Uploaded image for project: 'OpenShift GitOps'
  1. OpenShift GitOps
  2. GITOPS-2480

Fix $HOME value in argocd-controller

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Normal Normal
    • 1.8.0
    • None
    • Operator
    • None
    • 5
    • False
    • None
    • False
    • GITOPS Sprint 230, GITOPS Sprint 231

      *Description of problem: *

      OpenShift gitops-operator ran the argocd-controller as a random user with $HOME set to /. This prevented the kubernetes client in the controller from creating the .kube folder leading to very long sync times.

      Prerequisites (if any, like setup, operators/versions):

      Steps to Reproduce

      1. Create an argocd instance in a namespace which doesn't have cluster admin permission.
      2. Run `kubectl get pods -A -v=20` command in the argocd-application-controller terminal.

      Actual results:

      Observe the failures of
      ```failed to write cache to /.kube/cache/discovery/172.30.0.1_443/console.openshift.io/v1alpha1/serverresources.json due to mkdir /.kube: permission denied```

      Expected results:

      No `.kube: permission denied` failure.

      Reproducibility (Always/Intermittent/Only Once):

      Always

      Additional info (Such as Logs, Screenshots, etc):

      I1221 14:53:44.939815 21 cached_discovery.go:87] failed to write cache to /.kube/cache/discovery/172.30.0.1_443/build.openshift.io/v1/serverresources.json due to mkdir /.kube: permission denied
      I1221 14:53:45.134976 21 request.go:597] Waited for 10.996819499s due to client-side throttling, not priority and fairness, request: GET:https://172.30.0.1:443/apis/performance.openshift.io/v2?timeout=32s
      I1221 14:53:45.135063 21 round_trippers.go:466] curl -v -XGET -H "Accept: application/json, /" -H "User-Agent: kubectl/4.10.0 (linux/amd64) kubernetes/8df677d" -H "Authorization: Bearer <masked>" 'https://172.30.0.1:443/apis/performance.openshift.io/v2?timeout=32s'
      I1221 14:53:45.136399 21 round_trippers.go:570] HTTP Statistics: GetConnection 0 ms ServerProcessing 1 ms Duration 1 ms
      I1221 14:53:45.136414 21 round_trippers.go:577] Response Headers:
      I1221 14:53:45.136424 21 round_trippers.go:580] Content-Length: 475
      I1221 14:53:45.136432 21 round_trippers.go:580] Date: Wed, 21 Dec 2022 14:53:45 GMT
      I1221 14:53:45.136441 21 round_trippers.go:580] Audit-Id: 7f10e7b5-262a-4c57-b869-78d6cefd3863
      I1221 14:53:45.136449 21 round_trippers.go:580] Cache-Control: no-cache, private
      I1221 14:53:45.136458 21 round_trippers.go:580] Content-Type: application/json
      I1221 14:53:45.136466 21 round_trippers.go:580] Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
      I1221 14:53:45.136472 21 round_trippers.go:580] X-Kubernetes-Pf-Flowschema-Uid: 5fc09427-e08a-4f5b-b335-7dc07b92a9a2
      I1221 14:53:45.136478 21 round_trippers.go:580] X-Kubernetes-Pf-Prioritylevel-Uid: 4d901bdf-d3a7-46b5-a34a-7b6cccaf1987
      I1221 14:53:45.136543 21 request.go:1181] Response Body: {"kind":"APIResourceList","apiVersion":"v1","groupVersion":"performance.openshift.io/v2","resources":[

      {"name":"performanceprofiles","singularName":"performanceprofile","namespaced":false,"kind":"PerformanceProfile","verbs":["delete","deletecollection","get","list","patch","create","update","watch"],"storageVersionHash":"+AfVMGb9Yeo="}

      ,

      {"name":"performanceprofiles/status","singularName":"","namespaced":false,"kind":"PerformanceProfile","verbs":["get","patch","update"]}

      ]}

            yicai@redhat.com Yi Cai
            yicai@redhat.com Yi Cai
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: