Lab 3.1 argo-repo-server gpg permissions error

tompreston · February 21

I get a gpg permissions error in the argocd-repo-server pod, but was able to work around it. Posting here in case it's useful for anyone else

I'm running kind v0.11.0

% kind version
kind v0.11.1 go1.23.2 darwin/arm64

I can reproduce like this

% kind create cluster
% kubectl create namespace argocd
% kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

Then the argocd-repo-server pod fails to start

% kubectl -n argocd get pod
NAME                                                READY   STATUS    RESTARTS   AGE
argocd-application-controller-0                     1/1     Running   0          3m13s
argocd-applicationset-controller-647756b895-fv7jj   1/1     Running   0          3m13s
argocd-dex-server-5b99d69db7-zrrt2                  1/1     Running   0          3m13s
argocd-notifications-controller-64f47f8675-f9nzd    1/1     Running   0          3m13s
argocd-redis-5c87fb5f69-mhxvw                       1/1     Running   0          3m13s
argocd-repo-server-785b6cbd5b-vhmmn                 0/1     Error     3          3m13s
argocd-server-78b65b4cd5-68ndx                      1/1     Running   0          3m13s

And the logs show the error

% kubectl -n argocd logs argocd-repo-server-785b6cbd5b-vhmmn
time="2025-02-21T12:13:41Z" level=info msg="maxprocs: Leaving GOMAXPROCS=10: CPU quota undefined"
time="2025-02-21T12:13:41Z" level=info msg="ArgoCD Repository Server is starting" built="2025-02-05T23:44:17Z" commit=ad2724661b66ede607db9b5bd4c3c26491f5be67 port=8081 version=v2.14.2+ad27246
time="2025-02-21T12:13:41Z" level=info msg="Generating self-signed TLS certificate for this session"
time="2025-02-21T12:13:41Z" level=info msg="Initializing GnuPG keyring at /app/config/gpg/keys"
time="2025-02-21T12:13:41Z" level=info msg="gpg --no-permission-warning --logger-fd 1 --batch --gen-key /tmp/gpg-key-recipe3806935222" dir= execID=c3b6b

I found this issue thread and comment useful.

To fix it, you can manually remove the seccompProfile bit

% kubectl -n argocd edit deploy argocd-repo-server

Or run this patch command to remove it

kubectl -n argocd patch deployment argocd-repo-server --type='json' -p='[{"op": "remove", "path": "/spec/template/spec/containers/0/securityContext/seccompProfile"}]'

Lab 3.1 argo-repo-server gpg permissions error

Categories

Upcoming Training

Kubernetes Administration (LFS458)

Linux System Administration (LFS301)

Open Source Virtualization (LFS462)

Linux Kernel Debugging and Security (LFD440)