diff --git a/docs/user-guide/private-repositories.md b/docs/user-guide/private-repositories.md index 30bde2395e713..1bac079937798 100644 --- a/docs/user-guide/private-repositories.md +++ b/docs/user-guide/private-repositories.md @@ -4,7 +4,7 @@ If application manifests are located in private repository then repository credentials have to be configured. Argo CD supports both HTTP and SSH Git credentials. -### HTTP Username And Password Credential +### HTTPS Username And Password Credential Private repositories that require a username and password typically have a URL that start with "https://" rather than "git@" or "ssh://". @@ -41,30 +41,34 @@ The Argo CD UI don't support configuring SSH credentials. The SSH credentials ca argocd repo add git@github.com:argoproj/argocd-example-apps.git --ssh-private-key-path ~/.ssh/id_rsa ``` -## Self-Signed Certificates +## Self-signed & Untrusted TLS Certificates -If you are using self-hosted Git hosting service with the self-signed certificate then you need to disable certificate validation for that Git host. -Following options are available: +We do not currently have first-class support for this. See [#1513](https://github.com/argoproj/argo-cd/issues/1513). -Add repository using Argo CD CLI and `--insecure-ignore-host-key` flag: +As a work-around, you can customize your Argo CD image. See [#1344](https://github.com/argoproj/argo-cd/issues/1344#issuecomment-479811810) +## Unknown SSH Hosts -```bash -argocd repo add git@github.com:argoproj/argocd-example-apps.git --ssh-private-key-path ~/.ssh/id_rsa -``` +If you are using a privately hosted Git service over SSH, then you have the following options: - The flag disables certificate validation only for specified repository. - -!!! warning - The `--insecure-ignore-host-key` flag does not work for HTTPS Git URLs. See [#1513](https://github.com/argoproj/argo-cd/issues/1513). - -You can add Git service hostname to the `/etc/ssh/ssh_known_hosts` in each Argo CD deployment and disables cert validation for Git SSL URLs. For more information see -[example](https://github.com/argoproj/argo-cd/tree/master/examples/known-hosts) which demonstrates how `/etc/ssh/ssh_known_hosts` can be customized. +(1) You can customize the Argo CD Docker image by adding the host's SSH public key to `/etc/ssh/ssh_known_hosts`. Additional entries to this file can be generated using the `ssh-keyscan` utility (e.g. `ssh-keyscan your-private-git-server.com`. For more information see [example](https://github.com/argoproj/argo-cd/tree/master/examples/known-hosts) which demonstrates how `/etc/ssh/ssh_known_hosts` can be customized. !!! note The `/etc/ssh/ssh_known_hosts` should include Git host on each Argo CD deployment as well as on a computer where `argocd repo add` is executed. After resolving issue [#1514](https://github.com/argoproj/argo-cd/issues/1514) only `argocd-repo-server` deployment has to be customized. +(1) Add repository using Argo CD CLI and `--insecure-ignore-host-key` flag: + +```bash +argocd repo add git@github.com:argoproj/argocd-example-apps.git --ssh-private-key-path ~/.ssh/id_rsa --insecure-ignore-host-key +``` + +!!! warning "Don't use in production" + The `--insecure-ignore-host-key` should not be used in production as this is subject to man-in-the-middle attacks. + +!!! warning "This does not work for Kustomize remote bases or custom plugins" + For Kustomize support, see [#827](https://github.com/argoproj/argo-cd/issues/827). + ## Declarative Configuration See [declarative setup](../operator-manual/declarative-setup#Repositories)