Helm chart 2.12.0 - endless loop in ArgoCD
michalromanowskiap opened this issue · comments
Hi,
we are running helm chart 2.12.0 on AKS v1.27.3 using ArgoCD (2.8.4). It seems that some properties are overwritten/deleted by the AKS itself. From what I've seen in the chart src code, there's no way of adjusting it. How could I fix the issue? Argo is endlessly trying to apply the manifests because there's non-zero diff.
Expected Behavior
We are able to deploy all K8S resources
Actual Behavior
There's a unresolvable diff in 2 resources:
ValidatingWebhookConfiguration keda-admission:
# actual:
webhooks:
- admissionReviewVersions:
- v1
- namespaceSelector:
- matchExpressions: []
# desired
webhooks:
- admissionReviewVersions:
- v1
+ namespaceSelector: {}APIService v1beta1.external.metrics.k8s.io:
# actual
none
# desired:
spec:
+ insecureSkipTLSVerify: falseSteps to Reproduce the Problem
- Running the exact versions on the AKS should do it
Specifications
- KEDA Version: chart
2.12.0 - Platform & Version: not sure what it is
- Kubernetes Version: AKS v1.27.3
- Scaler(s): non relevant
I've managed to fix it. Just add this to the argo-cm ConfigMap:
configs:
cm:
resource.customizations: |
admissionregistration.k8s.io/ValidatingWebhookConfiguration:
ignoreDifferences: |
jqPathExpressions:
- . | select (.metadata.name == "keda-admission") | .webhooks[].namespaceSelector.matchExpressions
apiregistration.k8s.io/APIService:
ignoreDifferences: |
jqPathExpressions:
- . | select (.metadata.name == "v1beta1.external.metrics.k8s.io") | .spec.insecureSkipTLSVerify
Disabling webhooks fixed the first namespaceSelector issue for me, then added an ignoreDifferences entry for the insecureSkipTLSVerify;
source:
repoURL: https://kedacore.github.io/charts
targetRevision: 2.12.0
chart: keda
helm:
values: |-
webhooks:
enabled: false
ignoreDifferences:
- name: v1beta1.external.metrics.k8s.io
group: apiregistration.k8s.io
kind: APIService
jsonPointers:
- /spec/insecureSkipTLSVerify