Comments (6)
lianghuiyuan
commented on June 3, 2024
1
Thank you, @khuedoan !
I redeployed and fixed the problem.
from homelab.
khuedoan
commented on June 3, 2024
Can you get the Application definition of one of the incorrect app, for example:
kubectl get application hajimari -n argocd -o yaml
from homelab.
lianghuiyuan
commented on June 3, 2024
Thank you so much! @khuedoan
kubectl get application --all-namespaces
[nix-shell:/home/creasy/githubs/homelab]# kubectl get application --all-namespaces
NAMESPACE NAME SYNC STATUS HEALTH STATUS
argocd dex Unknown Progressing
argocd excalidraw Unknown Progressing
argocd gitea Unknown Progressing
argocd hajimari Unknown Progressing
argocd harbor Unknown Progressing
argocd jellyfin Unknown Progressing
argocd monitoring-system Unknown Progressing
argocd paperless Unknown Progressing
argocd tekton-pipelines Unknown Progressing
kubectl get application hajimari -n argocd -o yaml
[nix-shell:/home/creasy/githubs/homelab]# kubectl get application hajimari -n argocd -o yaml
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
creationTimestamp: "2023-05-10T02:29:06Z"
deletionGracePeriodSeconds: 0
deletionTimestamp: "2023-05-11T10:11:04Z"
finalizers:
- resources-finalizer.argocd.argoproj.io
generation: 687
name: hajimari
namespace: argocd
ownerReferences:
- apiVersion: argoproj.io/v1alpha1
blockOwnerDeletion: true
controller: true
kind: ApplicationSet
name: apps
uid: 3b35a343-954f-4464-bc5d-96006575ae89
resourceVersion: "703007"
uid: bd6a1c33-77f7-4b62-bd88-659d84505326
spec:
destination:
name: in-cluster
namespace: hajimari
project: default
source:
path: apps/hajimari
repoURL: https://github.com/lianghuiyuan/homelab
targetRevision: master
syncPolicy:
automated:
prune: true
selfHeal: true
retry:
backoff:
duration: 1m
factor: 2
maxDuration: 16m
limit: 10
syncOptions:
- CreateNamespace=true
- ApplyOutOfSyncOnly=true
- ServerSideApply=true
status:
conditions:
- lastTransitionTime: "2023-05-12T01:14:40Z"
message: 'rpc error: code = Unknown desc = Get "https://github.com/lianghuiyuan/homelab/info/refs?service=git-upload-pack":
context deadline exceeded (Client.Timeout exceeded while awaiting headers)'
type: ComparisonError
health:
status: Progressing
history:
- deployStartedAt: "2023-05-10T02:56:07Z"
deployedAt: "2023-05-10T02:56:17Z"
id: 0
revision: 8cff611f899f0a86ae18b86457cd249cafb2a2e0
source:
path: apps/hajimari
repoURL: https://github.com/lianghuiyuan/homelab
targetRevision: master
operationState:
finishedAt: "2023-05-11T02:37:16Z"
message: one or more objects failed to apply (dry run) (retried 10 times).
operation:
initiatedBy:
automated: true
retry:
backoff:
duration: 1m
factor: 2
maxDuration: 16m
limit: 10
sync:
prune: true
revision: 163b4f82014a3394c635833516af82717671af0a
syncOptions:
- CreateNamespace=true
- ApplyOutOfSyncOnly=true
- ServerSideApply=true
phase: Failed
retryCount: 10
startedAt: "2023-05-11T00:31:14Z"
syncResult:
resources:
- group: networking.k8s.io
hookPhase: Failed
kind: Ingress
message: 'Internal error occurred: failed calling webhook "validate.nginx.ingress.kubernetes.io":
failed to call webhook: Post "https://ingress-nginx-controller-admission.ingress-nginx.svc:443/networking/v1/ingresses?timeout=30s":
x509: certificate signed by unknown authority'
name: hajimari
namespace: hajimari
status: SyncFailed
syncPhase: Sync
version: v1
revision: 163b4f82014a3394c635833516af82717671af0a
source:
path: apps/hajimari
repoURL: https://github.com/lianghuiyuan/homelab
targetRevision: master
reconciledAt: "2023-05-12T01:14:40Z"
resources:
- group: networking.k8s.io
health:
message: Pending deletion
status: Progressing
kind: Ingress
name: hajimari
namespace: hajimari
requiresPruning: true
status: Unknown
version: v1
summary:
externalURLs:
- https://home.khuedoan.com/
sync:
comparedTo:
destination:
name: in-cluster
namespace: hajimari
source:
path: apps/hajimari
repoURL: https://github.com/lianghuiyuan/homelab
targetRevision: master
status: Unknown
from homelab.
lianghuiyuan
commented on June 3, 2024
(Host Correct) argocd ingress
[nix-shell:/home/creasy/githubs/homelab]# kubectl describe ingress argocd-server -n argocd
Name: argocd-server
Labels: app.kubernetes.io/component=server
app.kubernetes.io/instance=argocd
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=argocd-server
app.kubernetes.io/part-of=argocd
helm.sh/chart=argo-cd-5.20.2
Namespace: argocd
Address: 192.168.10.224
Ingress Class: nginx
Default backend: <default>
TLS:
argocd-tls-certificate terminates argocd.lhy.me
Rules:
Host Path Backends
---- ---- --------
argocd.lhy.me
/ argocd-server:80 (10.42.2.234:8080)
Annotations: cert-manager.io/cluster-issuer: letsencrypt-prod
hajimari.io/appName: ArgoCD
hajimari.io/icon: robot
Events: <none>
(Host Incorrect) hajimari ingress
[nix-shell:/home/creasy/githubs/homelab]# kubectl describe ingress hajimari -n hajimari
Name: hajimari
Labels: app.kubernetes.io/instance=hajimari
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=hajimari
app.kubernetes.io/version=v0.3.1
argocd.argoproj.io/instance=hajimari
helm.sh/chart=hajimari-2.0.2
Namespace: hajimari
Address: 192.168.10.224
Ingress Class: nginx
Default backend: <default>
TLS:
hajimari-tls-certificate terminates home.khuedoan.com
Rules:
Host Path Backends
---- ---- --------
home.khuedoan.com
/ hajimari:3000 (<error: endpoints "hajimari" not found>)
Annotations: cert-manager.io/cluster-issuer: letsencrypt-prod
hajimari.io/enable: false
Events: <none>
from homelab.
lianghuiyuan
commented on June 3, 2024
terraform apply -auto-approve
Is it possible that it is caused by 'Error: the server could not find the requested resource (post secrets) :"kubernetes_secret" "cert_manager_token"'?
[nix-shell:/home/creasy/githubs/homelab]# cd external/
[nix-shell:/home/creasy/githubs/homelab/external]# terraform apply -auto-approve
module.zerotier.zerotier_identity.router: Refreshing state... [id=8e8e989587]
module.cloudflare.data.http.public_ipv4: Reading...
module.cloudflare.random_password.tunnel_secret: Refreshing state... [id=none]
module.zerotier.zerotier_network.network: Refreshing state... [id=e5cd7a9e1cb84b70]
module.cloudflare.data.cloudflare_api_token_permission_groups.all: Reading...
module.cloudflare.cloudflare_argo_tunnel.homelab: Refreshing state... [id=054a86b2-301a-4ed6-b14c-25761e06e3c5]
module.cloudflare.data.cloudflare_zone.zone: Reading...
module.cloudflare.data.http.public_ipv4: Read complete after 0s [id=https://ipv4.icanhazip.com]
module.zerotier.zerotier_member.router: Refreshing state... [id=e5cd7a9e1cb84b70/8e8e989587]
module.cloudflare.data.cloudflare_api_token_permission_groups.all: Read complete after 1s [id=db26bb2fe42e291eab2965e0fbca358d]
module.cloudflare.cloudflare_api_token.cert_manager: Refreshing state... [id=fc32ba79767e8a3ecca3462b93f541fa]
module.cloudflare.cloudflare_api_token.external_dns: Refreshing state... [id=24a5d32ac68b4404f03a9a48abd9fcd0]
module.cloudflare.data.cloudflare_zone.zone: Read complete after 2s [id=6d7f06f2ea702dc16c872ad80ab91e37]
module.cloudflare.cloudflare_record.tunnel: Refreshing state... [id=97c6049f37c8564e4bf6988222e21c6a]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# module.cloudflare.kubernetes_secret.cert_manager_token will be created
+ resource "kubernetes_secret" "cert_manager_token" {
+ data = (sensitive value)
+ id = (known after apply)
+ type = "Opaque"
+ metadata {
+ generation = (known after apply)
+ name = "cloudflare-api-token"
+ namespace = "cert-manager"
+ resource_version = (known after apply)
+ uid = (known after apply)
}
}
# module.cloudflare.kubernetes_secret.cloudflared_credentials will be created
+ resource "kubernetes_secret" "cloudflared_credentials" {
+ data = (sensitive value)
+ id = (known after apply)
+ type = "Opaque"
+ metadata {
+ generation = (known after apply)
+ name = "cloudflared-credentials"
+ namespace = "cloudflared"
+ resource_version = (known after apply)
+ uid = (known after apply)
}
}
# module.cloudflare.kubernetes_secret.external_dns_token will be created
+ resource "kubernetes_secret" "external_dns_token" {
+ data = (sensitive value)
+ id = (known after apply)
+ type = "Opaque"
+ metadata {
+ generation = (known after apply)
+ name = "cloudflare-api-token"
+ namespace = "external-dns"
+ resource_version = (known after apply)
+ uid = (known after apply)
}
}
# module.zerotier.kubernetes_secret.router will be created
+ resource "kubernetes_secret" "router" {
+ data = (sensitive value)
+ id = (known after apply)
+ type = "Opaque"
+ metadata {
+ generation = (known after apply)
+ name = "zerotier-router"
+ namespace = "zerotier"
+ resource_version = (known after apply)
+ uid = (known after apply)
}
}
Plan: 4 to add, 0 to change, 0 to destroy.
module.zerotier.kubernetes_secret.router: Creating...
module.cloudflare.kubernetes_secret.cloudflared_credentials: Creating...
module.cloudflare.kubernetes_secret.external_dns_token: Creating...
module.cloudflare.kubernetes_secret.cert_manager_token: Creating...
╷
│ Warning: Deprecated attribute
│
│ on modules/cloudflare/main.tf line 17, in locals:
│ 17: "${chomp(data.http.public_ipv4.body)}/32",
│
│ The attribute "body" is deprecated. Refer to the provider documentation for details.
│
│ (and one more similar warning elsewhere)
╵
╷
│ Error: the server could not find the requested resource (post secrets)
│
│ with module.cloudflare.kubernetes_secret.cloudflared_credentials,
│ on modules/cloudflare/main.tf line 43, in resource "kubernetes_secret" "cloudflared_credentials":
│ 43: resource "kubernetes_secret" "cloudflared_credentials" {
│
╵
╷
│ Error: the server could not find the requested resource (post secrets)
│
│ with module.cloudflare.kubernetes_secret.external_dns_token,
│ on modules/cloudflare/main.tf line 79, in resource "kubernetes_secret" "external_dns_token":
│ 79: resource "kubernetes_secret" "external_dns_token" {
│
╵
╷
│ Error: the server could not find the requested resource (post secrets)
│
│ with module.cloudflare.kubernetes_secret.cert_manager_token,
│ on modules/cloudflare/main.tf line 110, in resource "kubernetes_secret" "cert_manager_token":
│ 110: resource "kubernetes_secret" "cert_manager_token" {
│
╵
╷
│ Error: the server could not find the requested resource (post secrets)
│
│ with module.zerotier.kubernetes_secret.router,
│ on modules/zerotier/main.tf line 42, in resource "kubernetes_secret" "router":
│ 42: resource "kubernetes_secret" "router" {
│
╵
from homelab.
khuedoan
commented on June 3, 2024
cert-manager is not related, it just generate certs for the ingresses, the ingress hosts are defined separately.
I'm guessing what's happening is you ran make before you push the changes from make configure, so the data from the seed repo (your fork on GitHub) is the same with my repo.
ArgoCD ingress was applied locally from the bootstrap step so it's correct.
The application status showing it's trying to delete the incorrect Ingress but still pending, can you try to delete it manually?
- group: networking.k8s.io
health:
message: Pending deletion
status: Progressing
kind: Ingress
name: hajimari
namespace: hajimari
requiresPruning: true
status: Unknown
version: v1Or you can go to ArgoCD UI and click Sync.
from homelab.
Related Issues (20)
- Support IPv6 HOT 3
- ExternalSecret could not get secret data from provider HOT 3
- cloudflare module error in make process and cloudflared error HOT 9
- new fresh deployment only those pods run HOT 3
- Upon rebuilding, first node in inventory.yaml doesn't rejoin existing cluster. HOT 3
- Route53 instead of cloudflared? HOT 3
- Recreate "Platform" apps HOT 7
- System-upgrade was removed HOT 1
- Add idm_admin creation to kanidm admin reset script? HOT 1
- gitea and 4 other services in a degraded state HOT 5
- Contact Point of AlertManager is absent HOT 5
- Adding a second dedicated network interface for longhorn replication HOT 4
- [Feature request] Add VPN egress HOT 3
- Kubernetes cluster unreachable: x509: certificate signed by unknown authority HOT 1
- Failed to install ArgoCD HOT 5
- Command: make tools, error HOT 2
- Getting errors on bootstrap phase with ApplicationSets HOT 1
- Cannot add master node HOT 3
- Add Infro PR Checks? HOT 1
- Not an Issue : Just a question about nodes HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from homelab.