Open bredamatt opened 4 weeks ago
were your test pods in the same namespace as argo cd and on the same node? From my personal experience, this has always been a problem without outbound rules external to argo-cd. You can validate if you have a nodeSelector or something like that and the argo pods are deployed on a node without the permissions. Also, the public GitHub IPs are listed in https://api.github.com/meta, just to be sure you used the correct ones.
Checklist:
argocd version
.Describe the bug
I have deployed ArgoCD in an EKS cluster created using private subnets and Cilium, and created a Secret for my private GitHub repository as per the documentation.
I check the logs on my repo-server, and I see the following:
I checked the ArgoCD UI and the connection to the repo is failed.
I checked outbound access from a test Pod in my EKS cluster, and I am able to
ping
andcurl
sites likegithub.com
,google.com
, etc. so there definitely seems to be outbound connectivity in my EKS cluster. How come therepo-server
can't connect then?To Reproduce I deploy ArgoCD version using terraform's helm provider with the helm chart (https://github.com/argoproj/argo-helm/blob/main/charts/argo-cd/values.yaml) version at 7.5.2 and I set the following values:
I can see that health checks are fine on the
repo-server
logs. Also, to be certain, even though I already confirmed outbound access before deploying argo, I explicitly allow for all of Github's public IP addresses in the worker node security group. This doesn't influence connectivity from my test pod, but doesn't help the repo-server connectivity.Expected behavior
Connectivity to github should not timeout.
Screenshots
Version 7.5.2 Helm chart.
Logs Repo-server start-up logs: