Skip to content

Commit d77de88

Browse files
onelrianonelrian
committed
fix: resolve principal ingress port and namespace cleanup issues
1 parent 42c9acf commit d77de88

File tree

2 files changed

+8
-25
lines changed

2 files changed

+8
-25
lines changed

.github/workflows/deploy-argocd-spokes-netbird.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -319,7 +319,7 @@ jobs:
319319
fi
320320
321321
# Determine port based on exposure method
322-
EXPOSE_METHOD="${{ vars.PRINCIPAL_EXPOSE_METHOD || 'ingress' }}"
322+
EXPOSE_METHOD="${{ vars.PRINCIPAL_EXPOSE_METHOD || 'loadbalancer' }}"
323323
324324
if [ "$EXPOSE_METHOD" = "ingress" ]; then
325325
# Ingress uses standard HTTPS port
@@ -658,7 +658,7 @@ jobs:
658658
fi
659659
660660
# Determine port based on exposure method
661-
EXPOSE_METHOD="${{ vars.PRINCIPAL_EXPOSE_METHOD || 'ingress' }}"
661+
EXPOSE_METHOD="${{ vars.PRINCIPAL_EXPOSE_METHOD || 'loadbalancer' }}"
662662
663663
if [ "$EXPOSE_METHOD" = "ingress" ]; then
664664
# Ingress uses standard HTTPS port

argocd-agent/terraform/modules/hub-cluster/main.tf

Lines changed: 6 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -756,39 +756,22 @@ resource "null_resource" "hub_pki_principal_server_cert_updated" {
756756
set -o pipefail
757757
758758
LOG_FILE="/tmp/argocd-pki-principal-cert-update-$$(date +%Y%m%d-%H%M%S).log"
759-
PRINCIPAL_ADDRESS="${data.external.hub_principal_address.result.address}"
760-
EXPOSE_METHOD="${var.principal_expose_method}"
759+
PRINCIPAL_IP="${data.external.hub_principal_address.result.address}"
761760
762761
echo "Updating Principal certificate with external address..." | tee -a "$LOG_FILE"
763-
echo "Exposure method: $EXPOSE_METHOD" | tee -a "$LOG_FILE"
764-
echo "Principal address: $PRINCIPAL_ADDRESS" | tee -a "$LOG_FILE"
762+
echo "Principal address: $PRINCIPAL_IP" | tee -a "$LOG_FILE"
765763
766-
# For ingress mode, address should be a hostname
767-
# For loadbalancer/nodeport, address should be an IP
768-
if [ "$PRINCIPAL_ADDRESS" = "pending" ] || [ "$PRINCIPAL_ADDRESS" = "error" ]; then
769-
echo "✗ ERROR: Principal address not ready yet" | tee -a "$LOG_FILE"
764+
if [ "$PRINCIPAL_IP" = "pending" ] || [ "$PRINCIPAL_IP" = "error" ]; then
765+
echo "✗ ERROR: Cannot update certificate - LoadBalancer not ready" | tee -a "$LOG_FILE"
770766
exit 1
771767
fi
772768
773-
# Build certificate parameters based on exposure method
774-
if [ "$EXPOSE_METHOD" = "ingress" ]; then
775-
# Ingress: add hostname to DNS field
776-
CERT_IP="127.0.0.1"
777-
CERT_DNS="localhost,${local.principal_dns},$PRINCIPAL_ADDRESS"
778-
echo "Ingress mode: Using DNS=$CERT_DNS" | tee -a "$LOG_FILE"
779-
else
780-
# LoadBalancer/NodePort: add IP to IP field
781-
CERT_IP="127.0.0.1,$PRINCIPAL_ADDRESS"
782-
CERT_DNS="${local.principal_dns}"
783-
echo "LoadBalancer/NodePort mode: Using IP=$CERT_IP, DNS=$CERT_DNS" | tee -a "$LOG_FILE"
784-
fi
785-
786769
echo "Issuing updated Principal server certificate..." | tee -a "$LOG_FILE"
787770
if ! ${var.argocd_agentctl_path} pki issue principal \
788771
--principal-context ${var.hub_cluster_context} \
789772
--principal-namespace ${var.hub_namespace} \
790-
--ip "$CERT_IP" \
791-
--dns "$CERT_DNS" \
773+
--ip "127.0.0.1,$PRINCIPAL_IP" \
774+
--dns "${local.principal_dns}" \
792775
--upsert 2>&1 | tee -a "$LOG_FILE"; then
793776
echo "✗ ERROR: Failed to update Principal certificate. Check logs: $LOG_FILE" | tee -a "$LOG_FILE"
794777
exit 1

0 commit comments

Comments
 (0)