From f403c6b05d512d2b8ed717c9b2651e8c6e61ac18 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Mon, 25 May 2026 22:43:52 +1000 Subject: [PATCH] fix(kanidm): add explicit group/kind/weight to TLSRoute refs (#165) ## Summary - Adds `group: gateway.networking.k8s.io` and `kind: Gateway` to `parentRefs` - Adds `group: ""`, `kind: Service`, and `weight: 1` to `backendRefs` ## Why The Gateway API controller defaults these fields when creating/updating TLSRoute objects, so the live state always has them. ArgoCD diffs desired vs live by string comparison, causing the `kanidm` TLSRoute to show permanent OutOfSync. Same root cause as #162 (HTTPRoutes). Reviewed-on: https://git.unkin.net/unkin/argocd-apps/pulls/165 --- apps/base/kanidm/tlsroute.yaml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/apps/base/kanidm/tlsroute.yaml b/apps/base/kanidm/tlsroute.yaml index fb14f65..c27980d 100644 --- a/apps/base/kanidm/tlsroute.yaml +++ b/apps/base/kanidm/tlsroute.yaml @@ -13,9 +13,14 @@ spec: - auth.unkin.net - au.auth.unkin.net parentRefs: - - name: kanidm + - group: gateway.networking.k8s.io + kind: Gateway + name: kanidm sectionName: https-passthrough rules: - backendRefs: - - name: kanidm + - group: "" + kind: Service + name: kanidm port: 8443 + weight: 1