-
Notifications
You must be signed in to change notification settings - Fork 5.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CertManager becomes SyncError
with ArgoCD v1.1.0-rc1
#1826
Comments
@alexec - I think the health assessment logic is regression from previous behavior. We really should not be assessing health unless we are either:
|
@jessesuen I'm not sure about this. I think what's happening is that the certs become degraded before they become healthy. This can happen in both normal and wave/hook syncs. This would mean that you could not use these in either of those styles at all. I think that's a bug, but a different bug. Let me ponder this. |
If I apply a single resource (no waves, no hooks), which is a Certificate, as long as the Health should only come into play when there are dependencies. |
I think we should have a point fix for this in v1.1, but I'd like to address the issue of wave-based syncs that flip into degraded before healthy. |
@ishii-masayuki just to check, do you have any hooks in your app? |
@alexec @jessesuen This is our manifest files for CertManager. We sync some resources with no waves, and ClusterIssuer is synced as "wave 1". Because there is a clear dependency to use validation webhook. We tried a lot, and now we do a workaround like this. Overriding the default Lua scripts to vail the |
In addition, we also need a custom script for
|
Nice. We should make the health check for APIService a built in (native golang) one so everyone will benefit from this. |
I've created a ticket to make it built-in. |
This won't be fixed by the related PR. |
@ishii-masayuki - you have a workaround. So you don't need a fix anymore? |
@alexec When I have time, I will make it. Please wait a moment. |
thank you @ishii-masayuki - that'd be fantastic! |
What's the status on this? What is the recommended work-around until the fix is available? Is it simply adding the |
I'm sorry. I've been a little busy, and I have free time this week. |
I believe so. |
Fixed in #1921 |
Describe the bug
I tried to deploy CertManager stable(v0.8.0) with ArgoCD v1.1.0-rc1.
But CertManager sometimes became
SyncError
and auto-sync had stopped.When using Argo CD v1.0.1, this error didn't occur.
I'm afraid v1.1.0-rc1 is degraded...
Detail
In our tryout, CertManager's CRDs (
Certificate
andIssuer
) sometimes becomeDegraded
, and CertManager's task was judged asSyncError
.As far as I searched, the CRDs' status is
False
immediately after the resource is created.Just at this time, if ArgoCD health check is executed, the task will be judged as
SyncError
by following steps.Degraded
by this Lua script. (This step is unchanged from v1.0.1)When doing declarative operations, it sometimes happens that resources are judged as
Degraded
.So I hope auto-sync is not stopped in this situation.
Version
v1.1.0-rc1
Logs
When resources are judged as
Degraded
When the task becomes
SyncError
The text was updated successfully, but these errors were encountered: