Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secret data keeps disappearing and reappearing per 10 seconds in argo #494

Open
chuyuou opened this issue Jan 30, 2025 · 2 comments
Open

Secret data keeps disappearing and reappearing per 10 seconds in argo #494

chuyuou opened this issue Jan 30, 2025 · 2 comments
Labels
bug Something isn't working

Comments

@chuyuou
Copy link

chuyuou commented Jan 30, 2025
edited
Loading

Current Behavior

Argo keeps to sync the app with the secret per 10 seconds. The status of the app keeps looping similarly as below:

 Normal  OperationStarted    12s    argocd-application-controller  Initiated automated sync to 'fdf03exxxxxx'
  Normal  ResourceUpdated     12s    argocd-application-controller  Updated sync status: Synced -> OutOfSync
  Normal  ResourceUpdated     9s     argocd-application-controller  Updated sync status: OutOfSync -> Synced
  Normal  OperationCompleted  8s     argocd-application-controller  Sync operation to fdf03exxxxxx succeeded

When we check the value of the secret, the expected values keeps appearing and disappearing roughly per 10-15 seconds as well:

Image

Expected Behavior

Secret should be stable

Steps To Reproduce



Environment


    

  • Helm Version:
    • 

  • Helm Secrets Version: 4.6.2
    • 

  • SOPS version:3.9.0
    • 

  • ArgoCD Version:2.12.3
    • 

  • OS:
    • 

  • Shell:
    • 



Anything else?


No response

      		
    

      
  





        



            

              
            

        

      


      
    








      

    



      

  
            

    

      
    

    


      

          @chuyuou
chuyuou




          added
  the 

  bug

  Something isn't working
 label


      Jan 30, 2025

    

  








      

  
      



  

  @jkroepke





  


    

      

  

    

        
    
    

  


      
          
  
      
            Copy link

  

      
    

  


  

      

  
    Owner


      

  


  

    

  





      


        


  
    

      
          
If possible, check audit log of kubernetes for who is invoke the delete of the secret.

      		
    

  





        


            

            

              
            

        

      


      

            
  

    
  
    
    

  

  



    












      

  
      



  

  @chuyuou





  


    

      

  

    

        
    
    

  


      
          
  
      
            Copy link

  

      
    

  


  

      



      

  Author


  


  

    

      

      
            chuyuou
  

      

      

      commented


        Jan 30, 2025


      
  

  

    
      

        
          edited
          
        
        
      

    
    
      
        
      Loading

      
    
  



    


  





      


        


  
    

      
          


If possible, check audit log of kubernetes for who is invoke the delete of the secret.




It's argocd-application-controller keeps on patching the secret. @jkroepke

Image

Would it be because I mounted the secret in secrets://? My argo application manifest is similar to below:


apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: prometheus
  namespace: argocd
  finalizers:
    - resources-finalizer.argocd.argoproj.io
  annotations:
    argocd.argoproj.io/sync-wave: "0"
spec:
  project: default
  source:
    repoURL: https://github.com/domain-group/argocd.git
    targetRevision: feat/xxx
    path: prometheus/
    helm:
      valueFiles:
        - secrets://../../../prometheus-secret.yaml
      releaseName: nonprod-prometheus
      version: v3
      parameters:
        - name: alertmanager.alertmanagerSpec.config.route.receiver
          value: nonprod_slack
  destination:
    server: https://kubernetes.default.svc
    namespace: monitoring
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=true


      		
    

  





        


            

            

              
            

        

      


      

            
  

    
  
    
    

  

  



    
















  
  

    

      

  





  




  
  

              

  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment


  



  






  
                  




    

  


      
  

    Assignees
  



        

    No one assigned







      


  


  

    Labels
  



    

      

    bug

  Something isn't working








      

  

    

        

    Projects
  


        




    None yet




  



      


  

    
  

    Milestone
  


      No milestone





    
      
          


  

    
      

        
    

    Development
  




          
    
No branches or pull requests







    
  




      

    

  
      

  

    

      2 participants
    

    

        
          @jkroepke 
        
          @chuyuou