-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Identical time values shouldn't be treated as different or the FAQ should suggest using knownTypeFields
#6008
Comments
I'm hitting the same issue with https://github.com/ns1/cert-manager-webhook-ns1 |
cert-manager rewrites the duration field to include minutes and seconds, which is seen as configuration drift by tools like argo-cd See argoproj/argo-cd#6008 for more details
Any news on this ? I am hitting the same issue too by installing Istio-csr (from cert-manager). The certificate is included in the chart so I have no control over the duration (on my own certificates I set the full duration for ex |
We have added an ignoreDifferences:
- group: cert-manager.io
kind: Certificate
jsonPointers:
- /spec/duration
- /spec/renewBefore This is definitely still a bug, though, when the values are functionally identical. |
@micahmo Thanks for the tip, well found 👍🏻 but indeed that is not entirely ideal (I guess you need to force sync to apply changes ? Or change manually) |
Same for the timeout fields in ClusterAPI's MachineHealthCheck resources:
Becomes:
and is treated as out of sync by Argo CD, correctly so given it's a string field. However, some heuristics would be nice to compare the usual time values. As doing that in general might cause underdetection of real differences, one suggestion would be to expand on |
Haha, I came here after facing the same issue with Redpanda and few others. Is there any progress on this issue ? |
are you using |
So that this can be used for custom resources. The motivation for this is issue argoproj#6008: with this change one should be able to use the known type to ensure equal durations don't present a diff, e,g. via adding to `argocd-cm`: data: resource.customizations.knownTypeFields.cert-manager.io_Certificate: | - field: spec.duration type: meta/v1/Duration This change is based on 5b464c9, though I've included the API version in the type path to be consistent with the generated type (i.e. `meta/v1/Duration` and not `meta/Duration`).
So that this can be used for custom resources. The motivation for this is issue argoproj#6008: with this change one should be able to use the known type to ensure equal durations don't present a diff, e,g. via adding to `argocd-cm`: data: resource.customizations.knownTypeFields.cert-manager.io_Certificate: | - field: spec.duration type: meta/v1/Duration This change is based on 5b464c9, though I've included the API version in the type path to be consistent with the generated type (i.e. `meta/v1/Duration` and not `meta/Duration`). Signed-off-by: Matthew Hughes <matthewhughes934@gmail.com>
So that this can be used for custom resources. The motivation for this is issue argoproj#6008: with this change one should be able to use the known type to ensure equal durations don't present a diff, e,g. via adding to `argocd-cm`: data: resource.customizations.knownTypeFields.cert-manager.io_Certificate: | - field: spec.duration type: meta/v1/Duration This change is based on 5b464c9, though I've included the API version in the type path to be consistent with the generated type (i.e. `meta/v1/Duration` and not `meta/Duration`). For documentation I've just manually listed the extra types that aren't auto-generated, though this requires having to keep this list and the code in-sync but this is probably not a big issue since the number of extra types is not frequently changed. Signed-off-by: Matthew Hughes <matthewhughes934@gmail.com>
So that this can be used for custom resources. The motivation for this is issue argoproj#6008: with this change one should be able to use the known type to ensure equal durations don't present a diff, e,g. via adding to `argocd-cm`: data: resource.customizations.knownTypeFields.cert-manager.io_Certificate: | - field: spec.duration type: meta/v1/Duration This change is based on 5b464c9, though I've included the API version in the type path to be consistent with the generated type (i.e. `meta/v1/Duration` and not `meta/Duration`). For documentation I've just manually listed the extra types that aren't auto-generated, though this requires having to keep this list and the code in-sync but this is probably not a big issue since the number of extra types is not frequently changed. In the tests I've used `require.*` methods since I find this simpler than `if !assert.Blah(...) { return }` which the other tests in this file are using. Signed-off-by: Matthew Hughes <matthewhughes934@gmail.com>
So that this can be used for custom resources. The motivation for this is issue #6008: with this change one should be able to use the known type to ensure equal durations don't present a diff, e,g. via adding to `argocd-cm`: data: resource.customizations.knownTypeFields.cert-manager.io_Certificate: | - field: spec.duration type: meta/v1/Duration This change is based on 5b464c9, though I've included the API version in the type path to be consistent with the generated type (i.e. `meta/v1/Duration` and not `meta/Duration`). For documentation I've just manually listed the extra types that aren't auto-generated, though this requires having to keep this list and the code in-sync but this is probably not a big issue since the number of extra types is not frequently changed. In the tests I've used `require.*` methods since I find this simpler than `if !assert.Blah(...) { return }` which the other tests in this file are using. Signed-off-by: Matthew Hughes <matthewhughes934@gmail.com>
So that this can be used for custom resources. The motivation for this is issue argoproj#6008: with this change one should be able to use the known type to ensure equal durations don't present a diff, e,g. via adding to `argocd-cm`: data: resource.customizations.knownTypeFields.cert-manager.io_Certificate: | - field: spec.duration type: meta/v1/Duration This change is based on 5b464c9, though I've included the API version in the type path to be consistent with the generated type (i.e. `meta/v1/Duration` and not `meta/Duration`). For documentation I've just manually listed the extra types that aren't auto-generated, though this requires having to keep this list and the code in-sync but this is probably not a big issue since the number of extra types is not frequently changed. In the tests I've used `require.*` methods since I find this simpler than `if !assert.Blah(...) { return }` which the other tests in this file are using. Signed-off-by: Matthew Hughes <matthewhughes934@gmail.com>
So that this can be used for custom resources. The motivation for this is issue argoproj#6008: with this change one should be able to use the known type to ensure equal durations don't present a diff, e,g. via adding to `argocd-cm`: data: resource.customizations.knownTypeFields.cert-manager.io_Certificate: | - field: spec.duration type: meta/v1/Duration This change is based on 5b464c9, though I've included the API version in the type path to be consistent with the generated type (i.e. `meta/v1/Duration` and not `meta/Duration`). For documentation I've just manually listed the extra types that aren't auto-generated, though this requires having to keep this list and the code in-sync but this is probably not a big issue since the number of extra types is not frequently changed. In the tests I've used `require.*` methods since I find this simpler than `if !assert.Blah(...) { return }` which the other tests in this file are using. Signed-off-by: Matthew Hughes <matthewhughes934@gmail.com>
There's a solution for this in apiVersion: v1
kind: configMap
metadata:
name: argocd-cm
data:
resource.customizations.knownTypeFields.cert-manager.io_Certificate |
- field: spec.duration
type: meta/v1/Duration |
So that this can be used for custom resources. The motivation for this is issue argoproj#6008: with this change one should be able to use the known type to ensure equal durations don't present a diff, e,g. via adding to `argocd-cm`: data: resource.customizations.knownTypeFields.cert-manager.io_Certificate: | - field: spec.duration type: meta/v1/Duration This change is based on 5b464c9, though I've included the API version in the type path to be consistent with the generated type (i.e. `meta/v1/Duration` and not `meta/Duration`). For documentation I've just manually listed the extra types that aren't auto-generated, though this requires having to keep this list and the code in-sync but this is probably not a big issue since the number of extra types is not frequently changed. In the tests I've used `require.*` methods since I find this simpler than `if !assert.Blah(...) { return }` which the other tests in this file are using. Signed-off-by: Matthew Hughes <matthewhughes934@gmail.com> Signed-off-by: Kevin Lyda <kevin@lyda.ie>
So that this can be used for custom resources. The motivation for this is issue argoproj#6008: with this change one should be able to use the known type to ensure equal durations don't present a diff, e,g. via adding to `argocd-cm`: data: resource.customizations.knownTypeFields.cert-manager.io_Certificate: | - field: spec.duration type: meta/v1/Duration This change is based on 5b464c9, though I've included the API version in the type path to be consistent with the generated type (i.e. `meta/v1/Duration` and not `meta/Duration`). For documentation I've just manually listed the extra types that aren't auto-generated, though this requires having to keep this list and the code in-sync but this is probably not a big issue since the number of extra types is not frequently changed. In the tests I've used `require.*` methods since I find this simpler than `if !assert.Blah(...) { return }` which the other tests in this file are using. Signed-off-by: Matthew Hughes <matthewhughes934@gmail.com>
knownTypeFields approach is probably the best way to go. |
Then knownTypeFields should be added to the FAQ. |
knownTypeFields
It's already there https://argo-cd.readthedocs.io/en/stable/faq/#why-are-my-resource-limits-out-of-sync. Let me know if that's worded well. |
Hmm... It should include an example with a duration:
The text at the bottom should be changed a bit: -To fix this use diffing customizations [settings](https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#known-kubernetes-types-in-crds-resource-limits-volume-mounts-etc).
+To fix this use [diffing customizations](https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#known-kubernetes-types-in-crds-resource-limits-volume-mounts-etc). I'm pretty sure that wouldn't have been enough for me to figure out what to look at. The problem is that the problem from the FAQ's perspective is that Roughly, at least this FAQ entry, but likely a number of the others needs some SEO. A bullet entry for "Why is my app being synchronised over and over again?" that links to the same place might help a bit. |
Closes argoproj#6008 Make more emphasis on the issue users may be searching for, update wording slightly and another example. Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com>
Closes argoproj#6008 Make more emphasis on the issue users may be searching for, update wording slightly and another example. Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com>
Closes argoproj#6008 Make more emphasis on the issue users may be searching for, update wording slightly and another example. Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com>
Closes argoproj#6008 Make more emphasis on the issue users may be searching for, update wording slightly and another example. Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> Signed-off-by: Adrian Aneci <aneci@adobe.com>
Workaround
See #6008 (comment)
Not a general suport forum
If you are trying to resolve an environment-specific issue or have a one-off question about the edge case that does not require a feature then please consider asking a question in argocd slack channel.
Checklist
argocd version
.Describe the bug
The prometheus-community helm chart is using a short time format, and cert-manager is using golang's Duration.string() function which writes out long time format (including hours and minutes).
duration: 8760h0m0s and duration: 8760h are treated as different.
This triggers annoying sync behaviors
prometheus-community/helm-charts#750
To Reproduce
install cert-manager using:
install prometheus operator using:
Possibly add some values to ensure the certificate is created:
values.yaml:
prometheus-community/helm-charts#750
Expected behavior
ideally
duration
fields would be understood as times and compared as times.Screenshots
Version
Logs
The text was updated successfully, but these errors were encountered: