gitops-operator icon indicating copy to clipboard operation
gitops-operator copied to clipboard

Published 20 hours ago verified publisher icon redhat-developer

Argo CD UI fails to create applications on OpenShift 4.12 clusters on AWS

Open jianrongzhang89 opened this issue 2 years ago • 4 comments

Describe the bug After the OpenShift GitOps operator was deployed on new OpenShift 4.12 clusters on AWS, I ran into permission errors when creating an application via Argo CD UI, and as such the creation failed.

To Reproduce Steps to reproduce the behavior:

  1. Create a new OpenShift 4.12 cluster on AWS.
  2. Deploy OpenShift GitOps operator through the OpenShift console Operator Hub.
  3. After the operator is deployed successfully, go to the Argo CD UI via the "CLuster Argo CD" link from the top of the console.
  4. Log into the Argo CD UI with OpoenShift Log in.
  5. Grant permission to access the Argo CD UI.
  6. In the Argo CD UI, click "+ NEW APP" button and enter the following details for your new application in the form.
  • Application Name: spring-petclinic
  • Project: default
  • Sync Policy: Automatic
  • Self-heal: checked
  • Repository URL: https://github.com/siamaksade/openshift-gitops-getting-started
  • Revision: HEAD
  • Path: app
  • Destination: https://kubernetes.default.svc
  • Namespace: spring-petclinic
  • Directory Recurse: checked The click "CREATE" and an error gets displayed (see the screenshot)and the operation failed.

Expected behavior The application shall be created successfully without errors.

Screenshots Screenshot 2023-05-09 at 11 23 58 AM

Additional context As a workaround, run the following commands and then the application creation is done without issue. So such configuration should be added into the OpenShift GitOps configuration so that it works out-of-box. oc adm groups new cluster-admins oc adm groups add-users cluster-admins admin

jianrongzhang89 avatar May 09 '23 15:05 jianrongzhang89

Hi @jianrongzhang89 , what is the GitOps Operator version you are running?

wtam2018 avatar Jun 01 '23 12:06 wtam2018

@wtam2018 The GitOps Operator version is 1.8.2.

jianrongzhang89 avatar Jun 01 '23 14:06 jianrongzhang89

Hi @jianrongzhang89, an Argo CD instance does not have permission to manage resources in any arbitrary namespace. However, you can configure that by using the managed-by label. Please see the documentation here. https://argocd-operator.readthedocs.io/en/latest/usage/deploy-to-different-namespaces/ What you would do is to add the managed-by label to the spring-petclinic namespace. The label is

argocd.argoproj.io/managed-by: foo // namespace of the Argo CD instance

Then, the operator will set up the permission for the Argo CD instance to manage the resources in the spring-petclinic namespace.

wtam2018 avatar Jun 01 '23 15:06 wtam2018

hi @wtam2018 I added the following label to my target namespace: argocd.argoproj.io/managed-by=openshift-gitops The error still happens in the Argo CD UI when I tried to create an application.

jianrongzhang89 avatar Jun 02 '23 15:06 jianrongzhang89