From 1890dd4bda2fa0185570033ea918ed02b1515227 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sun, 24 May 2026 20:32:37 +1000 Subject: [PATCH] fix(gateways): add explicit group/kind/weight to all HTTPRoute refs (#162) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Summary - Adds `group: gateway.networking.k8s.io` and `kind: Gateway` to all `parentRefs` entries - Adds `group: ""`, `kind: Service`, and `weight: 1` to all `backendRefs` entries - Affects 9 HTTPRoute files across artifactapi, cattle-system, consul, kanidm, litellm, paperclip, puppet, and vault ## Why ArgoCD diffs the desired manifest against the live Kubernetes object. The Gateway API controller defaults these fields when creating/updating objects, so the live state always has them — causing persistent OutOfSync for every HTTPRoute. Same root cause as #153 (certificateRefs). ## Test plan - [ ] All affected ArgoCD applications show Synced after merge Reviewed-on: https://git.unkin.net/unkin/argocd-apps/pulls/162 --- apps/base/artifactapi/httproute.yaml | 13 +++++++++--- apps/base/cattle-system/httproute.yaml | 13 +++++++++--- apps/base/consul/httproute.yaml | 22 ++++++++++++++++----- apps/base/kanidm/httproute.yaml | 4 +++- apps/base/litellm/httproute.yaml | 13 +++++++++--- apps/base/paperclip/httproute.yaml | 13 +++++++++--- apps/base/puppet/httproute_puppetboard.yaml | 13 +++++++++--- apps/base/puppet/httproute_puppetdb.yaml | 9 +++++++-- apps/base/vault/httproute.yaml | 22 ++++++++++++++++----- 9 files changed, 94 insertions(+), 28 deletions(-) diff --git a/apps/base/artifactapi/httproute.yaml b/apps/base/artifactapi/httproute.yaml index b959e81..d5e5b08 100644 --- a/apps/base/artifactapi/httproute.yaml +++ b/apps/base/artifactapi/httproute.yaml @@ -8,7 +8,9 @@ spec: hostnames: - artifactapi.k8s.syd1.au.unkin.net parentRefs: - - name: artifactapi + - group: gateway.networking.k8s.io + kind: Gateway + name: artifactapi sectionName: http rules: - filters: @@ -30,12 +32,17 @@ spec: hostnames: - artifactapi.k8s.syd1.au.unkin.net parentRefs: - - name: artifactapi + - group: gateway.networking.k8s.io + kind: Gateway + name: artifactapi sectionName: https rules: - backendRefs: - - name: artifactapi-api + - group: "" + kind: Service + name: artifactapi-api port: 80 + weight: 1 matches: - path: type: PathPrefix diff --git a/apps/base/cattle-system/httproute.yaml b/apps/base/cattle-system/httproute.yaml index 4499dc0..0eedb42 100644 --- a/apps/base/cattle-system/httproute.yaml +++ b/apps/base/cattle-system/httproute.yaml @@ -8,7 +8,9 @@ spec: hostnames: - rancher.k8s.syd1.au.unkin.net parentRefs: - - name: rancher + - group: gateway.networking.k8s.io + kind: Gateway + name: rancher sectionName: http rules: - filters: @@ -30,12 +32,17 @@ spec: hostnames: - rancher.k8s.syd1.au.unkin.net parentRefs: - - name: rancher + - group: gateway.networking.k8s.io + kind: Gateway + name: rancher sectionName: https rules: - backendRefs: - - name: rancher + - group: "" + kind: Service + name: rancher port: 80 + weight: 1 matches: - path: type: PathPrefix diff --git a/apps/base/consul/httproute.yaml b/apps/base/consul/httproute.yaml index 53297f6..34e4f95 100644 --- a/apps/base/consul/httproute.yaml +++ b/apps/base/consul/httproute.yaml @@ -11,7 +11,9 @@ spec: hostnames: - consul.k8s.syd1.au.unkin.net parentRefs: - - name: consul + - group: gateway.networking.k8s.io + kind: Gateway + name: consul sectionName: http rules: - filters: @@ -36,12 +38,17 @@ spec: hostnames: - consul.k8s.syd1.au.unkin.net parentRefs: - - name: consul + - group: gateway.networking.k8s.io + kind: Gateway + name: consul sectionName: https rules: - backendRefs: - - name: consul-ui + - group: "" + kind: Service + name: consul-ui port: 80 + weight: 1 matches: - path: type: PathPrefix @@ -59,12 +66,17 @@ spec: hostnames: - consul.service.consul parentRefs: - - name: consul + - group: gateway.networking.k8s.io + kind: Gateway + name: consul sectionName: consul-svc rules: - backendRefs: - - name: consul-ui + - group: "" + kind: Service + name: consul-ui port: 80 + weight: 1 matches: - path: type: PathPrefix diff --git a/apps/base/kanidm/httproute.yaml b/apps/base/kanidm/httproute.yaml index 5c25e08..0283f20 100644 --- a/apps/base/kanidm/httproute.yaml +++ b/apps/base/kanidm/httproute.yaml @@ -13,7 +13,9 @@ spec: - auth.unkin.net - au.auth.unkin.net parentRefs: - - name: kanidm + - group: gateway.networking.k8s.io + kind: Gateway + name: kanidm sectionName: http rules: - filters: diff --git a/apps/base/litellm/httproute.yaml b/apps/base/litellm/httproute.yaml index 2743981..c8a8d04 100644 --- a/apps/base/litellm/httproute.yaml +++ b/apps/base/litellm/httproute.yaml @@ -8,7 +8,9 @@ spec: hostnames: - litellm.k8s.syd1.au.unkin.net parentRefs: - - name: litellm + - group: gateway.networking.k8s.io + kind: Gateway + name: litellm sectionName: http rules: - filters: @@ -30,12 +32,17 @@ spec: hostnames: - litellm.k8s.syd1.au.unkin.net parentRefs: - - name: litellm + - group: gateway.networking.k8s.io + kind: Gateway + name: litellm sectionName: https rules: - backendRefs: - - name: litellm + - group: "" + kind: Service + name: litellm port: 4000 + weight: 1 matches: - path: type: PathPrefix diff --git a/apps/base/paperclip/httproute.yaml b/apps/base/paperclip/httproute.yaml index 4149282..32c05cc 100644 --- a/apps/base/paperclip/httproute.yaml +++ b/apps/base/paperclip/httproute.yaml @@ -8,7 +8,9 @@ spec: hostnames: - paperclip.k8s.syd1.au.unkin.net parentRefs: - - name: paperclip + - group: gateway.networking.k8s.io + kind: Gateway + name: paperclip sectionName: http rules: - filters: @@ -30,12 +32,17 @@ spec: hostnames: - paperclip.k8s.syd1.au.unkin.net parentRefs: - - name: paperclip + - group: gateway.networking.k8s.io + kind: Gateway + name: paperclip sectionName: https rules: - backendRefs: - - name: paperclip + - group: "" + kind: Service + name: paperclip port: 3100 + weight: 1 matches: - path: type: PathPrefix diff --git a/apps/base/puppet/httproute_puppetboard.yaml b/apps/base/puppet/httproute_puppetboard.yaml index 9819177..903615b 100644 --- a/apps/base/puppet/httproute_puppetboard.yaml +++ b/apps/base/puppet/httproute_puppetboard.yaml @@ -13,7 +13,9 @@ spec: hostnames: - puppetboard.k8s.syd1.au.unkin.net parentRefs: - - name: puppetboard + - group: gateway.networking.k8s.io + kind: Gateway + name: puppetboard sectionName: http rules: - filters: @@ -40,12 +42,17 @@ spec: hostnames: - puppetboard.k8s.syd1.au.unkin.net parentRefs: - - name: puppetboard + - group: gateway.networking.k8s.io + kind: Gateway + name: puppetboard sectionName: https rules: - backendRefs: - - name: puppetboard + - group: "" + kind: Service + name: puppetboard port: 80 + weight: 1 matches: - path: type: PathPrefix diff --git a/apps/base/puppet/httproute_puppetdb.yaml b/apps/base/puppet/httproute_puppetdb.yaml index 401e272..605f270 100644 --- a/apps/base/puppet/httproute_puppetdb.yaml +++ b/apps/base/puppet/httproute_puppetdb.yaml @@ -13,12 +13,17 @@ spec: hostnames: - puppetdb.k8s.syd1.au.unkin.net parentRefs: - - name: puppetdb + - group: gateway.networking.k8s.io + kind: Gateway + name: puppetdb sectionName: https rules: - backendRefs: - - name: puppetdb + - group: "" + kind: Service + name: puppetdb port: 8080 + weight: 1 matches: - path: type: PathPrefix diff --git a/apps/base/vault/httproute.yaml b/apps/base/vault/httproute.yaml index 61fd1c4..99547f6 100644 --- a/apps/base/vault/httproute.yaml +++ b/apps/base/vault/httproute.yaml @@ -11,7 +11,9 @@ spec: hostnames: - vault.k8s.syd1.au.unkin.net parentRefs: - - name: vault + - group: gateway.networking.k8s.io + kind: Gateway + name: vault sectionName: http rules: - filters: @@ -36,12 +38,17 @@ spec: hostnames: - vault.k8s.syd1.au.unkin.net parentRefs: - - name: vault + - group: gateway.networking.k8s.io + kind: Gateway + name: vault sectionName: https rules: - backendRefs: - - name: vault + - group: "" + kind: Service + name: vault port: 8200 + weight: 1 matches: - path: type: PathPrefix @@ -60,12 +67,17 @@ spec: - vault.service.consul - vault.query.consul parentRefs: - - name: vault + - group: gateway.networking.k8s.io + kind: Gateway + name: vault sectionName: vault-direct rules: - backendRefs: - - name: vault + - group: "" + kind: Service + name: vault port: 8200 + weight: 1 matches: - path: type: PathPrefix