In some cases in DKP 2.X, especially during an upgrade, you may notice that the dex-k8s-authenticator pod is failing, which could also cause an upgrade to fail.
If you investigate the logs of the dex-k8s-authenticator pod, you can find an error that contains:
Argument list too long
This is a known issue related to a secret that gets longer after every helm reconciliation until it reaches its character limit.
To verify that you are impacted by this issue, find the contents of the "dex-k8s-authenticator-hmac-secret" and count the characters:
kubectl get secret -n kommander dex-k8s-authenticator-hmac-secret -o jsonpath="{.data.hmac-secret}" | base64 -d | wc -c
If the resulting value is equal to or greater than 146988, then you have hit this issue.
In this case, the workaround is to generate a new 32-character string and patch the secret:
# Generate a 32 character alphanumeric string and base64 encode it
NEW_HMAC_SECRET=$(export LC_ALL=c; cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 32 | head -n 1 | base64)
# Patch the dex-k8s-authenticator-hmac-secret with the new value
kubectl patch secret dex-k8s-authenticator-hmac-secret -n kommander -p="{\"data\":{\"hmac-secret\": \"${NEW_HMAC_SECRET}\"}}"