Skip to content
    • Welcome to the Linux Foundation Forum!

    Lab 3.1 argo-repo-server gpg permissions error

    Posts: 2
    edited February 21 in LFS256 Class Forum

    I get a gpg permissions error in the argocd-repo-server pod, but was able to work around it. Posting here in case it's useful for anyone else

    I'm running kind v0.11.0

    1. % kind version
    2. kind v0.11.1 go1.23.2 darwin/arm64

    I can reproduce like this

    1. % kind create cluster
    2. % kubectl create namespace argocd
    3. % kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

    Then the argocd-repo-server pod fails to start

    1. % kubectl -n argocd get pod
    2. NAME                                                READY   STATUS    RESTARTS   AGE
    3. argocd-application-controller-0                     1/1     Running   0          3m13s
    4. argocd-applicationset-controller-647756b895-fv7jj   1/1     Running   0          3m13s
    5. argocd-dex-server-5b99d69db7-zrrt2                  1/1     Running   0          3m13s
    6. argocd-notifications-controller-64f47f8675-f9nzd    1/1     Running   0          3m13s
    7. argocd-redis-5c87fb5f69-mhxvw                       1/1     Running   0          3m13s
    8. argocd-repo-server-785b6cbd5b-vhmmn                 0/1     Error     3          3m13s
    9. argocd-server-78b65b4cd5-68ndx                      1/1     Running   0          3m13s

    And the logs show the error

    1. % kubectl -n argocd logs argocd-repo-server-785b6cbd5b-vhmmn
    2. time="2025-02-21T12:13:41Z" level=info msg="maxprocs: Leaving GOMAXPROCS=10: CPU quota undefined"
    3. time="2025-02-21T12:13:41Z" level=info msg="ArgoCD Repository Server is starting" built="2025-02-05T23:44:17Z" commit=ad2724661b66ede607db9b5bd4c3c26491f5be67 port=8081 version=v2.14.2+ad27246
    4. time="2025-02-21T12:13:41Z" level=info msg="Generating self-signed TLS certificate for this session"
    5. time="2025-02-21T12:13:41Z" level=info msg="Initializing GnuPG keyring at /app/config/gpg/keys"
    6. time="2025-02-21T12:13:41Z" level=info msg="gpg --no-permission-warning --logger-fd 1 --batch --gen-key /tmp/gpg-key-recipe3806935222" dir= execID=c3b6b

    I found this issue thread and comment useful.

    To fix it, you can manually remove the seccompProfile bit

    1. % kubectl -n argocd edit deploy argocd-repo-server

    Or run this patch command to remove it

    1. kubectl -n argocd patch deployment argocd-repo-server --type='json' -p='[{"op": "remove", "path": "/spec/template/spec/containers/0/securityContext/seccompProfile"}]'

    Welcome!

    It looks like you're new here. Sign in or register to get started.
    Sign In

    Welcome!

    It looks like you're new here. Sign in or register to get started.
    Sign In

    Quick Links

    Categories

    Upcoming Training