

Finally, I updated the password for the new user:

argocd account update-password --account developer --new-password Developer123
*** Enter password of currently logged in user (admin):
Password updated

And I tried to log in using the new user:

argocd login localhost:8080
WARNING: server certificate had error: tls: failed to verify certificate: x509: certificate signed by unknown authority. Proceed insecurely (y/n)? y
Username: developer
Password:
'developer:login' logged in successfully
Context 'localhost:8080' updated

Here is the version of the ArgoCD and the CLI I used:

argocd version
argocd: v2.10.7+b060053.dirty
  BuildDate: 2024-04-15T12:31:39Z
  GitCommit: b060053b099b4c81c1e635839a309c9c8c1863e9
  GitTreeState: dirty
  GoVersion: go1.22.2
  Compiler: gc
  Platform: darwin/arm64
argocd-server: v2.10.6+d504d2b
  BuildDate: 2024-04-05T00:27:47Z
  GitCommit: d504d2b1d92f0cf831a124a5fd1a96ee29fa7679
  GitTreeState: clean
  GoVersion: go1.21.3
  Compiler: gc
  Platform: linux/arm64
  Kustomize Version: v5.2.1 2023-10-19T20:13:51Z
  Helm Version: v3.14.3+gf03cc04
  Kubectl Version: v0.26.11
  Jsonnet Version: v0.20.0

Can you please confirm that you have done the same steps?
Thanks

johchung

Yup, after I logged in everything worked. Unfortunately, that step was not included in the lesson.

cvoigt

Hey @johchung,
thank you for pointing this out. We will make sure to update the course material accordingly.

mstepien

Hi @johchung,

Thank you for flagging this. The course content has been updated to include this missing step.

Best regards,
Magda
The Linux Foundation Training Team