fix(kanidm): prevent ArgoCD from overwriting repl-cert ConfigMap data
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline was successful

Remove the data keys from kanidm-repl-certs in git so ArgoCD never takes
SSA ownership of them. Add ignoreDifferences for /data on that ConfigMap
in the ApplicationSet template so ArgoCD doesn't flag sidecar-patched
cert values as out-of-sync.
This commit is contained in:
2026-05-24 00:07:02 +10:00
parent 11286a1f89
commit 7d2e0dfa0f
2 changed files with 7 additions and 4 deletions
+1 -4
View File
@@ -37,7 +37,4 @@ metadata:
labels: labels:
app.kubernetes.io/name: kanidm app.kubernetes.io/name: kanidm
app.kubernetes.io/instance: kanidm app.kubernetes.io/instance: kanidm
data: data: {}
kanidm-0: ""
kanidm-1: ""
kanidm-2: ""
+6
View File
@@ -44,6 +44,12 @@ spec:
destination: destination:
server: https://kubernetes.default.svc server: https://kubernetes.default.svc
namespace: '{{path[3]}}' # Use directory name as namespace namespace: '{{path[3]}}' # Use directory name as namespace
ignoreDifferences:
- group: ""
kind: ConfigMap
name: kanidm-repl-certs
jsonPointers:
- /data
syncPolicy: syncPolicy:
automated: automated:
prune: true prune: true