Helm chart 2.12.0 - endless loop in ArgoCD
michalromanowskiap opened this issue · comments
michalromanowskiap commented
Hi,
we are running helm chart 2.12.0
on AKS v1.27.3
using ArgoCD (2.8.4
). It seems that some properties are overwritten/deleted by the AKS itself. From what I've seen in the chart src code, there's no way of adjusting it. How could I fix the issue? Argo is endlessly trying to apply the manifests because there's non-zero diff.
Expected Behavior
We are able to deploy all K8S resources
Actual Behavior
There's a unresolvable diff in 2 resources:
ValidatingWebhookConfiguration keda-admission
:
# actual:
webhooks:
- admissionReviewVersions:
- v1
- namespaceSelector:
- matchExpressions: []
# desired
webhooks:
- admissionReviewVersions:
- v1
+ namespaceSelector: {}
APIService v1beta1.external.metrics.k8s.io
:
# actual
none
# desired:
spec:
+ insecureSkipTLSVerify: false
Steps to Reproduce the Problem
- Running the exact versions on the AKS should do it
Specifications
- KEDA Version: chart
2.12.0
- Platform & Version: not sure what it is
- Kubernetes Version: AKS v1.27.3
- Scaler(s): non relevant
michalromanowskiap commented
I've managed to fix it. Just add this to the argo-cm
ConfigMap:
configs:
cm:
resource.customizations: |
admissionregistration.k8s.io/ValidatingWebhookConfiguration:
ignoreDifferences: |
jqPathExpressions:
- . | select (.metadata.name == "keda-admission") | .webhooks[].namespaceSelector.matchExpressions
apiregistration.k8s.io/APIService:
ignoreDifferences: |
jqPathExpressions:
- . | select (.metadata.name == "v1beta1.external.metrics.k8s.io") | .spec.insecureSkipTLSVerify
Alex Vincent commented
Disabling webhooks fixed the first namespaceSelector
issue for me, then added an ignoreDifferences
entry for the insecureSkipTLSVerify
;
source:
repoURL: https://kedacore.github.io/charts
targetRevision: 2.12.0
chart: keda
helm:
values: |-
webhooks:
enabled: false
ignoreDifferences:
- name: v1beta1.external.metrics.k8s.io
group: apiregistration.k8s.io
kind: APIService
jsonPointers:
- /spec/insecureSkipTLSVerify