Argocd-agent install hangs in GKE private cluster

I am attempting to install the argocd-agent gitops provider inside a completely private GKE cluster (private nodes, private masters) and the installation hangs during Testing Requirements. Is there any way to debug what is hanging here? My argo cd installation works fine and is reachable. Please advise.


I have asked our dev team to investigate. Can I ask your Codefresh username?

Hi Kostis,

I actually figured this issue out and it has nothing to do with private clusters. There are some gaps in documentation in the argocd-agent install. The process was hanging because my argocd-server was serving traffic with the --insecure flag, and the command line prompt does not allow for specification of the protocol, so it was trying to connect on :443. I am terminating TLS in via ingress, and this is a standard setup called out in the docs in the argocd helm chart repository.

I got around this by generating the manifests and then changing the actual value of ARGO_HOST to use HTTP. This allowed the agent to connect to CF fine, however it still doesn’t work because the argocd-sync step doesn’t pull the protocol out of the host value in the integration and always attempts to use HTTPS. It also doesn’t seem to respect the --insecure additional flag.

I understand the security implications of not using TLS, but I would like to have used private cluster DNS. I think there should be something in the docs that calls out the agents’ enforcement of TLS.

I see

I have opened an internal issue for our dev team and they will investigate the matter further.
Let us know if we can help you in any other way in the meantime.

I think I’m having similar issue (although my masters are not private, only worker nodes are), I’m terminanting argocd TLS in nginx ingress (which requires the --insecure flag).

My question is:

  • what configurations of ArgoCD do you recommend (which are tested)?
cf-argocd-agent-768d9d8bc-c7cc2       0/1     Error     3          2m21s
xxx@MacBook-Pro ~ % kubectl logs cf-argocd-agent-768d9d8bc-c7cc2 -n argocd
E1027 16:46:20.817350       1 logger.go:42] Cant run agent because Post "https://argocd-server/api/v1/session": read tcp> read: connection reset by peer
E1027 16:46:20.817492       1 logger.go:42] Failed to send heartbeat status, reason Post "/api/argo-agent//heartbeat": unsupported protocol scheme ""
panic: Post "https://argocd-server/api/v1/session": read tcp> read: connection reset by peer

goroutine 1 [running]:
main.handleError(0x1772d00, 0xc0001040f0)
	/go/src/ +0x180
	/go/src/ +0x155