backstage cannot access non self signed https server as https://argocd.cnoe.localtest.me:8443

[cmoulliard]

Issue

backstage cannot access non self signed https server as https://argocd.cnoe.localtest.me:8443 and will raise this error when we scaffold a template using as action [argocd](argocd:create-resources) and will report this error: request to https://argocd.cnoe.localtest.me:8443/api/v1/session failed, reason: self-signed certificate

[cmoulliard]

There is a trick which is to export from the secret the tls.crt file and to set the following NODE_EXTRA_CA_CERTS env var

kubectl -o json -n argocd get secret/argocd-secret | jq -r '.data."tls.crt"' | base64 -d > tls.crt
export NODE_EXTRA_CA_CERTS=/path/to/argocd/tls.crt

but then we will got another error from backstage as the certificate do not include argocd.cnoe.localtest.me

request to https://argocd.cnoe.localtest.me:8443/api/v1/session failed, 
reason: Hostname/IP does not match certificate's altnames
: Host: argocd.cnoe.localtest.me. is not in the cert's altnames
: DNS:localhost, DNS:argocd-server, DNS:argocd-server.argocd, DNS:argocd-server.argocd.svc, DNS:argocd-server.argocd.svc.cluster.local

Note: There is again a trick which is to set this env var NODE_TLS_REJECT_UNAUTHORIZED=0 but ideally the certificate generated should include as alt name: argocd.cnoe.localtest.me !

[cmoulliard]

As this problem is fixed using a self certificate and CoreDNS rewrite rule (#317 and #316), I will then close it as I did a test manually