fix(kanidm): prevent ArgoCD from overwriting repl-cert ConfigMap data
Remove the data keys from kanidm-repl-certs in git so ArgoCD never takes SSA ownership of them. Add ignoreDifferences for /data on that ConfigMap in the ApplicationSet template so ArgoCD doesn't flag sidecar-patched cert values as out-of-sync.
This commit is contained in:
@@ -37,7 +37,4 @@ metadata:
|
|||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/name: kanidm
|
app.kubernetes.io/name: kanidm
|
||||||
app.kubernetes.io/instance: kanidm
|
app.kubernetes.io/instance: kanidm
|
||||||
data:
|
data: {}
|
||||||
kanidm-0: ""
|
|
||||||
kanidm-1: ""
|
|
||||||
kanidm-2: ""
|
|
||||||
|
|||||||
@@ -44,6 +44,12 @@ spec:
|
|||||||
destination:
|
destination:
|
||||||
server: https://kubernetes.default.svc
|
server: https://kubernetes.default.svc
|
||||||
namespace: '{{path[3]}}' # Use directory name as namespace
|
namespace: '{{path[3]}}' # Use directory name as namespace
|
||||||
|
ignoreDifferences:
|
||||||
|
- group: ""
|
||||||
|
kind: ConfigMap
|
||||||
|
name: kanidm-repl-certs
|
||||||
|
jsonPointers:
|
||||||
|
- /data
|
||||||
syncPolicy:
|
syncPolicy:
|
||||||
automated:
|
automated:
|
||||||
prune: true
|
prune: true
|
||||||
|
|||||||
Reference in New Issue
Block a user