Image is missing argocd-k8s-auth
Summary
The upstream image contains /usr/local/bin/argocd-k8s-auth
but the IronBank version does not. This breaks auth to AWS EKS.
Steps to reproduce
docker run --entrypoint= -it --rm registry1.dso.mil/ironbank/big-bang/argocd:v2.9.3 /bin/bash
argocd-k8s-auth
#command not found
Also, you can follow guides similar to: https://medium.com/@gustavo.zanotto/mastering-multi-cluster-kubernetes-management-on-aws-how-argocd-and-a-management-cluster-can-help-d4756eee346f
Which creates a cluster in ArgoCD like:
apiVersion: v1
kind: Secret
metadata:
name: cluster-foo
labels:
argocd.argoproj.io/secret-type: cluster
type: Opaque
stringData:
name: foo
server: https://xxxxxxxxxxxxxx.gr7.us-gov-east-1.eks.amazonaws.com
config: |
{
"awsAuthConfig": {
"clusterName": "foo",
"roleARN": "arn:aws-us-gov:iam::123456789012:role/foo-argocd-deployer"
},
"tlsClientConfig": {
"insecure": false,
"caData": "<base64 cert data>"
}
}
What is the current bug behavior?
ArgoCD cannot connect to the remote cluster, producing:
error synchronizing cache state : Get "https://xxxxxxxxxxxxxxxxxxx.gr7.us-gov-east-1.eks.amazonaws.com/version?timeout=32s": getting credentials: exec: executable argocd-k8s-auth not found It looks like you are trying to use a client-go credential plugin that is not installed. To learn more about this feature, consult the documentation available at: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins
What is the expected correct behavior?
ArgoCD is able to fetch credentials for the remote cluster using the IAM role available to the pod.
Relevant logs and/or screenshots
See above.
Possible fixes
The Dockerfile does not preserve the symlink.
Tasks
-
Bug has been identified and corrected within the container
Please read the Iron Bank Documentation for more info