Search code examples
kubernetes-helmargocd

Argocd show as out-of-sync on every push for auto-generate certs / password

We are using argocd to deploy our application from helmchart from git repo. Part of the service are generating random password or self-signed certification for TLS. When we are pushing a new change to any folder in the repo, argocd show the resrouce as out-of-sync, re-sync it and re-generate the password and certification. Of course this cause an issue to every service that tried to connect to the db.

Example: Kafka-bitnami helm chart with:

auth:
  interBrokerProtocol: tls
  controllerProtocol: tls
  clientProtocol: tls
  sasl:
    interBrokerMechanism: scram-sha-512
  tls:
    type: pem
    autoGenerated: true

And mongodb-bitnami helm chart with:

auth:
  enabled: true

This create the password / certs when first deploy the chart, but the issue is that it is regenerate them on every push.

For the moment we solve the issue by disabling the automated syncPolicy, but his means that on every change we need to manually sync the the selected services.

I am adding a screenshot of argocd example showing the 'out of sync' it get on kafka certs.

Anyone have some idea how can we solve this bug? enter image description here

enter image description here

Solution

  • As said @Zackorrigan said, put the ignoreDifferences block into your Argocd Application manifest, i.e.:

    apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: app-name
spec:
  ignoreDifferences:
  - group: ''
    kind: 'Secret'
    name: secret-name
    jsonPointers:
    - /data