Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Log Spam/Sorta Infinite Loop? #16859

Open
ForbiddenEra opened this issue Jan 13, 2024 · 5 comments · May be fixed by #19970
Open

Log Spam/Sorta Infinite Loop? #16859

ForbiddenEra opened this issue Jan 13, 2024 · 5 comments · May be fixed by #19970
Labels
bug Something isn't working component:git Interaction with GitHub, Gitlab etc

Comments

@ForbiddenEra
Copy link

I've got Argo setup managing itself. Using GitLab login w/Dex. Viewing the logs for the argocd-server pods results in the logs being spammed:

time="2024-01-13T14:09:16Z" level=info msg="finished unary call with code OK" grpc.code=OK grpc.method=ListResourceLinks grpc.service=application.ApplicationService grpc.start_time="2024-01-13T14:09:16Z" grpc.time_ms=28.747 span.kind=server system=grpc
time="2024-01-13T14:09:16Z" level=info msg="received unary call /application.ApplicationService/ListResourceLinks" grpc.method=ListResourceLinks grpc.request.claims="{\"at_hash\":\"REMOVED\",\"aud\":\"argo-cd\",\"c_hash\":\"REMOVED\",\"email\":\"REMOVED\",\"email_verified\":true,\"exp\":REMOVED,\"iat\":REMOVED,\"iss\":\"https://REMOVED/api/dex\",\"name\":\"REMOVED\",\"preferred_username\":\"REMOVED\",\"sub\":\"REMOVED\"}" grpc.request.content="name:\"argocd\" namespace:\"argocd\" resourceName:\"argocd-applicationset-controller-network-policy\" version:\"v1\" group:\"networking.k8s.io\" kind:\"NetworkPolicy\" appNamespace:\"argocd\" " grpc.service=application.ApplicationService grpc.start_time="2024-01-13T14:09:16Z" span.kind=server system=grpc
W0113 14:09:16.800066 6 warnings.go:70] Use tokens from the TokenRequest API or manually created secret-based tokens instead of auto-generated secret-based tokens.
W0113 14:09:16.809253 6 warnings.go:70] Use tokens from the TokenRequest API or manually created secret-based tokens instead of auto-generated secret-based tokens.

The warning itself is interesting, but, otherwise it seems as if each time the UI tries to update/refresh the log, it's doing a "CanI" call, which gets logged - infinite loop!
@ForbiddenEra ForbiddenEra added the bug Something isn't working label Jan 13, 2024
@ForbiddenEra
Copy link
Author

I should probably note that I'm on v2.9.0+d9df252 - I tried to upgrade to 2.9.3 but I ran into a bit of 'wth': https://cloud-native.slack.com/archives/C01TSERG0KZ/p1705156638442669

@jgwest
Copy link
Member

jgwest commented Feb 8, 2024

@ForbiddenEra Can you provide reproduction steps?

@ForbiddenEra
Copy link
Author

@ForbiddenEra Can you provide reproduction steps?

Just setup Dex using GitLab as per the docs. Nothing special really.

argocd-cm:

apiVersion: v1
kind: ConfigMap
metadata:
  name: argocd-cm
data:
  admin.enabled: "false"
  cluster.inClusterEnabled: "false"
  dex.config: |
    connectors:
      - type: gitlab
        id: gitlab
        name: GitLab
        config:
          baseURL: https://gitlab.com
          clientID: $gitlab-sso-clientID
          clientSecret: $gitlab-sso-clientSecret
          redirectURI: https://argo.example.com:5556/dex/callback
          scopes:
          - profile
          - email
          - groups
          groups:
          - example
          useLoginAsID: false
  exec.enabled: "true"
  url: https://argo.example.com
  statusbadge.enabled: "true"
  users.session.duration: "8h"

argocd-rbac-cm:

apiVersion: v1
kind: ConfigMap
metadata:
  name: argocd-rbac-cm
data:
  policy.csv: |
    g, forbiddenera, role:admin
  policy.default: role:deny
  scopes: '[profile, email, groups, preferred_username]'

@jgwest jgwest added the component:git Interaction with GitHub, Gitlab etc label Mar 28, 2024
@ForbiddenEra
Copy link
Author

Just updating to say still seeing it on 2.10.5:

W0410 22:06:29.419976 7 warnings.go:70] Use tokens from the TokenRequest API or manually created secret-based tokens instead of auto-generated secret-based tokens.
W0410 22:06:29.447433 7 warnings.go:70] Use tokens from the TokenRequest API or manually created secret-based tokens instead of auto-generated secret-based tokens.
W0410 22:06:29.463706 7 warnings.go:70] Use tokens from the TokenRequest API or manually created secret-based tokens instead of auto-generated secret-based tokens.

@VannTen
Copy link
Contributor

VannTen commented Sep 17, 2024

This is because argocd rely on the secret auto-generated by kubernetes when creating a service account
It should never use the auto-generated secret and instead create a separate secret (see https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#create-token) until TokenRequest support is implemented.

@VannTen VannTen linked a pull request Sep 17, 2024 that will close this issue
Open
14 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working component:git Interaction with GitHub, Gitlab etc
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: Always create manual long lived token VannTen/argo-cd
3 participants
@jgwest @ForbiddenEra @VannTen