ArgoCD server is exposing a not valid certificate and Task for Wait Application is failing

Question

ArgoCD server is exposing a not valid certificate and Task for Wait Application is failing

rcarrata opened this issue 3 years ago · 4 comments

The GitOps / ArgoCD Server have not the proper certificate SAN for the openshift-gitops-server.openshift-gitops, and for this reason is failing to login and to do the app sync. Needs to be updated with insecure or use the http instead of https inside of the cluster.

step-login-wait
+ [ -z ]
+ yes
+ argocd login openshift-gitops-server.openshift-gitops:443 --username=admin --password=czX6GbpBg4UaODnM1yKvdlRm8FsYE3fW
WARNING: server certificate had error: x509: certificate is valid for openshift-gitops, openshift-gitops-grpc, openshift-gitops.openshift-gitops.svc.cluster.local, not openshift-gitops-server.openshift-gitops. Proceed insecurely (y/n)? 'admin:login' logged in successfully
Context 'openshift-gitops-server.openshift-gitops:443' updated

step-sync
+ argocd app sync dev-spring-petclinic --revision HEAD --
time="2022-02-25T13:14:53Z" level=fatal msg="Failed to establish connection to openshift-gitops-server.openshift-gitops:443: x509: certificate is valid for openshift-gitops, openshift-gitops-grpc, openshift-gitops.openshift-gitops.svc.cluster.local, not openshift-gitops-server.openshift-gitops"

Answer 1 · 2022-02-25T13:46:09.000Z

Another possibility is to have deployed the ArgoCD CR within the operator with:

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: argocd
spec:
  image: argoproj/argocd
  version: v2.0.3
  server:
    insecure: true
    route:
      enabled: true
      tls:
        insecureEdgeTerminationPolicy: Redirect
        termination: edge

Let's check!

Answer 2 · 2022-03-01T20:00:57.000Z

Works but changing the argocd image, because the old image 2.0.5 didn't work raising another error:

step-sync
+ argocd app sync dev-spring-petclinic --revision HEAD --
TIMESTAMP                  GROUP                     KIND   NAMESPACE                     NAME    STATUS   HEALTH        HOOK  MESSAGE
2022-03-01T19:25:27+00:00                         Service  devsecops-dev      spring-petclinic    Synced  Healthy              
2022-03-01T19:25:27+00:00   apps               Deployment  devsecops-dev      spring-petclinic    Synced  Healthy              
2022-03-01T19:25:27+00:00  route.openshift.io       Route  devsecops-dev      spring-petclinic    Synced  Healthy              
2022-03-01T19:25:29+00:00   apps  Deployment  devsecops-dev      spring-petclinic  OutOfSync  Progressing              
2022-03-01T19:25:29+00:00                         Service  devsecops-dev      spring-petclinic    Synced   Healthy                  service/spring-petclinic unchanged
2022-03-01T19:25:29+00:00   apps               Deployment  devsecops-dev      spring-petclinic  OutOfSync  Progressing              deployment.apps/spring-petclinic configured
2022-03-01T19:25:29+00:00  route.openshift.io       Route  devsecops-dev      spring-petclinic    Synced   Healthy                  route.route.openshift.io/spring-petclinic unchanged
2022-03-01T19:25:30+00:00   apps  Deployment  devsecops-dev      spring-petclinic    Synced  Progressing              deployment.apps/spring-petclinic configured
2022-03-01T19:25:30+00:00   apps  Deployment  devsecops-dev      spring-petclinic    Synced  Healthy              deployment.apps/spring-petclinic configured

Name:               dev-spring-petclinic
Project:            spring-petclinic
Server:             https://kubernetes.default.svc
Namespace:          devsecops-dev
URL:                https://openshift-gitops-server-openshift-gitops.apps.cluster-kb9kk.kb9kk.sandbox1484.opentlc.com/applications/dev-spring-petclinic
Repo:               http://gogs-ocp-workshop.apps.cluster-kb9kk.kb9kk.sandbox1484.opentlc.com/gogsadmin/spring-petclinic-config
Target:             HEAD
Path:               environments/dev
SyncWindow:         Sync Allowed
Sync Policy:        Automated (Prune)
Sync Status:        OutOfSync from HEAD (221a0ad)
Health Status:      Healthy


GROUP               KIND        NAMESPACE      NAME              STATUS     HEALTH   HOOK  MESSAGE
                    Service     devsecops-dev  spring-petclinic  Synced     Healthy        
apps                Deployment  devsecops-dev  spring-petclinic  OutOfSync  Healthy        
route.openshift.io  Route       devsecops-dev  spring-petclinic  Synced     Healthy        
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x48 pc=0x2317efb]

goroutine 1 [running]:
github.com/argoproj/argo-cd/v2/cmd/argocd/commands.NewApplicationSyncCommand.func1(0xc00023f340, 0xc000a6b440, 0x1, 0x4)
	/go/src/github.com/argoproj/argo-cd/cmd/argocd/commands/app.go:1418 +0x73b
github.com/spf13/cobra.(*Command).execute(0xc00023f340, 0xc000a6b400, 0x4, 0x4, 0xc00023f340, 0xc000a6b400)
	/go/pkg/mod/github.com/spf13/cobra@v1.1.1/command.go:854 +0x2c2
github.com/spf13/cobra.(*Command).ExecuteC(0xc000c94dc0, 0x12, 0x0, 0x0)
	/go/pkg/mod/github.com/spf13/cobra@v1.1.1/command.go:958 +0x375
github.com/spf13/cobra.(*Command).Execute(...)
	/go/pkg/mod/github.com/spf13/cobra@v1.1.1/command.go:895
main.main()
	/go/src/github.com/argoproj/argo-cd/cmd/main.go:60 +0x1d6

step-wait
2022/03/01 19:25:31 Skipping step because a previous step failed

Changing the image to the newest available 2.2.5, worked like a charm. Waiting to test in a clean env...

Answer 3 · 2022-03-01T20:08:48.000Z

Worked ok in a full end2end pipeline:

Answer 4 · 2022-03-03T15:42:31.000Z

Closing because it's fixed in #53 that is already in the main branch.