Nếu bạn gặp lỗi:
FATA[0033] Failed to wait for service account secret: timed out waiting for the condition
Đây là cách giải quết:
https://github.com/argoproj/argo-cd/issues/9422
Just want to share my (hacky) work around on this.
- Create a service account token Secret in the
kube-system
namespace, making sure that the annotation refers to theargocd-manager
service account;
apiVersion: v1 kind: Secret metadata: annotations: kubernetes.io/service-account.name: argocd-manager name: argocd-manager-token namespace: kube-system type: kubernetes.io/service-account-token
- Yes, kubernetes 1.24 populates
data
into the newly created secret; - But the secret is not associated with the sa, the sa still has 0 secrets;
root@ip-192-168-1-38:~# kubectl get sa -n kube-system NAME SECRETS AGE argocd-manager 0 5d4h
- I did
kubectl edit sa -n kube-system argocd-manager
to manually add the secret to the service account:
secrets: - name: argocd-manager-token
- Now the service account has 1 secret;
- And I can add the 1.24.0 cluster now.
root@ip-172-31-55-65:~# argocd cluster add --kubeconfig ./config_kyst_us-west-1 kyst-backend-us-west-1 WARNING: This will create a service account `argocd-manager` on the cluster referenced by context `kyst-backend-us-west-1` with full cluster level admin privileges. Do you want to continue [y/N]? y INFO[0002] ServiceAccount "argocd-manager" already exists in namespace "kube-system" INFO[0002] ClusterRole "argocd-manager-role" updated INFO[0002] ClusterRoleBinding "argocd-manager-role-binding" updated FATA[0032] Failed to wait for service account secret: timed out waiting for the condition root@ip-172-31-55-65:~# argocd cluster add --kubeconfig ./config_kyst_us-west-1 kyst-backend-us-west-1 WARNING: This will create a service account `argocd-manager` on the cluster referenced by context `kyst-backend-us-west-1` with full cluster level admin privileges. Do you want to continue [y/N]? y INFO[0001] ServiceAccount "argocd-manager" already exists in namespace "kube-system" INFO[0001] ClusterRole "argocd-manager-role" updated INFO[0001] ClusterRoleBinding "argocd-manager-role-binding" updated Cluster 'https://<hide-my-ip-here>:6443' added
With that, to fix this by the ‘short term solution’, we may need to not only create a service account token Secret, but also add the secret to the argocd-manager
service account.