Open mgugino-uipath opened 1 year ago
I agree this is likely a race between argocd-server pods. The theoretical race is:
argocd-secret contains xxxx, but intial-admin-secret contains yyyyyyy
I think to fix this, CreateOrUpdateSecretField
should not create or update, it should only create the field if it didn't exist, but return an error or some indicator that it already was set, so that the caller will choose not to update argocd-secret
.
I'd like to fix this, can this issue been assigned to me?
@cleverhu sure!
I tried it in local, found the password has benn inited for twice.
And the same as argocd-secret
.
@jessesuen I pulled a request for this, PTAL.
@cleverhu sure!
I tried to fix it but I have encountered some difficulties. Can you give me some advice? Thanks!
Maybe,we can use configmap or secret even endpoint for a lock. something like leaderelection
Maybe,we can use configmap or secret even endpoint for a lock. something like leaderelection
I will try to do it,thanks.
Maybe,we can use configmap or secret even endpoint for a lock. something like leaderelection
I tried to use leaderelection, which is mostly used on the k8s controller. There may be some problems with this as a distributed lock.(For example, this will select a master, which will lead to the failure of initialization in other pods in the case of multiple replicas.) Thank you for your help.
Maybe,we can use configmap or secret even endpoint for a lock. something like leaderelection
I tried to use leaderelection, which is mostly used on the k8s controller. There may be some problems with this as a distributed lock.(For example, this will select a master, which will lead to the failure of initialization in other pods in the case of multiple replicas.) Thank you for your help.
I mean you can write your own distributed lock by using configmap just like leaderelection, leaderelection is not applicable here. But its practice can be used for reference。
We're running into this while trying to setup ArgoCD for the first time. Is there any reason a 4 month old patch hasn't yet been looked into given how bad of an impression this leaves for a first time user trying to get Argo into production?
This issue still exists by now. For anyone who encounters this issue, here is a valid workaround:
Checklist:
argocd version
.Describe the bug
Occassionally, the password in argocd-initial-admin-secret does not allow the admin to authenticate. I created a small python script to validate the password
bcrypt.checkpw(passwd, myhash)
and it confirmed the password did not match the hash in argocd-secret.I believe there is a race condition from multiple replicas (2) of argocd-server. I have included startup logs from two pod replicas that indicate both attempt to set the password simultaneously.
To Reproduce
Installed argocd via helm chart v4.10.5. argocd-server configured with two replicas. Attempt to authenticate using password in argocd-initial-admin-secret
It is unclear how to trigger the race condition, probably involves pod-A starting first but having a slower connection to the kubeapi than pod-B.
Code in question: https://github.com/argoproj/argo-cd/blob/v2.2.12/util/settings/settings.go#L1702
Expected behavior
Auth succeeded
Screenshots Version
Logs