argo-workflows: 3.4-rc2 - Workflows UI can no longer get logs (s3)

Checklist

  • Double-checked my configuration.
  • Tested using the latest version.
  • Used the Emissary executor.

Summary

This occurs following an upgrade from workflows 3.3.9 to 3.4-rc2.

Logs are still correctly sent to s3 by argo workflows, I can see main.log in s3 and the contents of the log file are correct.

However, once the workflow has finished the pod has been archived, the logs field is now empty in the UI. Clicking Try getting logs from the artifacts results in Internal Server Error

The argo-server logs show this error, only when trying to clikc the ‘try getting logs from artifacts’ link.: level=error msg="Artifact Server returned internal error" error="artifact not found: main-logs"

No errors at all when just trying to view in the UI. None on the controller either.

Note, as I’m using IRSA, I have the following patch on my argo-server:

    spec:
      securityContext:
        fsGroup: 65534

What version are you running? 3.4-rc2

Config summary: controller-configmap:

  artifactRepository: |
    # archiveLogs will archive the main container logs as an artifact
    archiveLogs: true

    s3:
      endpoint: s3.amazonaws.com
      bucket: my-bucket-name
      region: us-east-1
      insecure: false
      keyFormat: "my-artifacts\
        /{{workflow.creationTimestamp.Y}}\
        /{{workflow.creationTimestamp.m}}\
        /{{workflow.creationTimestamp.d}}\
        /{{workflow.name}}\
        /{{pod.name}}"
      useSDKCreds: true

The argo-server ServiceAccount has the eks.amazonaws.com/role-arn annotation as always.

Message from the maintainers:

Impacted by this regression? Give it a 👍. We prioritise the issues with the most 👍.

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Reactions: 2
  • Comments: 69 (67 by maintainers)

Most upvoted comments

@juliev0 I might be a bit late to the party but we are currently facing a similar issue. Upgraded to version 3.4.0 with the new helm chart version 0.18.0.

After upgrading we see the logs of a step while it is currently running. As soon as that step is finished we are getting “internal server error” on the UI when viewing the logs of said step. The same issue occurs when trying to check the logs under archived workflows.

though we are using minio as S3 backend and not AWS S3. Settting POD_NAMES to “v1” in both the controller and server did not change this behavior.

Log Output from workflow server pod: time="2022-09-20T08:01:17.442Z" level=info msg="selected SSO RBAC service account for user" email=XXX loginServiceAccount=workflows-super-admin serviceAccount=workflows-super-admin ssoDelegated=false ssoDelegationAllowed=true subject=2d6bdc16-b79b-4560-8d0c-c77da510a8f9 time="2022-09-20T08:01:17.443Z" level=info msg="Get artifact file" artifactName=main-logs namespace=weckdengeparden-cicd nodeId=workflow-push-weckdengeparden-pww7f-2238040116 workflowName=workflow-push-weckdengeparden-pww7f time="2022-09-20T08:01:17.458Z" level=error msg="Artifact Server returned internal error" error="no template found by the name of '' (which is the template associated with nodeId 'workflow-push-weckdengeparden-pww7f-2238040116'??" time="2022-09-20T08:01:17.458Z" level=info duration=20.395087ms method=GET path=/artifact-files/weckdengeparden-cicd/workflows/workflow-push-weckdengeparden-pww7f/workflow-push-weckdengeparden-pww7f-2238040116/outputs/main-logs size=22 status=500

Getting logs from the artifact repository also doesn’t work via the UI: the URL used is: https://workflows.apps.play.gepaplexx.com/artifact-files/weckdengeparden-cicd/workflows/workflow-push-weckdengeparden-pww7f/workflow-push-weckdengeparden-pww7f-2238040116/outputs/main-logs

in minio I can find the logs under https://minio.apps.play.gepaplexx.com/minio/argo-workflows/workflow-push-weckdengeparden-pww7f/workflow-push-weckdengeparden-pww7f-2238040116/

Any input or hints would be much appreciated! Unfortunately I am on vacation until the beginning of october but I’ll have a colleague of mine watch this thread, so he can give you more information or try out thanks.

workflow looks like this:

kind: Workflow
metadata:
  annotations:
    workflows.argoproj.io/pod-name-format: v1
  creationTimestamp: "2022-09-20T07:15:38Z"
  generateName: workflow-push-weckdengeparden-
  generation: 19
  labels:
    workflows.argoproj.io/completed: "true"
    workflows.argoproj.io/phase: Succeeded
    workflows.argoproj.io/workflow-archiving-status: Archived
  name: workflow-push-weckdengeparden-pww7f
  namespace: weckdengeparden-cicd
  resourceVersion: "146830178"
  uid: 03c3c477-6228-4dfa-9afe-56eeb7ec639f
spec:
  arguments:
    parameters:
    - name: repository
      value: git@github.com:gepaplexx-demos/weckdengeparden.git
    - name: revision
      value: refs/heads/main
  entrypoint: pipeline
  workflowTemplateRef:
    clusterScope: true
    name: workflow-push-template
status:
  artifactGCStatus:
    notSpecified: true
  artifactRepositoryRef:
    artifactRepository:
      archiveLogs: true
      s3:
        accessKeySecret:
          key: accesskey
          name: minio-artifact-repository
        bucket: argo-workflows
        endpoint: minio-artifact-repository.gepaplexx-cicd-tools:9000
        insecure: true
        secretKeySecret:
          key: secretkey
          name: minio-artifact-repository
    default: true
  conditions:
  - status: "False"
    type: PodRunning
  - status: "True"
    type: Completed
  finishedAt: "2022-09-20T07:21:36Z"
  nodes:
    workflow-push-weckdengeparden-pww7f:
      children:
      - workflow-push-weckdengeparden-pww7f-314421479
      displayName: workflow-push-weckdengeparden-pww7f
      finishedAt: "2022-09-20T07:21:36Z"
      id: workflow-push-weckdengeparden-pww7f
      inputs:
        parameters:
        - default: "false"
          name: sonarqube-active
          value: "false"
        - default: "false"
          name: integrationtest-active
          value: "false"
      name: workflow-push-weckdengeparden-pww7f
      outboundNodes:
      - workflow-push-weckdengeparden-pww7f-4255176484
      - workflow-push-weckdengeparden-pww7f-1934338610
      - workflow-push-weckdengeparden-pww7f-3751414150
      - workflow-push-weckdengeparden-pww7f-2238040116
      phase: Succeeded
      progress: 8/8
      resourcesDuration:
        cpu: 531
        memory: 1569
      startedAt: "2022-09-20T07:15:39Z"
      templateName: pipeline
      templateScope: local/
      type: DAG
    workflow-push-weckdengeparden-pww7f-314421479:
      boundaryID: workflow-push-weckdengeparden-pww7f
      children:
      - workflow-push-weckdengeparden-pww7f-4032387921
      displayName: checkout
      finishedAt: "2022-09-20T07:15:57Z"
      hostNodeName: worker23
      id: workflow-push-weckdengeparden-pww7f-314421479
      inputs:
        parameters:
        - default: ""
          name: extraArgs
          value: ""
      name: workflow-push-weckdengeparden-pww7f.checkout
      outputs:
        artifacts:
        - name: main-logs
          s3:
            key: workflow-push-weckdengeparden-pww7f/workflow-push-weckdengeparden-pww7f-314421479/main.log
        exitCode: "0"
        parameters:
        - name: commit-hash
          value: 77facc6
          valueFrom:
            path: /mnt/out/commit_hash
      phase: Succeeded
      progress: 1/1
      resourcesDuration:
        cpu: 10
        memory: 26
      startedAt: "2022-09-20T07:15:39Z"
      templateRef:
        clusterScope: true
        name: git-operations-v2
        template: checkout
      templateScope: local/
      type: Pod
    workflow-push-weckdengeparden-pww7f-1934338610:
      boundaryID: workflow-push-weckdengeparden-pww7f
      displayName: integration-test
      finishedAt: "2022-09-20T07:21:36Z"
      id: workflow-push-weckdengeparden-pww7f-1934338610
      message: when 'false' evaluated false
      name: workflow-push-weckdengeparden-pww7f.integration-test
      phase: Skipped
      startedAt: "2022-09-20T07:21:36Z"
      templateRef:
        clusterScope: true
        name: workflow-integrationtest-template
        template: integration-test
      templateScope: local/
      type: Skipped
    workflow-push-weckdengeparden-pww7f-2120932216:
      boundaryID: workflow-push-weckdengeparden-pww7f
      children:
      - workflow-push-weckdengeparden-pww7f-3044455204
      - workflow-push-weckdengeparden-pww7f-2238040116
      displayName: build-and-push-image
      finishedAt: "2022-09-20T07:19:51Z"
      hostNodeName: worker23
      id: workflow-push-weckdengeparden-pww7f-2120932216
      inputs:
        parameters:
        - name: tag
          value: 77facc6
        - default: ""
          name: suffix
          value: -to-scan
      name: workflow-push-weckdengeparden-pww7f.build-and-push-image
      outputs:
        artifacts:
        - name: main-logs
          s3:
            key: workflow-push-weckdengeparden-pww7f/workflow-push-weckdengeparden-pww7f-2120932216/main.log
        exitCode: "0"
      phase: Succeeded
      progress: 1/1
      resourcesDuration:
        cpu: 47
        memory: 141
      startedAt: "2022-09-20T07:19:19Z"
      templateRef:
        clusterScope: true
        name: containerimage-operations
        template: build-and-push-image
      templateScope: local/
      type: Pod
    workflow-push-weckdengeparden-pww7f-2238040116:
      boundaryID: workflow-push-weckdengeparden-pww7f
      displayName: scan-container-image
      finishedAt: "2022-09-20T07:20:32Z"
      hostNodeName: worker21
      id: workflow-push-weckdengeparden-pww7f-2238040116
      inputs:
        parameters:
        - name: tag
          value: 77facc6
        - default: LOW,MEDIUM,HIGH,CRITICAL
          name: severitiy
          value: LOW,MEDIUM,HIGH,CRITICAL
      name: workflow-push-weckdengeparden-pww7f.scan-container-image
      outputs:
        artifacts:
        - name: main-logs
          s3:
            key: workflow-push-weckdengeparden-pww7f/workflow-push-weckdengeparden-pww7f-2238040116/main.log
        exitCode: "0"
      phase: Succeeded
      progress: 1/1
      resourcesDuration:
        cpu: 41
        memory: 119
      startedAt: "2022-09-20T07:20:01Z"
      templateRef:
        clusterScope: true
        name: containerimage-operations
        template: scan-container-image
      templateScope: local/
      type: Pod
    workflow-push-weckdengeparden-pww7f-2472152668:
      boundaryID: workflow-push-weckdengeparden-pww7f
      children:
      - workflow-push-weckdengeparden-pww7f-1934338610
      displayName: update-argocd-application
      finishedAt: "2022-09-20T07:21:26Z"
      hostNodeName: worker23
      id: workflow-push-weckdengeparden-pww7f-2472152668
      inputs:
        parameters:
        - name: tag
          value: 77facc6
        - default: ""
          name: extraArgs
          value: ""
      name: workflow-push-weckdengeparden-pww7f.update-argocd-application
      outputs:
        artifacts:
        - name: main-logs
          s3:
            key: workflow-push-weckdengeparden-pww7f/workflow-push-weckdengeparden-pww7f-2472152668/main.log
        exitCode: "0"
        parameters:
        - name: application
          value: weckdengeparden
          valueFrom:
            path: /mnt/out/application
        - name: namespace
          value: weckdengeparden
          valueFrom:
            path: /mnt/out/namespace
      phase: Succeeded
      progress: 1/1
      resourcesDuration:
        cpu: 15
        memory: 43
      startedAt: "2022-09-20T07:21:04Z"
      templateRef:
        clusterScope: true
        name: argocd-operations
        template: update-argocd-application
      templateScope: local/
      type: Pod
    workflow-push-weckdengeparden-pww7f-3044455204:
      boundaryID: workflow-push-weckdengeparden-pww7f
      children:
      - workflow-push-weckdengeparden-pww7f-3923293148
      displayName: fail-on-critical-vulnerabilities
      finishedAt: "2022-09-20T07:20:30Z"
      hostNodeName: worker23
      id: workflow-push-weckdengeparden-pww7f-3044455204
      inputs:
        parameters:
        - name: tag
          value: 77facc6
      name: workflow-push-weckdengeparden-pww7f.fail-on-critical-vulnerabilities
      outputs:
        artifacts:
        - name: main-logs
          s3:
            key: workflow-push-weckdengeparden-pww7f/workflow-push-weckdengeparden-pww7f-3044455204/main.log
        exitCode: "0"
      phase: Succeeded
      progress: 1/1
      resourcesDuration:
        cpu: 47
        memory: 141
      startedAt: "2022-09-20T07:20:01Z"
      templateRef:
        clusterScope: true
        name: containerimage-operations
        template: fail-on-critical-vulnerabilities
      templateScope: local/
      type: Pod
    workflow-push-weckdengeparden-pww7f-3751414150:
      boundaryID: workflow-push-weckdengeparden-pww7f
      displayName: run-sonarqube-analysis
      finishedAt: "2022-09-20T07:19:19Z"
      id: workflow-push-weckdengeparden-pww7f-3751414150
      message: when 'false' evaluated false
      name: workflow-push-weckdengeparden-pww7f.run-sonarqube-analysis
      phase: Skipped
      startedAt: "2022-09-20T07:19:19Z"
      templateRef:
        clusterScope: true
        name: maven-operations-v2
        template: run-sonarqube-analysis
      templateScope: local/
      type: Skipped
    workflow-push-weckdengeparden-pww7f-3923293148:
      boundaryID: workflow-push-weckdengeparden-pww7f
      children:
      - workflow-push-weckdengeparden-pww7f-2472152668
      displayName: retag-container-image
      finishedAt: "2022-09-20T07:20:51Z"
      hostNodeName: worker23
      id: workflow-push-weckdengeparden-pww7f-3923293148
      inputs:
        parameters:
        - name: old-tag
          value: 77facc6-to-scan
        - name: new-tag
          value: 77facc6
      name: workflow-push-weckdengeparden-pww7f.retag-container-image
      outputs:
        artifacts:
        - name: main-logs
          s3:
            key: workflow-push-weckdengeparden-pww7f/workflow-push-weckdengeparden-pww7f-3923293148/main.log
        exitCode: "0"
      phase: Succeeded
      progress: 1/1
      resourcesDuration:
        cpu: 9
        memory: 25
      startedAt: "2022-09-20T07:20:43Z"
      templateRef:
        clusterScope: true
        name: containerimage-operations
        template: retag-container-image
      templateScope: local/
      type: Pod
    workflow-push-weckdengeparden-pww7f-4032387921:
      boundaryID: workflow-push-weckdengeparden-pww7f
      children:
      - workflow-push-weckdengeparden-pww7f-4255176484
      - workflow-push-weckdengeparden-pww7f-2120932216
      - workflow-push-weckdengeparden-pww7f-3751414150
      displayName: build
      finishedAt: "2022-09-20T07:19:09Z"
      hostNodeName: worker23
      id: workflow-push-weckdengeparden-pww7f-4032387921
      inputs:
        parameters:
        - default: clean install
          name: goals
          value: clean install
        - default: ""
          name: pomSubpath
          value: ""
        - default: ""
          name: extraArgs
          value: ""
      name: workflow-push-weckdengeparden-pww7f.build
      outputs:
        artifacts:
        - name: main-logs
          s3:
            key: workflow-push-weckdengeparden-pww7f/workflow-push-weckdengeparden-pww7f-4032387921/main.log
        exitCode: "0"
      phase: Succeeded
      progress: 1/1
      resourcesDuration:
        cpu: 279
        memory: 839
      startedAt: "2022-09-20T07:16:10Z"
      templateRef:
        clusterScope: true
        name: maven-operations-v2
        template: build
      templateScope: local/
      type: Pod
    workflow-push-weckdengeparden-pww7f-4255176484:
      boundaryID: workflow-push-weckdengeparden-pww7f
      displayName: generate-test-report
      finishedAt: "2022-09-20T07:20:37Z"
      hostNodeName: worker23
      id: workflow-push-weckdengeparden-pww7f-4255176484
      inputs:
        parameters:
        - default: surefire-report:report-only site -DgenerateReports=false
          name: goals
          value: surefire-report:report-only site -DgenerateReports=false
        - default: ""
          name: pomSubpath
          value: ""
        - default: ""
          name: extraArgs
          value: ""
      name: workflow-push-weckdengeparden-pww7f.generate-test-report
      outputs:
        artifacts:
        - name: main-logs
          s3:
            key: workflow-push-weckdengeparden-pww7f/workflow-push-weckdengeparden-pww7f-4255176484/main.log
        exitCode: "0"
      phase: Succeeded
      progress: 1/1
      resourcesDuration:
        cpu: 83
        memory: 235
      startedAt: "2022-09-20T07:19:19Z"
      templateRef:
        clusterScope: true
        name: maven-operations-v2
        template: generate-test-report
      templateScope: local/
      type: Pod
  phase: Succeeded
  progress: 8/8
  resourcesDuration:
    cpu: 531
    memory: 1569
  startedAt: "2022-09-20T07:15:39Z"
  storedTemplates:
    cluster/argocd-operations/update-argocd-application:
      container:
        args:
        - --argo-update
        - --url
        - '{{ workflow.parameters.repository }}'
        - --branch
        - '{{=sprig.join("/", sprig.regexSplit("/", workflow.parameters.revision,
          -1)[2:])}}'
        - --name
        - '{{ workflow.parameters.reponame }}'
        - --tag
        - '{{ inputs.parameters.tag }}'
        - '{{ inputs.parameters.extraArgs }}'
        command:
        - /usr/bin/git-workflow.sh
        image: ghcr.io/gepaplexx/git-workflows:0.4.1
        name: git
        resources: {}
        volumeMounts:
        - mountPath: /mnt/out/
          name: workspace
        - mountPath: /root/.ssh/known_hosts
          name: pipeline-secrets
          subPath: known_hosts
        - mountPath: /root/.ssh/id_rsa
          name: pipeline-secrets
          subPath: id_rsa
      inputs:
        parameters:
        - name: tag
        - default: ""
          name: extraArgs
      metadata:
        labels:
          app: argo
          clusterworkflowtemplate: argocd-operations
          template: update-argocd-application
      name: update-argocd-application
      outputs:
        parameters:
        - name: application
          valueFrom:
            path: /mnt/out/application
        - name: namespace
          valueFrom:
            path: /mnt/out/namespace
    cluster/containerimage-operations/build-and-push-image:
      container:
        args:
        - --dockerfile={{ workflow.parameters.containerfile }}
        - --context=/mnt/out/{{ workflow.parameters.reponame }}
        - --build-arg=BRANCH={{ workflow.parameters.revision }}
        - --build-arg=COMMIT={{ inputs.parameters.tag }}
        - --build-arg=VERSION={{ inputs.parameters.tag }}
        - --build-arg=TIMESTAMP=$(date +%Y-%M-%dT%H:%M:%S)
        - --destination={{ workflow.parameters.registry }}/{{ workflow.parameters.registry_user
          }}/{{ workflow.parameters.reponame }}:{{ inputs.parameters.tag }}{{ inputs.parameters.suffix
          }}
        - --skip-tls-verify
        - --verbosity=debug
        command:
        - /kaniko/executor
        image: gcr.io/kaniko-project/executor:debug
        name: kaniko
        resources: {}
        volumeMounts:
        - mountPath: /mnt/out/
          name: workspace
        - mountPath: /kaniko/.docker/config.json
          name: pipeline-secrets
          subPath: config.json
      inputs:
        parameters:
        - name: tag
        - default: ""
          name: suffix
      metadata:
        labels:
          app: argo
          clusterworkflowtemplate: containerimage-operations
          template: build-and-push-image
      name: build-and-push-image
      outputs: {}
    cluster/containerimage-operations/fail-on-critical-vulnerabilities:
      container:
        args:
        - image
        - --severity=CRITICAL
        - --ignore-unfixed
        - --cache-dir=/tmp/trivy/cache/
        - --exit-code=0
        - '{{ workflow.parameters.registry }}/{{ workflow.parameters.registry_user
          }}/{{ workflow.parameters.reponame }}:{{ inputs.parameters.tag }}-to-scan'
        command:
        - trivy
        image: docker.io/aquasec/trivy:latest
        name: trivy
        resources: {}
        volumeMounts:
        - mountPath: /tmp/trivy/cache
          name: cache
          subPath: cache
      inputs:
        parameters:
        - name: tag
      metadata:
        labels:
          app: argo
          clusterworkflowtemplate: containerimage-operations
          template: scan-container-image
      name: fail-on-critical-vulnerabilities
      outputs: {}
    cluster/containerimage-operations/retag-container-image:
      container:
        args:
        - copy
        - --authfile=/config.json
        - docker://{{ workflow.parameters.registry }}/{{ workflow.parameters.registry_user
          }}/{{ workflow.parameters.reponame }}:{{ inputs.parameters.old-tag }}
        - docker://{{ workflow.parameters.registry }}/{{ workflow.parameters.registry_user
          }}/{{ workflow.parameters.reponame }}:{{ inputs.parameters.new-tag }}
        command:
        - skopeo
        image: quay.io/containers/skopeo:latest
        name: ""
        resources: {}
        volumeMounts:
        - mountPath: /config.json
          name: pipeline-secrets
          subPath: config.json
      inputs:
        parameters:
        - name: old-tag
        - name: new-tag
      metadata:
        labels:
          app: argo
          clusterworkflowtemplate: containerimage-operations
          template: retag-container-image
      name: retag-container-image
      outputs: {}
    cluster/containerimage-operations/scan-container-image:
      container:
        args:
        - image
        - --severity={{ inputs.parameters.severitiy }}
        - --format=template
        - --template=@contrib/html.tpl
        - --cache-dir=/tmp/trivy/cache/
        - --ignore-unfixed
        - --output=/mnt/results/{{ workflow.parameters.reponame }}/{{ inputs.parameters.tag
          }}/trivy.html
        - '{{ workflow.parameters.registry }}/{{ workflow.parameters.registry_user
          }}/{{ workflow.parameters.reponame }}:{{ inputs.parameters.tag }}-to-scan'
        command:
        - trivy
        image: docker.io/aquasec/trivy:latest
        name: trivy
        resources: {}
        volumeMounts:
        - mountPath: /mnt/results/
          name: results
          subPath: results
        - mountPath: /tmp/trivy/cache
          name: cache
          subPath: cache
      initContainers:
      - args:
        - -c
        - mkdir -p /mnt/results/{{ workflow.parameters.reponame }}/{{ inputs.parameters.tag
          }}/
        command:
        - sh
        image: alpine:latest
        name: prerequisites
        resources: {}
        volumeMounts:
        - mountPath: /mnt/results/
          name: results
          subPath: results
      inputs:
        parameters:
        - name: tag
        - default: LOW,MEDIUM,HIGH,CRITICAL
          name: severitiy
      metadata:
        labels:
          app: argo
          clusterworkflowtemplate: containerimage-operations
          template: scan-container-image
      name: scan-container-image
      outputs: {}
      volumes:
      - name: results
        persistentVolumeClaim:
          claimName: '{{ workflow.parameters.reponame }}-results'
    cluster/git-operations-v2/checkout:
      container:
        args:
        - --clone
        - --url
        - '{{ workflow.parameters.repository }}'
        - --branch
        - '{{=sprig.join("/", sprig.regexSplit("/", workflow.parameters.revision,
          -1)[2:])}}'
        - --name
        - '{{ workflow.parameters.reponame }}'
        - --extract
        - '{{ inputs.parameters.extraArgs }}'
        command:
        - /usr/bin/git-workflow.sh
        image: ghcr.io/gepaplexx/git-workflows:0.4.1
        name: git-workflows
        resources: {}
        volumeMounts:
        - mountPath: /mnt/out/
          name: workspace
        - mountPath: /root/.ssh/known_hosts
          name: pipeline-secrets
          subPath: known_hosts
        - mountPath: /root/.ssh/id_rsa
          name: pipeline-secrets
          subPath: id_rsa
      inputs:
        parameters:
        - default: ""
          name: extraArgs
      metadata:
        labels:
          app: argo
          clusterworkflowtemplate: git-operations-v2
          template: checkout
      name: checkout
      outputs:
        parameters:
        - name: commit-hash
          valueFrom:
            path: /mnt/out/commit_hash
    cluster/integrationtest-operations/postman-local-collection-test:
      container:
        args:
        - newman run  --reporters {{ inputs.parameters.reporters }}  {{ inputs.parameters.extraArgs
          }} /mnt/out/{{ workflow.parameters.reponame }}/{{ inputs.parameters.collectionpath
          }}/{{ inputs.parameters.collection }}
        command:
        - sh
        - -c
        image: ghcr.io/gepaplexx/newman:latest
        name: newman
        resources: {}
        volumeMounts:
        - mountPath: /mnt/out/
          name: workspace
      inputs:
        parameters:
        - default: ""
          name: pomSubpath
        - default: ""
          name: collectionpath
        - default: postman.json
          name: collection
        - default: cli,junit,htmlextra
          name: reporters
        - default: --reporter-htmlextra-export /mnt/out/{{ workflow.parameters.reponame
            }}-junit.html
          name: extraArgs
      metadata:
        labels:
          app: argo
          clusterworkflowtemplate: integrationtest-operations
          template: postman-local-collection-test
      name: postman-local-collection-test
      outputs: {}
    cluster/k8s-operations/wait-for-deployment:
      inputs:
        parameters:
        - default: ""
          name: application
        - default: ""
          name: namespace
        - default: ""
          name: image
      metadata:
        labels:
          app: argo
          clusterworkflowtemplate: k8s-operations
          template: wait-for-deployment
      name: wait-for-deployment
      outputs: {}
      script:
        command:
        - bash
        image: ghcr.io/gepaplexx/kubectl-oc:v4.10
        name: ""
        resources: {}
        source: |
          #!/bin/bash

          set -e
          application={{ inputs.parameters.application }}
          image={{ inputs.parameters.image }}
          namespace={{ inputs.parameters.namespace }}
          status=Running

          counter=0
          while [ $counter -lt 20 ]; do
            PODS="$(kubectl get pods -o custom-columns="NAME:metadata.name,IMAGE:spec.containers[0].image,STATUS:.status.phase" -n ${namespace})"
            readarray -t POD <<< "$PODS"
            for  line in "${POD[@]}";do
              # Trim Whitespaces
              line=$(echo $line | xargs)
              readarray -d " " -t elements <<< "$line"
              if  [[ "${elements[0]}" =~ ^"${application}" ]] && [[ "${elements[1]}" == "${image}" ]] && [[ "${elements[2]}" =~ ^"${status}" ]]; then
                echo "Application is running"
                echo "waiting an additional 60 seconds for previous instances to terminate"
                sleep 60
                exit 0
              fi
            done
            counter=$((counter+1))
            sleep 60s
          done
          echo "Application has not been updated"
          exit 1
    cluster/maven-operations-v2/build:
      container:
        args:
        - '{{ inputs.parameters.goals }}'
        - '{{ inputs.parameters.extraArgs }}'
        - -f
        - /mnt/out/{{ workflow.parameters.reponame }}/{{ inputs.parameters.pomSubpath
          }}/pom.xml
        - -Dmaven.repo.local=/cache/{{ workflow.parameters.project }}
        command:
        - /usr/bin/mvn-wrapper.sh
        image: ghcr.io/gepaplexx/maven:0.1.2
        name: maven
        resources: {}
        volumeMounts:
        - mountPath: /mnt/out/
          name: workspace
        - mountPath: /root/.m2/settings.xml
          name: pipeline-secrets
          subPath: maven-settings.xml
        - mountPath: /cache/
          name: cache
      inputs:
        parameters:
        - default: clean install
          name: goals
        - default: ""
          name: pomSubpath
        - default: ""
          name: extraArgs
      metadata:
        labels:
          app: argo
          clusterworkflowtemplate: maven-operations-v2
          template: build
      name: build
      outputs: {}
    cluster/maven-operations-v2/generate-test-report:
      container:
        args:
        - '{{ inputs.parameters.goals }}'
        - '{{ inputs.parameters.extraArgs }}'
        - -f
        - /mnt/out/{{ workflow.parameters.reponame }}/{{ inputs.parameters.pomSubpath
          }}/pom.xml
        - -Dmaven.repo.local=/cache/{{ workflow.parameters.project }}
        command:
        - /usr/bin/mvn-wrapper.sh
        image: ghcr.io/gepaplexx/maven:0.1.2
        name: maven
        resources: {}
        volumeMounts:
        - mountPath: /mnt/out/
          name: workspace
        - mountPath: /root/.m2/settings.xml
          name: pipeline-secrets
          subPath: maven-settings.xml
        - mountPath: /cache/
          name: cache
      inputs:
        parameters:
        - default: surefire-report:report-only site -DgenerateReports=false
          name: goals
        - default: ""
          name: pomSubpath
        - default: ""
          name: extraArgs
      metadata:
        labels:
          app: argo
          clusterworkflowtemplate: maven-operations
          template: generate-test-report
      name: generate-test-report
      outputs: {}
    cluster/maven-operations-v2/run-sonarqube-analysis:
      container:
        args:
        - '{{ inputs.parameters.goals }}'
        - '{{ inputs.parameters.extraArgs }}'
        - -Dsonar.login=${SONAR_TOKEN}
        - -f
        - /mnt/out/{{ workflow.parameters.reponame }}/{{ inputs.parameters.pomSubpath
          }}/pom.xml
        - -Dmaven.repo.local=/cache/{{ workflow.parameters.project }}
        command:
        - /usr/bin/mvn-wrapper.sh
        env:
        - name: SONAR_TOKEN
          valueFrom:
            secretKeyRef:
              key: sonar-login
              name: workflow-{{ workflow.parameters.reponame }}
              optional: true
        image: ghcr.io/gepaplexx/maven:0.1.2
        name: maven
        resources: {}
        volumeMounts:
        - mountPath: /mnt/out/
          name: workspace
        - mountPath: /root/.m2/settings.xml
          name: pipeline-secrets
          subPath: maven-settings.xml
        - mountPath: /cache/
          name: cache
      inputs:
        parameters:
        - default: sonar:sonar
          name: goals
        - default: ""
          name: pomSubpath
        - default: ""
          name: extraArgs
      metadata:
        labels:
          app: argo
          clusterworkflowtemplate: maven-operations
          template: run-sonarqube-analysis
      name: run-sonarqube-analysis
      outputs: {}
    cluster/workflow-integrationtest-template/integration-test:
      dag:
        tasks:
        - arguments:
            parameters:
            - name: application
              value: '{{ inputs.parameters.application }}'
            - name: namespace
              value: '{{ inputs.parameters.namespace }}'
            - name: image
              value: '{{ inputs.parameters.image }}'
          name: wait-for-deployment
          templateRef:
            clusterScope: true
            name: k8s-operations
            template: wait-for-deployment
        - arguments: {}
          depends: wait-for-deployment
          name: integration-test
          templateRef:
            clusterScope: true
            name: integrationtest-operations
            template: postman-local-collection-test
      inputs:
        parameters:
        - default: ""
          name: application
        - name: namespace
          value: ""
        - name: image
          value: ""
      metadata:
        labels:
          app: argo
          clusterworkflowtemplate: workflow-integrationtest-template
          template: integration-test
      name: integration-test
      outputs: {}
    cluster/workflow-push-template/pipeline:
      dag:
        tasks:
        - arguments: {}
          name: checkout
          templateRef:
            clusterScope: true
            name: git-operations-v2
            template: checkout
        - arguments: {}
          depends: checkout
          name: build
          templateRef:
            clusterScope: true
            name: maven-operations-v2
            template: build
        - arguments:
            parameters:
            - name: tag
              value: '{{ tasks.checkout.outputs.parameters.commit-hash }}'
            - name: suffix
              value: -to-scan
          depends: build
          name: build-and-push-image
          templateRef:
            clusterScope: true
            name: containerimage-operations
            template: build-and-push-image
        - arguments:
            parameters:
            - name: tag
              value: '{{ tasks.checkout.outputs.parameters.commit-hash }}'
          depends: build-and-push-image
          name: scan-container-image
          templateRef:
            clusterScope: true
            name: containerimage-operations
            template: scan-container-image
        - arguments:
            parameters:
            - name: tag
              value: '{{ tasks.checkout.outputs.parameters.commit-hash }}'
          depends: build-and-push-image
          name: fail-on-critical-vulnerabilities
          templateRef:
            clusterScope: true
            name: containerimage-operations
            template: fail-on-critical-vulnerabilities
        - arguments:
            parameters:
            - name: old-tag
              value: '{{ tasks.checkout.outputs.parameters.commit-hash }}-to-scan'
            - name: new-tag
              value: '{{ tasks.checkout.outputs.parameters.commit-hash }}'
          depends: fail-on-critical-vulnerabilities
          name: retag-container-image
          templateRef:
            clusterScope: true
            name: containerimage-operations
            template: retag-container-image
        - arguments: {}
          depends: build
          name: run-sonarqube-analysis
          templateRef:
            clusterScope: true
            name: maven-operations-v2
            template: run-sonarqube-analysis
          when: '{{ inputs.parameters.sonarqube-active }}'
        - arguments: {}
          depends: build || build.Failed || build.Errored
          name: generate-test-report
          templateRef:
            clusterScope: true
            name: maven-operations-v2
            template: generate-test-report
        - arguments:
            parameters:
            - name: tag
              value: '{{ tasks.checkout.outputs.parameters.commit-hash }}'
          depends: retag-container-image
          name: update-argocd-application
          templateRef:
            clusterScope: true
            name: argocd-operations
            template: update-argocd-application
        - arguments:
            parameters:
            - name: application
              value: '{{ tasks.update-argocd-application.outputs.parameters.application
                }}'
            - name: namespace
              value: '{{ tasks.update-argocd-application.outputs.parameters.namespace
                }}'
            - name: image
              value: '{{ workflow.parameters.registry }}/{{ workflow.parameters.registry_user
                }}/{{ workflow.parameters.reponame }}:{{ tasks.checkout.outputs.parameters.commit-hash
                }}'
            - name: image_tag
              value: '{{ tasks.checkout.outputs.parameters.commit-hash }}'
          depends: update-argocd-application
          name: integration-test
          templateRef:
            clusterScope: true
            name: workflow-integrationtest-template
            template: integration-test
          when: '{{ inputs.parameters.integrationtest-active }}'
      inputs:
        parameters:
        - default: "false"
          name: sonarqube-active
        - default: "false"
          name: integrationtest-active
      metadata:
        labels:
          app: argo
          clusterworkflowtemplate: workflow-push-template
          template: pipeline
      name: pipeline
      outputs: {}
  storedWorkflowTemplateSpec:
    arguments:
      parameters:
      - name: repository
        value: git@github.com:gepaplexx-demos/weckdengeparden.git
      - name: revision
        value: refs/heads/main
      - name: containerfile
        value: Containerfile
      - name: registry
        value: ghcr.io
      - name: registry_user
        value: gepaplexx
      - name: sonarqube-active
        value: "false"
      - name: integrationtest-active
        value: "false"
      - name: reponame
        value: '{{=sprig.trimSuffix(".git", sprig.last(sprig.splitList("/", workflow.parameters.repository)))}}'
      - name: project
        value: '{{=sprig.join("-", sprig.regexSplit("/", workflow.parameters.revision,
          -1)[2:])}}'
    entrypoint: pipeline
    serviceAccountName: operate-workflow-sa
    templates:
    - dag:
        tasks:
        - arguments: {}
          name: checkout
          templateRef:
            clusterScope: true
            name: git-operations-v2
            template: checkout
        - arguments: {}
          depends: checkout
          name: build
          templateRef:
            clusterScope: true
            name: maven-operations-v2
            template: build
        - arguments:
            parameters:
            - name: tag
              value: '{{ tasks.checkout.outputs.parameters.commit-hash }}'
            - name: suffix
              value: -to-scan
          depends: build
          name: build-and-push-image
          templateRef:
            clusterScope: true
            name: containerimage-operations
            template: build-and-push-image
        - arguments:
            parameters:
            - name: tag
              value: '{{ tasks.checkout.outputs.parameters.commit-hash }}'
          depends: build-and-push-image
          name: scan-container-image
          templateRef:
            clusterScope: true
            name: containerimage-operations
            template: scan-container-image
        - arguments:
            parameters:
            - name: tag
              value: '{{ tasks.checkout.outputs.parameters.commit-hash }}'
          depends: build-and-push-image
          name: fail-on-critical-vulnerabilities
          templateRef:
            clusterScope: true
            name: containerimage-operations
            template: fail-on-critical-vulnerabilities
        - arguments:
            parameters:
            - name: old-tag
              value: '{{ tasks.checkout.outputs.parameters.commit-hash }}-to-scan'
            - name: new-tag
              value: '{{ tasks.checkout.outputs.parameters.commit-hash }}'
          depends: fail-on-critical-vulnerabilities
          name: retag-container-image
          templateRef:
            clusterScope: true
            name: containerimage-operations
            template: retag-container-image
        - arguments: {}
          depends: build
          name: run-sonarqube-analysis
          templateRef:
            clusterScope: true
            name: maven-operations-v2
            template: run-sonarqube-analysis
          when: '{{ inputs.parameters.sonarqube-active }}'
        - arguments: {}
          depends: build || build.Failed || build.Errored
          name: generate-test-report
          templateRef:
            clusterScope: true
            name: maven-operations-v2
            template: generate-test-report
        - arguments:
            parameters:
            - name: tag
              value: '{{ tasks.checkout.outputs.parameters.commit-hash }}'
          depends: retag-container-image
          name: update-argocd-application
          templateRef:
            clusterScope: true
            name: argocd-operations
            template: update-argocd-application
        - arguments:
            parameters:
            - name: application
              value: '{{ tasks.update-argocd-application.outputs.parameters.application
                }}'
            - name: namespace
              value: '{{ tasks.update-argocd-application.outputs.parameters.namespace
                }}'
            - name: image
              value: '{{ workflow.parameters.registry }}/{{ workflow.parameters.registry_user
                }}/{{ workflow.parameters.reponame }}:{{ tasks.checkout.outputs.parameters.commit-hash
                }}'
            - name: image_tag
              value: '{{ tasks.checkout.outputs.parameters.commit-hash }}'
          depends: update-argocd-application
          name: integration-test
          templateRef:
            clusterScope: true
            name: workflow-integrationtest-template
            template: integration-test
          when: '{{ inputs.parameters.integrationtest-active }}'
      inputs:
        parameters:
        - default: "false"
          name: sonarqube-active
        - default: "false"
          name: integrationtest-active
      metadata:
        labels:
          app: argo
          clusterworkflowtemplate: workflow-push-template
          template: pipeline
      name: pipeline
      outputs: {}
    ttlStrategy:
      secondsAfterCompletion: 3600
    volumeClaimTemplates:
    - metadata:
        creationTimestamp: null
        labels:
          disable_prediction: "true"
        name: workspace
      spec:
        accessModes:
        - ReadWriteMany
        resources:
          requests:
            storage: 1Gi
        storageClassName: rook-ceph-fs
      status: {}
    volumes:
    - name: pipeline-secrets
      secret:
        defaultMode: 384
        secretName: workflow-{{workflow.parameters.reponame}}
    - name: cache
      persistentVolumeClaim:
        claimName: cache-{{workflow.parameters.reponame}}
    workflowTemplateRef:
      clusterScope: true
      name: workflow-push-template
+1
fhochleitner on Sep 20, 2022

Unfortunately, after testing further with rc4 for a full 24 hours, this still isn’t fixed. I was wrong.

Equally unfortunately, it’s intermittent and I can’t get any more logs than level=error msg="Artifact Server returned internal error" error="Access Denied".

I’m also somewhat reluctant to do the same dance as before.

+1
tim-sendible on Sep 13, 2022

This is confirmed resolved in rc4

+1
tim-sendible on Sep 12, 2022
Read more comments on GitHub
← argo-rollouts: status command exits before timout
argo-workflows: About failures due to exceeded resource quota →