Uploaded image for project: 'OpenShift GitOps'
  1. OpenShift GitOps
  2. GITOPS-7671

1.17.0 RC2 - Unable to create ApplicationSet webhook route

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Blocker Blocker
    • 1.17.0
    • None
    • Operator
    • None

      Description of Problem

      Controller manager pod crashes upon enabling .spec.applicationSet.route field in ArgoCD CR stopping further reconciliation. 

      Additional Info

      Original bug: https://issues.redhat.com/browse/GITOPS-6707

      Operator log after panic:

      2025-07-30T10:59:03Z    INFO    controller_argocd       reconciling autoscalers
2025-07-30T10:59:03Z    INFO    controller_argocd       reconciling ingresses
2025-07-30T10:59:03Z    INFO    controller_argocd       applicationset or applicationset webhook ingress disabled
2025-07-30T10:59:03Z    INFO    controller_argocd       reconciling routes
W0730 10:59:03.330312       1 reflector.go:569] pkg/mod/k8s.io/client-go@v0.32.2/tools/cache/reflector.go:251: failed to list *v1.Ingress: ingresses.config.openshift.io is forbidden: User "system:serviceaccount:openshift-gitops-operator:openshift-gitops-operator-controller-manager" cannot list resource "ingresses" in API group "config.openshift.io" at the cluster scope
E0730 10:59:03.330540       1 reflector.go:166] "Unhandled Error" err="pkg/mod/k8s.io/client-go@v0.32.2/tools/cache/reflector.go:251: Failed to watch *v1.Ingress: failed to list *v1.Ingress: ingresses.config.openshift.io is forbidden: User \"system:serviceaccount:openshift-gitops-operator:openshift-gitops-operator-controller-manager\" cannot list resource \"ingresses\" in API group \"config.openshift.io\" at the cluster scope" logger="UnhandledError"
W0730 10:59:04.422583       1 reflector.go:569] pkg/mod/k8s.io/client-go@v0.32.2/tools/cache/reflector.go:251: failed to list *v1.Ingress: ingresses.config.openshift.io is forbidden: User "system:serviceaccount:openshift-gitops-operator:openshift-gitops-operator-controller-manager" cannot list resource "ingresses" in API group "config.openshift.io" at the cluster scope
E0730 10:59:04.422630       1 reflector.go:166] "Unhandled Error" err="pkg/mod/k8s.io/client-go@v0.32.2/tools/cache/reflector.go:251: Failed to watch *v1.Ingress: failed to list *v1.Ingress: ingresses.config.openshift.io is forbidden: User \"system:serviceaccount:openshift-gitops-operator:openshift-gitops-operator-controller-manager\" cannot list resource \"ingresses\" in API group \"config.openshift.io\" at the cluster scope" logger="UnhandledError"
W0730 10:59:06.355591       1 reflector.go:569] pkg/mod/k8s.io/client-go@v0.32.2/tools/cache/reflector.go:251: failed to list *v1.Ingress: ingresses.config.openshift.io is forbidden: User "system:serviceaccount:openshift-gitops-operator:openshift-gitops-operator-controller-manager" cannot list resource "ingresses" in API group "config.openshift.io" at the cluster scope
.
.
.

      Problem Reproduction

      • Enable .spec.applicationSet.route field in ArgoCD CR 

      Reproducibility

      • Always

      Prerequisites/Environment

      • Regular OCP with 1.17 RC installed

      Steps to Reproduce

      • Install 1.17 RC on a regular ocp cluster
      • Create an argocd instance with .spec.applicationSet.route field set to true

      Expected Results

      • ApplicationSet webhook route is created successfully

      Actual Results

      • Observe that the ApplicationSet pod doesn't come up, the route doesn't get created and the controller manager pod crashes
      • With cluster scoped instance openshift-gitops, the already up applicationset pod is not affected by this but the managed pod still crashes

      Problem Analysis

      • Completed

      Root Cause

      • <What is the root cause of the problem? Or, why is it not a bug?>

      Workaround (If Possible)

      • N/A

      Fix Approaches

      • <If we decide to fix this bug, how will we do it?>

      Acceptance Criteria

      • Expected result is met

      Definition of Done

      • Code Complete:
        • All code has been written, reviewed, and approved.
      • Tested:
        • Unit tests have been written and passed.
        • Ensure code coverage is not reduced with the changes.
        • Integration tests have been automated.
        • System tests have been conducted, and all critical bugs have been fixed.
        • Tested and merged on OpenShift either upstream or downstream on a local build.
      • Documentation:
        • User documentation or release notes have been written (if applicable).
      • Build:
        • Code has been successfully built and integrated into the main repository / project.
        • Midstream changes (if applicable) are done, reviewed, approved and merged.
      • Review:
        • Code has been peer-reviewed and meets coding standards.
        • All acceptance criteria defined in the user story have been met.
        • Tested by reviewer on OpenShift.
      • Deployment:
        • The feature has been deployed on OpenShift cluster for testing.

              rh-ee-sghadi Siddhesh Ghadi
              rhn-support-vab Varsha B
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: