andrii-korotkov-verkada
commented
2 weeks ago I don't see the sync waves in master anymore, so maybe try getting new manifests and/or upgrading to v2.13.0.
Open akloss-cibo opened 2 months ago
andrii-korotkov-verkada
commented
2 weeks ago I don't see the sync waves in master anymore, so maybe try getting new manifests and/or upgrading to v2.13.0.
akloss-cibo
commented
2 weeks ago I think there's a misunderstanding. There are no sync-waves in upstream; i have added sync-wave annotations to our local kustomization to make this work for us.
andrii-korotkov-verkada
commented
2 weeks ago @akloss-cibo, okay, wasn't sure if that was the case. Thanks for confirming. Can you define sync waves to get the proper order? If not, what's blocking?
akloss-cibo
commented
2 weeks ago Yes, the sync-wave changes in my original post to cause redis to install prior to the argocd-application-controller DaemonSet work for us.
akloss-cibo
commented
2 weeks ago I'm confused by closing this. Yes, we can mitigate the problem by applying our own sync-waves, but it seems to me like the provided kustomization should work for this use case out-of-the-box.
andrii-korotkov-verkada
commented
2 weeks ago Re-opening. Do you suggest to just add sync waves to the manifests in upstream for people who manage argocd by argocd?
akloss-cibo
commented
2 weeks ago I do, yes. I think the folks who engineered the password-enabled redis should probably be consulted to see if they have some other strategy they'd like to see used.
mtang-pton
commented
2 days ago Just wanted to add that I've run into this issue as well while upgrading self managed Argo from 2.10 -> 2.12. In our case, the upgrade went through in stage but failed in prod, leaving our prod Argo in a bad state while we attempted to debug the issue. I ended up having to disable redis auth to get argo-application-controller working before enabling redis auth again.
I'd like to see the sync waves added upstream and bugfixed in 2.12/2.13.
crenshaw-dev
commented
2 days ago For folks who hit this issue: how did you upgrade Argo CD? It doesn't make sense to me that OP's argocd-redis was out-of-sync while argocd-application-controller was in sync (on the newer version). Did you do a partial sync that didn't include argocd-redis?
Checklist:
argocd version.Describe the bug
When updating an ArgoCD self-managed installation (from 2.10.9) to 2.12.3 using the Kustomization at https://github.com/argoproj/argo-cd/manifests/cluster-install?ref=v2.12.3, things go badly. Several times that I've tried, the argocd-application-controller StatefulSet gets updated before the argocd-redis Deployment. The new pod for the updated argocd-application-controller StatefulSet won't start because the argocd-redis Secret hasn't been populated by the init container in the argocd-redis Deployment, and the argocd-redis Deployment will never be updated because there's no running argocd-application-controller pod any more.
To Reproduce
Steps to reproduce:
argocd-application-controller-0pod won't start because theargocd-redisSecret doesn't exit and theargocd-redisDeployment is still out-of-sync because there is no argocd-application-controller pod running to sync it.Expected behavior
ArgoCD should apply updated from the Kustomization in an order that ensures the argocd-redis Secret exists before updating the argocd-application-controller to depend on the argocd-redis Secret.
I've addressed this by adding sync-waves into a kustomization overlay, but adding things to the mainline would make this work for everyone without patching the redis resources:
Screenshots
Version
Upgrading from:
Upgrading to:
Logs