[ArgoCD] Failed to wait for service account secret: timed out waiting for the condition

Posted on By nim No Comments on [ArgoCD] Failed to wait for service account secret: timed out waiting for the condition

Nếu bạn gặp lỗi:

FATA[0033] Failed to wait for service account secret: timed out waiting for the condition

Đây là cách giải quết:
https://github.com/argoproj/argo-cd/issues/9422

Just want to share my (hacky) work around on this.

  1. Create a service account token Secret in the kube-system namespace, making sure that the annotation refers to the argocd-manager service account;
apiVersion: v1
kind: Secret
metadata:
  annotations:
    kubernetes.io/service-account.name: argocd-manager
  name: argocd-manager-token
  namespace: kube-system
type: kubernetes.io/service-account-token
  1. Yes, kubernetes 1.24 populates data into the newly created secret;
  2. But the secret is not associated with the sa, the sa still has 0 secrets;
root@ip-192-168-1-38:~# kubectl get sa -n kube-system
NAME                                 SECRETS   AGE
argocd-manager                       0         5d4h
  1. I did kubectl edit sa -n kube-system argocd-manager to manually add the secret to the service account:
secrets:
- name: argocd-manager-token
  1. Now the service account has 1 secret;
  2. And I can add the 1.24.0 cluster now.
root@ip-172-31-55-65:~# argocd cluster add --kubeconfig ./config_kyst_us-west-1 kyst-backend-us-west-1
WARNING: This will create a service account `argocd-manager` on the cluster referenced by context `kyst-backend-us-west-1` with full cluster level admin privileges. Do you want to continue [y/N]? y
INFO[0002] ServiceAccount "argocd-manager" already exists in namespace "kube-system" 
INFO[0002] ClusterRole "argocd-manager-role" updated    
INFO[0002] ClusterRoleBinding "argocd-manager-role-binding" updated 
FATA[0032] Failed to wait for service account secret: timed out waiting for the condition 
root@ip-172-31-55-65:~# argocd cluster add --kubeconfig ./config_kyst_us-west-1 kyst-backend-us-west-1
WARNING: This will create a service account `argocd-manager` on the cluster referenced by context `kyst-backend-us-west-1` with full cluster level admin privileges. Do you want to continue [y/N]? y
INFO[0001] ServiceAccount "argocd-manager" already exists in namespace "kube-system" 
INFO[0001] ClusterRole "argocd-manager-role" updated    
INFO[0001] ClusterRoleBinding "argocd-manager-role-binding" updated 
Cluster 'https://<hide-my-ip-here>:6443' added

With that, to fix this by the ‘short term solution’, we may need to not only create a service account token Secret, but also add the secret to the argocd-manager service account.

ArgoCD

More Related Articles

[ArgoCD] Cài đặt argocd cli và connect với ArgoCD ArgoCD
[ArgoCD] Add other Cluster ranchers, k8s, or EKS into ArgoCD. ArgoCD
[Argocd] Configure Role and Grant permission for the users that sign in to Argocd ArgoCD
[kubectl/Argocd] How to create a kubectl config file for serviceaccount or from the cluster secret of Argocd ArgoCD
[ArgoCD] Hướng dẫn tạo “local user” trên argocd ArgoCD
[Argocd] Run “bash/sh” to execute pods on kubernetes via Argocd. ArgoCD

Leave a Reply

Your email address will not be published. Required fields are marked *