adebaumann/vgui-cicd
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3d9d01c240124554bf1525aaf13c774e83be4883
vgui-cicd/Documentation/ARGOCD-INGRESS-FIX.md
Adrian A. Baumann 3d9d01c240 Document Traefik configuration fix for ArgoCD Ingress health check 
- Add traefik-middleware.yaml with patch documentation
- Add ARGOCD-INGRESS-FIX.md with complete explanation of the issue and solution
- Traefik now reports Ingress status.loadBalancer IP to allow ArgoCD to assess Ingress health
- Fixes: Django Ingress stuck in 'Progressing' state
2025-12-01 16:03:35 +01:00

96 lines
3.3 KiB
Markdown
Raw Blame History

# ArgoCD Ingress "Progressing" State Fix
## Problem
The `django` Ingress resource in the `vorgabenui` namespace was stuck in "Progressing" state in ArgoCD and would not transition to "Healthy".
### Root Cause
ArgoCD determines Ingress health by checking if the `status.loadBalancer.ingress` field is populated with an IP address or hostname. Without this field, the Ingress is considered "Progressing" indefinitely.
The issue occurred because **Traefik was not configured to report its IP address** in the Ingress status field.
## Solution
Two changes were made to fix this issue:
### 1. Update Ingress Annotation (Applied)
**File**: `argocd/ingress.yaml`
**Change**:
```yaml
# Before
annotations:
argocd.argoproj.io/ignore-healthcheck: "true"
# After
annotations:
argocd.argoproj.io/sync-wave: "1"
```
**Rationale**:
- The `ignore-healthcheck` annotation was causing ArgoCD to not monitor the Ingress health at all
- The `sync-wave: "1"` annotation ensures the Ingress syncs after the Deployment and Service are ready (which have default sync-wave of 0)
- This allows ArgoCD to properly assess the Ingress health status
### 2. Configure Traefik to Report Ingress Status (Cluster Patch)
**Patch Command**:
```bash
kubectl patch deployment traefik -n traefik --type='json' \
-p='[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--providers.kubernetesingress.ingressendpoint.publishedservice=traefik/traefik"}]'
```
**Configuration Flag Added**:
```
--providers.kubernetesingress.ingressendpoint.publishedservice=traefik/traefik
```
**Rationale**:
This flag tells Traefik to:
- Watch for changes to Ingress resources in the cluster
- Monitor the Service `traefik/traefik` (the Traefik LoadBalancer service)
- Automatically populate `status.loadBalancer.ingress[].ip` with the service's external IP address
- Allow ArgoCD to detect when the Ingress has been assigned an IP and transition to "Healthy"
## Result
**Status**: RESOLVED
**Current State**:
- Ingress Address: `192.168.17.53` (Traefik LoadBalancer IP)
- Ingress Health: Healthy
- ArgoCD Application Health: Healthy
- Accessible at: `http://vorgabenportal.knowyoursecurity.com/`
## Verification
To verify the fix is working:
```bash
# Check Ingress status
kubectl get ingress django -n vorgabenui -o jsonpath='{.status.loadBalancer.ingress[0].ip}'
# Should output: 192.168.17.53
# Check ArgoCD application health
kubectl get application vorgabenui -n argocd -o jsonpath='{.status.health.status}'
# Should output: Healthy
# Check Traefik configuration
kubectl get deploy traefik -n traefik -o jsonpath='{.spec.template.spec.containers[0].args}' | jq 'map(select(. | contains("publishedservice")))'
# Should output the publishedservice flag
```
## Documentation Location
The Traefik configuration patch is documented in:
- `argocd/traefik-middleware.yaml` - ConfigMap with patch details and rationale
## Notes for Future Maintenance
- If Traefik is upgraded or redeployed via Helm, ensure the `--providers.kubernetesingress.ingressendpoint.publishedservice=traefik/traefik` flag is preserved
- The flag must point to the correct LoadBalancer Service that has an external IP
- In this case, it's `traefik/traefik` (namespace/service-name) with external IP `192.168.17.53`
- If the Traefik service configuration changes, this flag may need adjustment
Reference in New Issue View Git Blame Copy Permalink