fix(gateways): add explicit group: "" to all certificateRefs entries
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline was successful

The Gateway API admission server defaults certificateRefs[].group to ""
when it is omitted. ArgoCD diffed the desired state (no group field) against
the live state (group: "") and flagged every gateway as out of sync.

Fix: explicitly set group: "" in all certificateRefs entries so the
rendered manifest matches the API server's canonical form exactly.

Affected: artifactapi, cattle-system, consul, litellm, paperclip,
puppet (puppetboard + puppetdb), vault.
This commit is contained in:
2026-05-23 23:39:42 +10:00
parent c6f9893804
commit 4ec7c61757
8 changed files with 20 additions and 10 deletions
+4 -2
View File
@@ -35,7 +35,8 @@ spec:
tls:
mode: Terminate
certificateRefs:
- kind: Secret
- group: ""
kind: Secret
name: vault-tls
- name: vault-direct
port: 8200
@@ -46,5 +47,6 @@ spec:
tls:
mode: Terminate
certificateRefs:
- kind: Secret
- group: ""
kind: Secret
name: vault-tls