1. 问题描述
断电后,k8s集群重新拉起。argocd无法同步gitlab中的数据,报错:
Unable to load data: Failed to fetch default: git fetch origin --tags --force
failed exit status 128: fatal: unable to access ‘https://gitlab.voidking.com/devops/argocd.git/': server certificate verification failed. CAfile: none CRLfile: none
2. 查日志
2.1. 查看argocd repo-server日志
repo-server负责从gitlab同步数据,查看一下它的日志。
1 | kubectl logs --tail=100 argo-cd-argocd-repo-server-547b6cf9f9-dff7d -n argocd |
内容为:
1 | time="2022-11-03T06:04:33Z" level=error msg="finished unary call with code Unknown" error="Get \"https://gitlab.voidking.com/devops/argocd.git/info/refs?service=git-upload-pack\": x509: certificate is not valid for any names, but wanted to match gitlab.voidking.com" grpc.code=Unknown grpc.method=GenerateManifest grpc.request.deadline="2022-11-03T06:05:33Z" grpc.service=repository.RepoServerService grpc.start_time="2022-11-03T06:04:33Z" grpc.time_ms=38.558 span.kind=server system=grpc |
2.2. 查看argocd其他组件日志
挨个查看argocd其他组件日志,其中dex-server看着有些问题
1 | kubectl logs --tail=100 argo-cd-argocd-dex-server-7cc5cc5455-c7q29 -n argocd |
内容为:
1 | time="2022-10-31T03:24:16Z" level=info msg="keys expired, rotating" |
3. 证书问题?
怀疑是证书到期导致的,打算对证书进行更新,参考文档TLS configuration
但是,怎么确认证书已经到期了呢?具体怎么操作更新证书?
没有找到方法,先看看还有没有其他可能。
4. 重启一下试试?
1 | k get pod argo-cd-argocd-repo-server-547b6cf9f9-dff7d -n argocd -oyaml | k replace --force -f - |
重建pod后,问题解决了。。。