argo-cd: Certificate resources from cert-manager v1 fails / syncing becomes stuck
If you are trying to resolve an environment-specific issue or have a one-off question about the edge case that does not require a feature then please consider asking a question in argocd slack channel.
Checklist:
- I’ve searched in the docs and FAQ for my answer: https://bit.ly/argocd-faq.
- I’ve included steps to reproduce the bug.
- I’ve pasted the output of
argocd version
.
Describe the bug
When creating a Certificate
from cert-manager (v1), and using a sync-wave or hook, the sync immediately fails: with Issuing certificate as Secret does not exist
. This causes ArgoCD to retry the sync 7 hours later (?):
Running a few seconds ago (Sat Sep 05 2020 03:30:53 GMT-0700)
one or more synchronization tasks completed unsuccessfully. Retrying attempt #1 at 10:28AM.
We’re not able to resync when using pre-sync
. When using sync-wave
, if we terminate the sync and sync again it works.
Do we need to create a custom healthcheck or something?
To Reproduce
Create a Certificate
with the hook
or sync-wave
annotation:
# fails immediately and unable to sync even when retrying
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
annotations:
argocd.argoproj.io/hook: PreSync
...
# sync remains stuck
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
annotations:
argocd.argoproj.io/sync-wave: "-1"
...
Expected behavior
ArgoCD should ignore the secretName does not exist error and continue syncing when using hook or sync-wave annotations.
Version
argocd: v1.7.4+f8cbd6b
BuildDate: 2020-09-05T02:46:53Z
GitCommit: f8cbd6bf432327cc3b0f70d23b66511bb906a178
GitTreeState: clean
GoVersion: go1.14.1
Compiler: gc
Platform: darwin/amd64
argocd-server: v1.7.4+f8cbd6b
BuildDate: 2020-09-05T02:45:44Z
GitCommit: f8cbd6bf432327cc3b0f70d23b66511bb906a178
GitTreeState: clean
GoVersion: go1.14.1
Compiler: gc
Platform: linux/amd64
Ksonnet Version: v0.13.1
Kustomize Version: {Version:kustomize/v3.6.1 GitCommit:c97fa946d576eb6ed559f17f2ac43b3b5a8d5dbd BuildDate:2020-05-27T20:47:35Z GoOs:linux GoArch:amd64}
Helm Version: version.BuildInfo{Version:"v3.3.1", GitCommit:"249e5215cde0c3fa72e27eb7a30e8d55c9696144", GitTreeState:"clean", GoVersion:"go1.14.7"}
Kubectl Version: v1.17.8
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Reactions: 1
- Comments: 19 (1 by maintainers)
guys, i do use this
but still
Certificate is OutOfSync , using latest cert-manager v1.10.0
I was getting the same thing, can confirm this worked for me, Argo CD v2.7.4, cert-manager v1.12.2
@hlacikd @CryptoTr4der @L-U-C-K-Y I had a thrashing issue, and I solved it with the below; try it and let me know.
Under
configs.cm.resource.customizations
, set the value:Experiencing the same thing as @hlacikd
The issue got resolved with moving to ArgoCD 2.0
seems to work for me with this https://argoproj.github.io/argo-cd/operator-manual/health/#way-1-define-a-custom-health-check-in-argocd-cm-configmap but need to do some deployments to confirm – not sure if custom healthcheck helped or me terminating sync