flux2
flux2 copied to clipboard
fluxcd
Flux keeps re-applying identical ingress object
Describe the bug
I use Flux2 and ingress-nginx. The logs of the ingress-nginx pod show when a new ingress object is applied and it updates its configuration. This works fine for new ingress objects.
However, in my case, I see the following log lines every minute (my Flux reconciliation interval) for every ingress object:
controller I0715 21:10:12.880934 8 admission.go:149] processed ingress via admission controller {testedIngressLength:47 testedIngressTime:0.112s renderingIngressLength:47 renderingIngressTime:0s admissionTime:345.6kBs testedConfigurationSize:0.112}
controller I0715 21:10:12.881066 8 main.go:101] "successfully validated configuration, accepting" ingress="my-ingress"
When I suspend the Kustomization, these log messages are gone.
I checked if there's a difference between the ingress in my YAML file and the ingress in Kubernetes, to check whether the Kubernetes master changes something in the ingress, so there would be a diff every time. There isn't, except that Kubernetes adds an ingressClassName (I don't specify that because I've configured a default ingress class). However, when I explicitly add that to my YAML, the problem still occurs.
Or is this behaviour normal?
Steps to reproduce
- Add an ingress manifest to the Gitops repo
- Tail the logs of the ingress-nginx pod
- When Flux reconciles, you'll see the lines above every minute
- Suspend the Flux kustomization
- You won't see the lines anymore
Expected behavior
When the ingress object hasn't changed, a reconciliation should not change something which triggers ingress-nginx to reload the ingress configuration.
Screenshots and recordings
No response
OS / Distro
N/A
Flux version
v0.30.2
Flux check
► checking prerequisites ✗ flux 0.30.2 <0.31.3 (new version is available, please upgrade) ✔ Kubernetes 1.22.8-gke.202 >=1.20.6-0 ► checking controllers ✔ helm-controller: deployment ready ► my-registry/helm-controller:v0.21.0 ✔ image-automation-controller: deployment ready ► my-registry/image-automation-controller:v0.22.1 ✔ image-reflector-controller: deployment ready ► my-registry/image-reflector-controller:v0.18.0 ✔ kustomize-controller: deployment ready ► my-registry/kustomize-controller:v0.25.0 ✔ notification-controller: deployment ready ► my-registry/notification-controller:v0.23.5 ✔ source-controller: deployment ready ► my-registry/source-controller:v0.24.4 ✔ all checks passed
Git provider
No response
Container Registry provider
Google Artifact Registry
Additional context
No response
Code of Conduct
- [X] I agree to follow this project's Code of Conduct
hi, we also experience such behavior of flux + nginx ingress flux diff does not show any difference
$ flux diff kustomization dependencies --path deploy/apps/development/dev/dependencies
✓ Kustomization diffing...
if I temporary stop flux kustomize controller, ingress reloads also stop to happen
this can be observed with constantly increasing of ingress's prometheus metric nginx_ingress_controller_check_success
Flux does a server-side dry-run apply at every reconciliation interval to check if any resources have diverged from Git. I guess the nginx webhook reports this when is processing the dry-run, but Flux does no apply the ingress if the diff is empty.