On March 15, 2022 ArgoCD made with Okctl versions before v0.0.92 will stop working.

By "stop working" we mean that ArgoCD will stop deploying your applications. More specifically, it will stop listening for changes in your Okctl IAC git repository. The ArgoCD website will still be running.

To fix this, you need to

  • update Okctl to version v0.0.92 or later
  • run okctl upgrade


The reason why ArgoCD stops listening for changes in your git repository is that ArgoCD uses a deploy key to get access to that repository, and the deploy key stops working March 15, 2022. The deploy key stops working because it uses SHA-1 signatures, which are now deprecated by GitHub for security reasons.

For more details, visit https://github.blog/2021-09-01-improving-git-protocol-security-github/.

Okctl v0.0.92 contains an upgrade that

  • deletes old deploy keys for a specific cluster, if any. They are found in your Okctl IAC repository, see https://github.com/oslokommune/your-iac-repository/settings/keys
  • creates a new-deploy key using the ED25519 signatures instead of SHA-1, which is more secure.

If you do not run this upgrade, you can still deploy applications using kustomize: https://www.okctl.io/common-issues/#argocd-is-not-working-but-i-need-to-deploy-stuff


If this upgrade somehow fails creating a new deploy key, the worst case is that ArgoCD stops doing automatic deploys.

If this, the solution is to run okctl upgrade again. If that doesn't work, contact support.