Closed alexanderdalloz closed 2 years ago
@jgwest Whom are you requesting for help? Anything I can do to help you find a valid solution? Can this issue be escalated within the Argo project?
Hey @alexanderdalloz , thank you for providing a snippet of the Dockerfile, we are validating it!
I've got good news and bad news, for running ApplicationSet controller on OpenShift 3.11:
Good news: I was able to get access to an OpenShift v3.11 cluster, and was able to confirm that the Dockerfile does work. But, I hit other issues...
Bad news: Argo CD v2.0.x and ApplicationSet v0.1.0 both no longer support the apiextensions.k8s.io/v1beta1
version of the CustomResourceDefinition
resource, which is unfortunately the only version of the CRD resource that OpenShift 3.11 supports.
This is something of a showstopper, as it is difficult to support OpenShift v3.11 while also supporting Kubernetes v1.22, which has fully removed this API version (eg you must use the new version). My guess is that many other projects will be hitting this support barrier as well, and will be moving away fairly quickly with their new release (if they haven't already). :frowning:
@jgwest, many thanks for noticing the API deprecation. I do understand that this is in fact a serious reason why OpenShift 3.11 (with k8s 1.11) is no longer supported by current Argo CD and ApplicationSet.
While the ApplicationSet Controller v0.1.0 works on OpenShift 4.x, it fails on the older platform generation 3.11.
2021-04-16T11:21:03.742Z ERROR controller-runtime.manager.controller.applicationset Reconciler error {"reconciler group": "argoproj.io", "reconciler kind": "ApplicationSet", "name": "dynatrace", "namespace": "argocd", "error": "Error during fetching repo:
git fetch origin --tags --forcefailed exit status 128: No user exists for uid 1012480000\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.", "errorVerbose": "
git fetch origin --tags --forcefailed exit status 128: No user exists for uid 1012480000\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\nError during fetching repo\ngithub.com/argoproj-labs/applicationset/pkg/services.checkoutRepo\n\t/workspace/pkg/services/repo_service.go:159
This is due to the fact that on OpenShift 3.11 the arbitrary UID used in the container does not get automatically added to /etc/passwd.
This his different on OpenShift 4.x. See https://www.openshift.com/blog/a-guide-to-openshift-and-uids
Thus it is necessary to extend the argocd-applicationset image with the same functionality implemented in to argocd image. This is especially the uid_entrypoint.sh script under /usr/local/bin being called as the command for the container.
As a proof of concept I have build a custom image based on the original one which fixes the issue on OpenShift 3.11.