[Bug] `chart/templates/tetrate-istio.yaml` should use `spec: ignoreDifferences:` to hide things that will always be out of sync

Question

[Bug] `chart/templates/tetrate-istio.yaml` should use `spec: ignoreDifferences:` to hide things that will always be out of sync

spkane opened this issue 2 years ago · comments

There are some fields that will ALWAYS show a difference in ArgoCD unless ignoreDifferences is set correctly in the Application manifest for tetrate-istio

See: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration

I'll add the exact config here, if/when I work it out.

Sean P. Kane · Answer 1 · Sat May 07 2022 05:10:47 GMT+0800 (China Standard Time)

I feel like something like this should work, and although I can get this to apply and not produce any errors, it also does not hide the diff.

  ignoreDifferences:
  - kind: MutatingWebhookConfiguration
    name: istio-sidecar-injector
    jqPathExpressions:
    - '.webhooks[]?.clientConfig.caBundle'
  - kind: ValidatingWebhookConfiguration
    name: istiod-default-validator
    jqPathExpressions:
    - '.webhooks[]?.failurePolicy'

Mode docs: https://github.com/argoproj/argo-cd/blob/master/docs/user-guide/diffing.md#application-level-configuration

Sean P. Kane · Answer 2 · Sat May 07 2022 05:19:55 GMT+0800 (China Standard Time)

apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
  name: istiod-default-validator

apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
  name: istio-sidecar-injector

Sean P. Kane · Answer 3 · Sat May 07 2022 07:13:29 GMT+0800 (China Standard Time)

I think that this is indeed the correct thing to add to the Application spec:

  ignoreDifferences:
  - kind: MutatingWebhookConfiguration
    name: istio-sidecar-injector
    jqPathExpressions:
    - '.webhooks[]?.clientConfig.caBundle'
  - kind: ValidatingWebhookConfiguration
    name: istiod-default-validator
    jqPathExpressions:
    - '.webhooks[]?.failurePolicy'

But I have reported a bug upstream, as I can't actually get this to work, despite what the documentation suggests.

Sébastien Allamand · Answer 4 · Mon Sep 11 2023 05:56:23 GMT+0800 (China Standard Time)

@spkane, what is the status on this one ?

Sean P. Kane · Answer 5 · Mon Sep 11 2023 20:24:30 GMT+0800 (China Standard Time)

@allamand No idea unfortunately. I am no longer working on this and have no idea if a solution was ever discovered.

Lukáš Hýbner · Answer 6 · Fri Feb 16 2024 17:33:46 GMT+0800 (China Standard Time)

@spkane there should be group field. You can try:

  ignoreDifferences:
  - group: admissionregistration.k8s.io
    kind: MutatingWebhookConfiguration
    name: istio-sidecar-injector
    jqPathExpressions:
    - '.webhooks[]?.clientConfig.caBundle'
  - group: admissionregistration.k8s.io
    kind: ValidatingWebhookConfiguration
    name: istiod-default-validator
    jqPathExpressions:
    - '.webhooks[]?.failurePolicy'