dvirlabs
6a2ade41a9
- Move retry policy under syncPolicy (correct placement) - Add ignoreDifferences for CRD and webhook caBundle fields - Add RespectIgnoreDifferences sync option - Prevents false out-of-sync states caused by cert-manager controller modifications
50 lines
1.4 KiB
YAML
50 lines
1.4 KiB
YAML
apiVersion: argoproj.io/v1alpha1
|
|
kind: Application
|
|
metadata:
|
|
name: cert-manager-stack
|
|
namespace: argocd
|
|
labels:
|
|
env: infra
|
|
spec:
|
|
project: infra
|
|
source:
|
|
repoURL: ssh://git@gitea-ssh.dev-tools.svc.cluster.local:2222/dvirlabs/infra.git
|
|
targetRevision: HEAD
|
|
path: charts/cert-manager-stack
|
|
helm:
|
|
valueFiles:
|
|
- ../../manifests/cert-manager-stack/values.yaml
|
|
destination:
|
|
server: https://kubernetes.default.svc
|
|
namespace: cert-manager
|
|
syncPolicy:
|
|
automated:
|
|
prune: true
|
|
selfHeal: true
|
|
syncOptions:
|
|
- CreateNamespace=true
|
|
- ServerSideApply=true
|
|
- RespectIgnoreDifferences=true
|
|
retry:
|
|
limit: 3
|
|
backoff:
|
|
duration: 5s
|
|
factor: 2
|
|
maxDuration: 3m
|
|
# Ignore differences in fields that are modified by controllers
|
|
ignoreDifferences:
|
|
# Ignore CRD conversion webhook changes
|
|
- group: apiextensions.k8s.io
|
|
kind: CustomResourceDefinition
|
|
jqPathExpressions:
|
|
- .spec.conversion.webhook.clientConfig.caBundle
|
|
# Ignore webhook caBundle updates by cert-manager
|
|
- group: admissionregistration.k8s.io
|
|
kind: ValidatingWebhookConfiguration
|
|
jqPathExpressions:
|
|
- .webhooks[].clientConfig.caBundle
|
|
- group: admissionregistration.k8s.io
|
|
kind: MutatingWebhookConfiguration
|
|
jqPathExpressions:
|
|
- .webhooks[].clientConfig.caBundle
|