K
Q

secret argocd/argo-cert-prod was updated and it is used in ingress annotations

5/24/2020

I use ArgoCD and have published the UI via NGINX ingress as follows:

apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  name: svc-cert-prod
  namespace: argocd
spec:
  secretName: argo-cert-prod
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer
  commonName: "cd.example.io"
  dnsNames:
    - "cd.example.io"
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: argocd-server-ingress
  namespace: argocd
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    kubernetes.io/ingress.class: nginx
    kubernetes.io/tls-acme: "true"
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    # If you encounter a redirect loop or are getting a 307 response code
    # then you need to force the nginx ingress to connect to the backend using HTTPS.
    #
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
  rules:
    - host: cd.example.io
      http:
        paths:
          - backend:
              serviceName: argocd-server
              servicePort: https
            path: /
  tls:
    - hosts:
        - cd.example.io
      secretName: argo-cert-prod
---

When I look into the NGINX container logs, it shows

I0524 20:13:05.721610       7 store.go:448] secret argocd/argo-cert-prod was updated and it is used in ingress annotations. Parsing...
I0524 20:13:05.920550       7 store.go:448] secret argocd/argo-cert-prod was updated and it is used in ingress annotations. Parsing...
I0524 20:13:06.121675       7 store.go:448] secret argocd/argo-cert-prod was updated and it is used in ingress annotations. Parsing...
I0524 20:13:06.321001       7 store.go:448] secret argocd/argo-cert-prod was updated and it is used in ingress annotations. Parsing...
I0524 20:13:06.524940       7 store.go:448] secret argocd/argo-cert-prod was updated and it is used in ingress annotations. Parsing...
I0524 20:13:06.720776       7 store.go:448] secret argocd/argo-cert-prod was updated and it is used in ingress annotations. Parsing...
I0524 20:13:06.922470       7 store.go:448] secret argocd/argo-cert-prod was updated and it is used in ingress annotations. Parsing...
I0524 20:13:07.122135       7 store.go:448] secret argocd/argo-cert-prod was updated and it is used in ingress annotations. Parsing.

Why does it show the message every second? I have also https://goharbor.io/ installed and it uses also NGINX ingress. But I do not get any message from Harbor.

I use Rancher and it shows:

enter image description here

Is that responsible for the interval message?

-- zero_coding
argocd
kubernetes
nginx

Similar Questions

Does Kubernetes GKE HorizontalPodAutoscaler min and max replicas work on a per zone basis?
Getting connection refused from kubernetes pod open port
Which PID is using a PORT inside a k8s pod without net tools
Why does GKE kubernetes cluster need a version?

1 Answer

5/24/2020

That message means something is updating you secret all the time.

That can be a conflict between two Ingress with the same secret name.

You are using cert-manager, so please check that the secret name you are using here is unique for around all Ingress in that namespace and nothing else using the secret with that name.

Also, make sure that nothing except cert-manager trying to update the secret. Maybe you have something else which works with secrets which are trying to write the secret with the same name.

UPD: Based on your update - yes, that is responsible for interval messages.

-- Anton Kostenko
Source: StackOverflow