argocd-redis secret-init initcontainer timeout #18356
Comments
|
I also encountered the same phenomenon by following stable, installed v2.11.0 and rolled back. kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.11.0/manifests/install.yaml |
|
Same here, also rolled back to 2.11.0 |
|
Same here |
|
Hi, change the selector to something like app.kubernetes.io/name: argocd-redis-tmp after that delete the Redis pod, it will now be able to create the secret and the system will start running. |
|
Download install.yaml and add Kubernetes API port (in my case 16443) to network policy: |
|
same here, fixed by #18358 |
|
I have same issue with argocd-redis-ha-haproxy |
|
We faced the same problem and also patched the |
|
In my case I had to use v2.11.0 and also update NetworkPolicy as above mentioned. |
|
i had the same issue and patched the apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: argocd-redis-network-policy
spec:
egress:
- ports:
- port: 53
protocol: UDP
- port: 53
protocol: TCP
- port: 6443 # your kubernetes api port
protocol: TCP
ingress:
- from:
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-server
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-repo-server
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-application-controller
ports:
- port: 6379
protocol: TCP
podSelector:
matchLabels:
app.kubernetes.io/name: argocd-redis
policyTypes:
- Ingress
- Egress
|
|
I think I had the same issue on |
|
Fixed in 2.11.2 |
|
issue persist in helm install |
@sirTangale Can you raise an issue in argo-helm, please? 😃 Also I'd like to mention that the helm chart is handling it slightly different (via a helm hook). Before Helm will deploy the core components of Argo CD (server / repo-server / ...), Helm will wait until the Secret is generated (the Job runs to completion without errors). I highly appreciate detailed steps to reproduce. |
|
Issue still persists in 2.12.6 |
|
hello same isssue on GKE with argocd-server:
i tried to add egresse rule for argocd-repo-server-network-policy but it did not work! |
Describe the bug
secret-initinitContainer is failing to check/initargocd/argocd-redissecretTo Reproduce
Expected behavior
InitContainer should succeed to check/init secret
argocd/argocd-redisScreenshots
Version
Logs
$ kubectl describe pod/argocd-redis-565687fb7d-68xdd -n argocd Name: argocd-redis-565687fb7d-68xdd Namespace: argocd Priority: 0 Service Account: argocd-redis Node: REDACTED Start Time: Wed, 22 May 2024 09:16:31 +0200 Labels: app.kubernetes.io/name=argocd-redis pod-template-hash=565687fb7d Annotations: cni.projectcalico.org/containerID: faff595beac8d993968609af65d1e133d01fa9b970a0e482301ef9b1b55e0b15 cni.projectcalico.org/podIP: 100.64.182.116/32 cni.projectcalico.org/podIPs: 100.64.182.116/32 kubectl.kubernetes.io/restartedAt: 2024-05-14T08:33:16+02:00 Status: Pending SeccompProfile: RuntimeDefault IP: 100.64.182.116 IPs: IP: 100.64.182.116 Controlled By: ReplicaSet/argocd-redis-565687fb7d Init Containers: secret-init: Container ID: containerd://2e686a331f4f9a483160e70875f0057734a85a63065e48841b974ab5160957ee Image: quay.io/argoproj/argocd:latest Image ID: quay.io/argoproj/argocd@sha256:717a945c52f15cef5659b94bba3ab360f5a7b86685a978ace448f76f71063231 Port: <none> Host Port: <none> SeccompProfile: RuntimeDefault Command: argocd admin redis-initial-password State: Waiting Reason: CrashLoopBackOff Last State: Terminated Reason: Error Exit Code: 20 Started: Wed, 22 May 2024 09:25:21 +0200 Finished: Wed, 22 May 2024 09:25:51 +0200 Ready: False Restart Count: 6 Environment: <none> Mounts: /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-nftnx (ro) Containers: redis: Container ID: Image: docker.io/library/redis:7.0.15-alpine Image ID: Port: 6379/TCP Host Port: 0/TCP Args: --save --appendonly no --requirepass $(REDIS_PASSWORD) State: Waiting Reason: PodInitializing Ready: False Restart Count: 0 Environment: REDIS_PASSWORD: <set to the key 'auth' in secret 'argocd-redis'> Optional: false Mounts: /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-nftnx (ro) Conditions: Type Status Initialized False Ready False ContainersReady False PodScheduled True Volumes: kube-api-access-nftnx: Type: Projected (a volume that contains injected data from multiple sources) TokenExpirationSeconds: 3607 ConfigMapName: kube-root-ca.crt ConfigMapOptional: <nil> DownwardAPI: true QoS Class: BestEffort Node-Selectors: Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s node.kubernetes.io/unreachable:NoExecute op=Exists for 300s Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 12m default-scheduler Successfully assigned argocd/argocd-redis-565687fb7d-68xdd to REDACTED Normal Pulled 9m23s (x5 over 12m) kubelet Container image "quay.io/argoproj/argocd:latest" already present on machine Normal Created 9m23s (x5 over 12m) kubelet Created container secret-init Normal Started 9m23s (x5 over 12m) kubelet Started container secret-init Warning BackOff 2m45s (x31 over 11m) kubelet Back-off restarting failed container secret-init in pod argocd-redis-565687fb7d-68xdd_argocd(e00bcbf4-853f-44fe-8302-82f0997884a9) $ kubectl logs pod/argocd-redis-565687fb7d-68xdd -c secret-init -n argocd Checking for initial Redis password in secret argocd/argocd-redis at key auth. time="2024-05-22T07:25:51Z" level=fatal msg="Post \"https://10.32.0.1:443/api/v1/namespaces/argocd/secrets\": dial tcp 10.32.0.1:443: i/o timeout"The text was updated successfully, but these errors were encountered: