Unable to create an app from private repository

[andreyvelich]

Describe the bug
I am not available to create an app from connected GitHub repository.

To Reproduce
I tried to create an app in ArgoCD from our private GitHub repository. I followed this approach #827 and successfully connected our private repository to ArgoCD.
After that, I tried this command:

argocd app create <app name> \
--repo <repo name>  \
--path <app path> \ 
--revision <branch name> \
--dest-server https://kubernetes.default.svc 
--dest-namespace <app-ns>

I got this error:

FATA[0000] rpc error: code = InvalidArgument desc = application spec is invalid: InvalidSpecError: Unable to determine app source type: rpc error: code = Unknown desc = ssh: handshake failed: knownhosts: key is unknown

Expected behavior
App should be created, when my repository successfully connected to ArgoCD, isn't it?

[andreyvelich]

Ok, I got the problem. I have to update known_hosts in each argoCD deployment, not only in argocd-server.
Thanks to this commentary: #1322 (comment)

[kuburoman]

Hi i have same problem how do you update them?

[alexmt]

Working on documenting the steps to support private repository with self-signed certificates.

[andreyvelich]

@kuburoma You need to setup known_hosts like here: #827 in each ArgoCD deployment (argocd-server, argocd-repo-server, argocd-application-controller). If you are using GitHub Enterprise private repository.

[kuburoman]

@andreyvelich Thanks for you answer. Your solution didn't work for me so i updated know host and it worked. Documentation would really help in this case.

---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app.kubernetes.io/component: server
    app.kubernetes.io/name: argocd-server
    app.kubernetes.io/part-of: argocd
  name: argocd-server
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: argocd-server
  template:
    metadata:
      annotations:
        prometheus.io/scrape: "true"
        prometheus.io/path: "/metrics"
        prometheus.io/port: "8083"
      labels:
        app.kubernetes.io/name: argocd-server
    spec:
      containers:
      - command:
        - argocd-server
        - --insecure
        - --staticassets
        - /shared/app
        image: argoproj/argocd:v0.12.1
        imagePullPolicy: Always
        name: argocd-server
        ports:
        - containerPort: 8080
        - containerPort: 8083
        readinessProbe:
          httpGet:
            path: /healthz
            port: 8080
          initialDelaySeconds: 3
          periodSeconds: 30
        volumeMounts:
        - mountPath: /shared
          name: static-files
        - name: known-hosts
          mountPath: /etc/ssh/ssh_known_hosts
          subPath: known_hosts
      initContainers:
      - command:
        - cp
        - -r
        - /app
        - /shared
        image: argoproj/argocd-ui:v0.12.1
        imagePullPolicy: Always
        name: ui
        volumeMounts:
        - mountPath: /shared
          name: static-files
      serviceAccountName: argocd-server
      volumes:
      - emptyDir: {}
        name: static-files
      - name: known-hosts
        configMap:
          name: argo-known-hosts
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: argo-known-hosts
data:
  known_hosts: |-
    gitlab.mine.infra,172.168.10.0 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlyaHAyNTYAAAAIbmlzdHAyNTYAAABBBGRMHcvQ4qX8lkn4g/mEpXDUTL2LzKlvV5sEYAEu1Ztpu6volX19zpkquXxpa59XCmoeuuBR97t3Q/qK6Wvymec=

[kent-williams]

Has any new documentation made it up covering this yet? Still not sure exactly how to get a private repo to work from these scattered comments..

[andreyvelich]

@alexec @alexmt Will someone do it? If not, I can write some information in the docs. Let me know, if you need it.

[alexmt]

Sorry for the delay. This one is next on the list. Will test, prepare docs today evening, latest tomorrow morning

[andreyvelich]

@alexmt Ok, thank you!

[denniswebb]

@alexmt Needing this too. Any help is appreciated.

[alexmt]

Configured gitlab with self-signed cert and tested various scenarios. Tried to document my findings in this PR: #1515 :

• The --insecure-ignore-host-key flag does not work for HTTPS Git URLs: Introduce --insecure-skip-tls-verify option for self-signed HTTP git URLs #1513
• The known-hosts file must be modified in every argocd pod. Also host must be trusted on a machine where argocd repo add is executed. Issue to simplify it: Simplify whitelisting self signed cert of git server #1514

Please let me know if it helps.

[alexmt]

Related #1322

[20Naresh]

test