Nigel Bazzeghin requested to merge nigel-test-branch into main May 28, 2024

General MR

Summary

Smoke tests were failing after the argocd chart upgrade. This disabled the newly added redisSecretInit by default. The issue was kyverno was blocking the secret init pod from starting, which caused the argocd deployment to fail.

Relevant logs/screenshots

I0527 16:14:50.266462       1 event_broadcaster.go:338] "Event occurred" object="require-non-root-group" kind="ClusterPolicy" apiVersion="kyverno.io/v1" type="Warning" reason="PolicyViolation" action="Resource Blocked" note="Pod argocd/argocd-argocd-redis-secret-init-8f5zz: [run-as-group] fail (blocked); validation failure: validation error: runAsGroup must be set to an id > 0 in either spec.securityContext.runAsGroup or (spec.containers[*].securityContext.runAsGroup, spec.initContainers[*].securityContext.runAsGroup, and spec.ephemeralContainers[*].securityContext.runAsGroup). rule run-as-group[0] failed at path /securityContext/runAsGroup/"

Test MR: big-bang/bigbang!4409 (closed)

Linked Issue

#171 (closed)

Upgrade Notices

N/A

Edited May 28, 2024 by Nigel Bazzeghin

Admin message

disabled redisSecretInit by default

General MR

Summary

Relevant logs/screenshots

Linked Issue

Upgrade Notices

Merge request reports