argo-helm icon indicating copy to clipboard operation
argo-helm copied to clipboard

Published 20 hours ago verified publisher icon argoproj

unexpected redis-secret-init churn

Open bobzoller opened this issue 6 months ago • 3 comments

Describe the bug

I'm seeing unexpected churn related to argo-cd-argocd-redis-secret-init (job, role, rolebinding, serviceaccount) each time we run a helmwave diff with the argo-cd helm chart. This was happening in version 7.3.6 and is still happening in 7.3.11. helmwave version 0.36.3.

(I realize this could be a helmwave problem, or this could be exposing a helm problem? I'm a bit of a newb at both unfortunately, and I thought I'd file here first because y'all probably understand what the issue might be even if it's not an actual bug in the argo-cd helm chart itself... apologies in advance.)

I'm using the HA mode with autoscaling example.

relevant output:

...
argocd, argo-cd-argocd-redis-secret-init, Job (batch) has been added:
+ apiVersion: batch/v1
+ kind: Job
+ metadata:
+   annotations:
+     helm.sh/hook: pre-install,pre-upgrade
+     helm.sh/hook-delete-policy: before-hook-creation
+   labels:
+     app.kubernetes.io/component: redis-secret-init
+     app.kubernetes.io/instance: argo-cd
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: argocd-redis-secret-init
+     app.kubernetes.io/part-of: argocd
+     app.kubernetes.io/version: v2.11.7
+     helm.sh/chart: argo-cd-7.3.11
+   name: argo-cd-argocd-redis-secret-init
+   namespace: argocd
+ spec:
+   template:
+     metadata:
+       labels:
+         app.kubernetes.io/component: redis-secret-init
+         app.kubernetes.io/instance: argo-cd
+         app.kubernetes.io/managed-by: Helm
+         app.kubernetes.io/name: argocd-redis-secret-init
+         app.kubernetes.io/part-of: argocd
+         app.kubernetes.io/version: v2.11.7
+         helm.sh/chart: argo-cd-7.3.11
+     spec:
+       containers:
+       - command:
+         - argocd
+         - admin
+         - redis-initial-password
+         image: quay.io/argoproj/argocd:v2.11.7
+         imagePullPolicy: IfNotPresent
+         name: secret-init
+         resources: {}
+         securityContext:
+           allowPrivilegeEscalation: false
+           capabilities:
+             drop:
+             - ALL
+           readOnlyRootFilesystem: true
+           runAsNonRoot: true
+           seccompProfile:
+             type: RuntimeDefault
+       restartPolicy: OnFailure
+       serviceAccountName: argo-cd-argocd-redis-secret-init

argocd, argo-cd-argocd-redis-secret-init, Role (rbac.authorization.k8s.io) has been added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: Role
+ metadata:
+   annotations:
+     helm.sh/hook: pre-install,pre-upgrade
+     helm.sh/hook-delete-policy: before-hook-creation
+   labels:
+     app.kubernetes.io/component: redis-secret-init
+     app.kubernetes.io/instance: argo-cd
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: argocd-redis-secret-init
+     app.kubernetes.io/part-of: argocd
+     app.kubernetes.io/version: v2.11.7
+     helm.sh/chart: argo-cd-7.3.11
+   name: argo-cd-argocd-redis-secret-init
+   namespace: argocd
+ rules:
+ - apiGroups:
+   - ""
+   resourceNames:
+   - argocd-redis
+   resources:
+   - secrets
+   verbs:
+   - get
+ - apiGroups:
+   - ""
+   resources:
+   - secrets
+   verbs:
+   - create

argocd, argo-cd-argocd-redis-secret-init, RoleBinding (rbac.authorization.k8s.io) has been added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+   annotations:
+     helm.sh/hook: pre-install,pre-upgrade
+     helm.sh/hook-delete-policy: before-hook-creation
+   labels:
+     app.kubernetes.io/component: redis-secret-init
+     app.kubernetes.io/instance: argo-cd
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: argocd-redis-secret-init
+     app.kubernetes.io/part-of: argocd
+     app.kubernetes.io/version: v2.11.7
+     helm.sh/chart: argo-cd-7.3.11
+   name: argo-cd-argocd-redis-secret-init
+   namespace: argocd
+ roleRef:
+   apiGroup: rbac.authorization.k8s.io
+   kind: Role
+   name: argo-cd-argocd-redis-secret-init
+ subjects:
+ - kind: ServiceAccount
+   name: argo-cd-argocd-redis-secret-init

argocd, argo-cd-argocd-redis-secret-init, ServiceAccount (v1) has been added:
+ apiVersion: v1
+ automountServiceAccountToken: true
+ kind: ServiceAccount
+ metadata:
+   annotations:
+     helm.sh/hook: pre-install,pre-upgrade
+     helm.sh/hook-delete-policy: before-hook-creation
+   labels:
+     app.kubernetes.io/component: redis-secret-init
+     app.kubernetes.io/instance: argo-cd
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: argocd-redis-secret-init
+     app.kubernetes.io/part-of: argocd
+     app.kubernetes.io/version: v2.11.7
+     helm.sh/chart: argo-cd-7.3.11
+   name: argo-cd-argocd-redis-secret-init
+   namespace: argocd

Related helm chart

argo-cd

Helm chart version

7.3.11

To Reproduce

Expected behavior

no diff

Screenshots

No response

Additional context

No response

bobzoller avatar Aug 01 '24 18:08 bobzoller