Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adds documentation around repo connections #1709

Merged
merged 4 commits into from
Jun 7, 2019
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 19 additions & 15 deletions docs/user-guide/private-repositories.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

If application manifests are located in private repository then repository credentials have to be configured. Argo CD supports both HTTP and SSH Git credentials.

### HTTP Username And Password Credential
### HTTPS Username And Password Credential

Private repositories that require a username and password typically have a URL that start with "https://" rather than "git@" or "ssh://".

Expand Down Expand Up @@ -41,30 +41,34 @@ The Argo CD UI don't support configuring SSH credentials. The SSH credentials ca
argocd repo add git@github.com:argoproj/argocd-example-apps.git --ssh-private-key-path ~/.ssh/id_rsa
```

## Self-Signed Certificates
## Self-signed & Untrusted TLS Certificates

If you are using self-hosted Git hosting service with the self-signed certificate then you need to disable certificate validation for that Git host.
Following options are available:
We do not currently have first-class support for this. See [#1513](https://github.com/argoproj/argo-cd/issues/1513).

Add repository using Argo CD CLI and `--insecure-ignore-host-key` flag:
As a work-around, you can customize your Argo CD image. See [#1344](https://github.com/argoproj/argo-cd/issues/1344#issuecomment-479811810)

## Unknown SSH Hosts

```bash
argocd repo add git@github.com:argoproj/argocd-example-apps.git --ssh-private-key-path ~/.ssh/id_rsa
```
If you are using a privately hosted Git service over SSH, then you have the following options:

The flag disables certificate validation only for specified repository.

!!! warning
The `--insecure-ignore-host-key` flag does not work for HTTPS Git URLs. See [#1513](https://github.com/argoproj/argo-cd/issues/1513).

You can add Git service hostname to the `/etc/ssh/ssh_known_hosts` in each Argo CD deployment and disables cert validation for Git SSL URLs. For more information see
[example](https://github.com/argoproj/argo-cd/tree/master/examples/known-hosts) which demonstrates how `/etc/ssh/ssh_known_hosts` can be customized.
(1) You can customize the Argo CD Docker image by adding the host's SSH public key to `/etc/ssh/ssh_known_hosts`. Additional entries to this file can be generated using the `ssh-keyscan` utility (e.g. `ssh-keyscan your-private-git-server.com`. For more information see [example](https://github.com/argoproj/argo-cd/tree/master/examples/known-hosts) which demonstrates how `/etc/ssh/ssh_known_hosts` can be customized.

!!! note
The `/etc/ssh/ssh_known_hosts` should include Git host on each Argo CD deployment as well as on a computer where `argocd repo add` is executed. After resolving issue
[#1514](https://github.com/argoproj/argo-cd/issues/1514) only `argocd-repo-server` deployment has to be customized.

(1) Add repository using Argo CD CLI and `--insecure-ignore-host-key` flag:
alexec marked this conversation as resolved.
Show resolved Hide resolved

```bash
argocd repo add git@github.com:argoproj/argocd-example-apps.git --ssh-private-key-path ~/.ssh/id_rsa --insecure-ignore-host-key
```

!!! warning "Don't use in production"
The `--insecure-ignore-host-key` should not be used in production as this is subject to man-in-the-middle attacks.

!!! warning "This does not work for Kustomize remote bases or custom plugins"
For Kustomize support, see [#827](https://github.com/argoproj/argo-cd/issues/827).

## Declarative Configuration

See [declarative setup](../operator-manual/declarative-setup#Repositories)
Expand Down