kubernetesargo-workflowsargocdargo

Argo Workflow Stuck in Progressing

I've created a test Argo Workflow to help me understand how I can CI/CD approach to deploy an Ansible Playbook. When I create the app in Argo CD, it syncs fine, but then it just gets stuck on Progressing and never gets out of that state.

I tried digging around to see if there was any indication in the logs, but I'm fairly new to Argo. It doesn't even get to the point where it's creating any pods to do any of the steps.

Thoughts?

Here is my workflow:

apiVersion: argoproj.io/v1alpha1
kind: Workflow
metadata:
  name: ansible-test

spec:
  entrypoint: ansible-test-ci
  arguments:
    parameters:
    - name: repo
      value: ****
    - name: revision
      value: '1.6'

  templates:
  - name: ansible-test-ci
    steps:
    - - name: checkout
        template: checkout
    #- - name: test-playbook
    #    template: test-playbook
    #    arguments:
    #      artifacts:
    #      - name: source
    #        from: "{{steps.checkout.outputs.artifacts.source}}"
    - - name: deploy
        template: deploy
        arguments:
          artifacts:
          - name: source
            from: "{{steps.checkout.outputs.artifacts.source}}"

  - name: checkout
    inputs:
      artifacts:
      - name: source
        path: /src
        git:
          repo: "{{workflow.parameters.repo}}"
          #revision: "{{workflow.parameters.revision}}"
          #sshPrivateKeySecret:
          #  name: my-secret
          #  key: ssh-private-key # kubectl create secret generic my-secret --from-file=ssh-private-key=~/.ssh/id_rsa2
    outputs:
      artifacts:
      - name: source
        path: /src
    container:
      image: alpine/git:latest
      command: ["/bin/sh", "-c"]
      args: ["cd /src && git status && ls -l"]

  #- name: test-playbook
  #  inputs:
  #    artifacts:
  #    - name: source
  #      path: /ansible/
  #  container:
  #    image: ansible/ansible-runner:latest
  #    command: ["/bin/sh", "-c"]
  #    args: ["
  #      cd /ansible &&
  #      ansible-playbook playbook.yaml -i inventory
  #    "]
  
  - name: deploy
    inputs:
      artifacts:
      - name: source
        path: /ansible/
    container:
      image: ansible/ansible-runner:latest
      command: ["/bin/sh", "-c"]
      args: ["
        cd /ansible &&
        ansible-playbook playbook.yaml -i inventory
      "]

Images of what's going on in Argo CD:

enter image description here

enter image description here

Solution

  • I ended up solving this by adding a ServiceAccount and Role resource to the namespace that Argo Workflow was trying to run within.

    Here's the Role I added:

    apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: workflow-role
rules:
  # pod get/watch is used to identify the container IDs of the current pod
  # pod patch is used to annotate the step's outputs back to controller (e.g. artifact location)
  - apiGroups:
      - ""
    resources:
      - pods
    verbs:
      - get
      - watch
      - patch
  # logs get/watch are used to get the pods logs for script outputs, and for log archival
  - apiGroups:
      - ""
    resources:
      - pods/log
    verbs:
      - get
      - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: workflow-role-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: workflow-role
subjects:
  - kind: ServiceAccount
    name: default