argo-cd: Secret key can not be omitted
Describe the bug
Although the comment in secret.yaml indicates server.secretkey can be auto-generated if it’s missing.
https://github.com/argoproj/argo-cd/blob/d3c850b8e7e67d1aa4c2deb6b77a4edbf4b7f261/docs/operator-manual/argocd-secret.yaml#L19
However, the code doesn’t allow empty server.secretkey.
Which is the expected behavior?
To Reproduce
Just after installing ArgoCD and set admin.password (although this is not mentioned in the docs).
Expected behavior
Asking the expected behavior.
Screenshots
N/A
Version
$ argocd version
argocd: v1.0.2+e0bd546.dirty
BuildDate: 2019-06-14T17:15:36Z
GitCommit: e0bd546a07818ec06a27c2b3033454e3eb1c4152
GitTreeState: dirty
GoVersion: go1.11.4
Compiler: gc
Platform: darwin/amd64
argocd-server: v1.0.2+e0bd546.dirty
BuildDate: 2019-06-14T17:15:03Z
GitCommit: e0bd546a07818ec06a27c2b3033454e3eb1c4152
GitTreeState: dirty
GoVersion: go1.11.4
Compiler: gc
Platform: linux/amd64
Ksonnet Version: 0.13.1
Logs
time="2019-07-14T11:45:39Z" level=info msg="Starting configmap/secret informers"
time="2019-07-14T11:45:39Z" level=info msg="Configmap/secret informer synced"
time="2019-07-14T11:45:39Z" level=fatal msg="server.secretkey is missing"
Have you thought about contributing a fix yourself?
I’m not sure which is the expected behavior.
About this issue
- Original URL
- State: open
- Created 5 years ago
- Reactions: 5
- Comments: 20 (9 by maintainers)
Issue: The
server.secretkeywas missing / did not generate on its own.What we tried: We took the value of
server.secretkeyfrom our production environment and assigned it on our E1 environment where it was missing.Output: We were getting error as unauthorized and we had no idea why.
Ultimate Solution: Uninstalled and reinstalled argo from scratch and then it generated the
server.secretkeyon its own.So the
server.secretkeyhas to have a unique value and should be generated on its own. We cannot assign a value of our own.I have the same issue when I install argocd with Core Install. @dtaniwaki Can we reopen this issue?
For anyone coming here for similar issue where
server.secretKeyis not defined, here’s what I did to make it work back:Reopening because I think this is almost definitely a persistent problem with core install.
@brianpooe In my case I had to do add to add
--set global.networkPolicy.create=truein my helm installHello, I face a related issue on ArgoCD 2.9 managed with Helm Charts. Argo goes out of sync because of required secrets config. If I sync I loose access right away and need to re add manually secrets in Azure.
Am I the only one to encounter this issue ? Do you think it would be possible to fix this without having to ignore argocd-secret sync in argo-cm ?
Could we split
argocd-secretinto 2 or more secrets? Leave one for the autogenerated values, another for webhook secrets, and maybe another for the admin password (which is optionally autogenerated)? I’m encountering the same issue trying to introduce awebhook.gitlab.secretvia Helm. And/or use server-side-apply for the autogenerated values?In my situation I started having CrashLoopBackoff on argocd-dex-server in the logs I have “server.secretkey is missing” after deleting argocd namespace and creating it from scratch. I just now deleted already 3 times and recreated and still same problem. Any advice?