# ArgoCD Ingress "Progressing" State Fix ## Problem The `django` Ingress resource in the `vorgabenui` namespace was stuck in "Progressing" state in ArgoCD and would not transition to "Healthy". ### Root Cause ArgoCD determines Ingress health by checking if the `status.loadBalancer.ingress` field is populated with an IP address or hostname. Without this field, the Ingress is considered "Progressing" indefinitely. The issue occurred because **Traefik was not configured to report its IP address** in the Ingress status field. ## Solution Two changes were made to fix this issue: ### 1. Update Ingress Annotation (Applied) **File**: `argocd/ingress.yaml` **Change**: ```yaml # Before annotations: argocd.argoproj.io/ignore-healthcheck: "true" # After annotations: argocd.argoproj.io/sync-wave: "1" ``` **Rationale**: - The `ignore-healthcheck` annotation was causing ArgoCD to not monitor the Ingress health at all - The `sync-wave: "1"` annotation ensures the Ingress syncs after the Deployment and Service are ready (which have default sync-wave of 0) - This allows ArgoCD to properly assess the Ingress health status ### 2. Configure Traefik to Report Ingress Status (Cluster Patch) **Patch Command**: ```bash kubectl patch deployment traefik -n traefik --type='json' \ -p='[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--providers.kubernetesingress.ingressendpoint.publishedservice=traefik/traefik"}]' ``` **Configuration Flag Added**: ``` --providers.kubernetesingress.ingressendpoint.publishedservice=traefik/traefik ``` **Rationale**: This flag tells Traefik to: - Watch for changes to Ingress resources in the cluster - Monitor the Service `traefik/traefik` (the Traefik LoadBalancer service) - Automatically populate `status.loadBalancer.ingress[].ip` with the service's external IP address - Allow ArgoCD to detect when the Ingress has been assigned an IP and transition to "Healthy" ## Result ✅ **Status**: RESOLVED **Current State**: - Ingress Address: `192.168.17.53` (Traefik LoadBalancer IP) - Ingress Health: Healthy - ArgoCD Application Health: Healthy - Accessible at: `http://vorgabenportal.knowyoursecurity.com/` ## Verification To verify the fix is working: ```bash # Check Ingress status kubectl get ingress django -n vorgabenui -o jsonpath='{.status.loadBalancer.ingress[0].ip}' # Should output: 192.168.17.53 # Check ArgoCD application health kubectl get application vorgabenui -n argocd -o jsonpath='{.status.health.status}' # Should output: Healthy # Check Traefik configuration kubectl get deploy traefik -n traefik -o jsonpath='{.spec.template.spec.containers[0].args}' | jq 'map(select(. | contains("publishedservice")))' # Should output the publishedservice flag ``` ## Documentation Location The Traefik configuration patch is documented in: - `argocd/traefik-middleware.yaml` - ConfigMap with patch details and rationale ## Notes for Future Maintenance - If Traefik is upgraded or redeployed via Helm, ensure the `--providers.kubernetesingress.ingressendpoint.publishedservice=traefik/traefik` flag is preserved - The flag must point to the correct LoadBalancer Service that has an external IP - In this case, it's `traefik/traefik` (namespace/service-name) with external IP `192.168.17.53` - If the Traefik service configuration changes, this flag may need adjustment