search

argoproj / argo-cd

Declarative Continuous Deployment for Kubernetes
https://argo-cd.readthedocs.io
Apache License 2.0
17.41k stars 5.29k forks source link

Cannot Compare/Delete app in openshift 4.5 #5168

Open zemiak opened 3 years ago

zemiak commented 3 years ago

Describe the bug

ArgoCD does not like Openshift 4.5 self-generated certificates when syncing or deleting the projects.

The sync and deletion initiated by Sync triggers the following logs:

x509: certificate signed by unknown authority

To Reproduce

Expected behavior

No errors

Version

argocd version          
argocd: v1.8.1+c2547dc.dirty
  BuildDate: 2020-12-10T04:44:20Z
  GitCommit: c2547dca95437fdbb4d1e984b0592e6b9110d37f
  GitTreeState: dirty
  GoVersion: go1.15.5
  Compiler: gc
  Platform: darwin/amd64
Handling connection for 8080
argocd-server: v1.8.1+c2547dc
  BuildDate: 2020-12-10T02:59:21Z
  GitCommit: c2547dca95437fdbb4d1e984b0592e6b9110d37f
  GitTreeState: clean
  GoVersion: go1.14.12
  Compiler: gc
  Platform: linux/amd64
  Ksonnet Version: v0.13.1
  Kustomize Version: v3.8.1 2020-07-16T00:58:46Z
  Helm Version: v3.4.1+gc4e7485
  Kubectl Version: v1.17.8
  Jsonnet Version: v0.17.0

Logs

$ argocd app get guestbook

Name:               guestbook
Project:            default
Server:             https://kubernetes.default.svc
Namespace:          argocd-guestbook
URL:                https://localhost:8080/applications/guestbook
Repo:               https://github.com/argoproj/argocd-example-apps
Target:             HEAD
Path:               helm-guestbook
SyncWindow:         Sync Allowed
Sync Policy:        <none>
Sync Status:        Unknown
Health Status:      Healthy

CONDITION        MESSAGE                                                                                                                                                                                                                                                                                                             LAST TRANSITION
ComparisonError  failed to sync cluster https://172.21.0.1:443: failed to load initial state of resource ClusterTask.tekton.dev: conversion webhook for tekton.dev/v1alpha1, Kind=ClusterTask failed: Post https://tekton-pipelines-webhook.openshift-pipelines.svc:443/?timeout=30s: x509: certificate signed by unknown authority  2021-01-04 10:38:55 +0100 CET
ComparisonError  failed to sync cluster https://172.21.0.1:443: failed to load initial state of resource ClusterTask.tekton.dev: conversion webhook for tekton.dev/v1alpha1, Kind=ClusterTask failed: Post https://tekton-pipelines-webhook.openshift-pipelines.svc:443/?timeout=30s: x509: certificate signed by unknown authority  2021-01-04 10:38:55 +0100 CET
DeletionError    failed to sync cluster https://172.21.0.1:443: failed to load initial state of resource ClusterTask.tekton.dev: conversion webhook for tekton.dev/v1alpha1, Kind=ClusterTask failed: Post https://tekton-pipelines-webhook.openshift-pipelines.svc:443/?timeout=30s: x509: certificate signed by unknown authority  2021-01-04 10:42:06 +0100 CET

Thanks, Miroslav

jessesuen commented 3 years ago

@zemiak i believe this is specific to your environment. Argo CD is reporting that when dealing with tekton.dev/v1alpha1, ClusterTask objects, the K8s API server cannot securely connect to your conversion webhook because https://tekton-pipelines-webhook.openshift-pipelines.svc:443 has an untrusted authority (e.g. self-signed). Argo CD is simply surfacing that error.