x509: certificate signed by unknown authority error when adding cluster with kube-public option using cli

[aminarefzadeh]

Checklist:

• I've searched in the docs and FAQ for my answer: https://bit.ly/argocd-faq.
• I've included steps to reproduce the bug.
• I've pasted the output of argocd version.

Describe the bug
We want to add a new cluster using ArgoCD cli with --cluster-endpoint kube-public option. The problem is, when Argo uses the endpoint specified in kube-public config, it does not use the certificate_authority_data associated with this endpoint. And this lead to problem in adding a new cluster. This problem only happens when the certificate_authority_data are not the same in kubeconfig and kube-public.

if we want to change the endpoint according to kube-public, it's logical to use the certificate_authority_data in kube-public as well, since certificate_authority_data and endpoint are related.

To Reproduce

Adding a cluster using Argocd cli with --cluster-endpoint kube-public option. When certificate_authority_data is different in kubeconfig and kube-public, raises x509 error.

root@runner:/# argocd cluster add --name neda-dog --core --system-namespace argocd --cluster-endpoint kube-public --upsert -y neda-dog
INFO[0000] ServiceAccount "argocd-manager" already exists in namespace "argocd"
INFO[0000] ClusterRole "argocd-manager-role" updated
INFO[0000] ClusterRoleBinding "argocd-manager-role-binding" updated
ERRO[0001] finished unary call with code Unknown         error="Get \"https://api.k8s-dog.***.cloud:443/version?timeout=32s\": tls: failed to verify certificate: x509: certificate signed by unknown authority" grpc.code=Unknown grpc.method=Create grpc.service=cluster.ClusterService grpc.start_time="2024-12-29T17:13:01Z" grpc.time_ms=95.35 span.kind=server system=grpc
FATA[0001] rpc error: code = Unknown desc = Get "https://api.k8s-dog.***.cloud:443/version?timeout=32s": tls: failed to verify certificate: x509: certificate signed by unknown authority

Expected behavior

Must use the certificate_authority_data in kube-public and added the new cluster successfully.

Version

root@runner:/# argocd version --core
argocd: v2.13.2+dc43124
  BuildDate: 2024-12-11T19:01:33Z
  GitCommit: dc43124058130db9a747d141d86d7c2f4aac7bf9
  GitTreeState: clean
  GoVersion: go1.22.9
  Compiler: gc
  Platform: linux/amd64
argocd-server: v2.13.2+dc43124
  BuildDate: 2024-12-11T19:01:33Z
  GitCommit: dc43124058130db9a747d141d86d7c2f4aac7bf9
  GitTreeState: clean
  GoVersion: go1.22.9
  Compiler: gc
  Platform: linux/amd64
  Kustomize Version: v5.5.0 2024-10-09T13:10:16Z
  Helm Version: v3.16.3+gcfd0749
  Kubectl Version: v0.31.0
  Jsonnet Version: v0.20.0