gatekeeper
gatekeeper copied to clipboard
open-policy-agent
The status field in the CRDs causes a perpetual diff in ArgoCD
What steps did you take and what happened:
ArgoCD always identifies a diff in the status field when syncing the configs.config.gatekeeper.sh and constrainttemplates.templates.gatekeeper.sh CRDs.
I believe this happens because both CRDs contain an empty status field that is immediately updated by the api server upon apply:
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
ArgoCD identifies this as a difference between git and the live cluster state (which it is).
Omitting the status field entirely should resolve this problem.
What did you expect to happen: ArgoCD to sync the CRDs successfully without a diff being identified.
Anything else you would like to add: This can be worked around in ArgoCD by ignoring differences in the status field:
ignoreDifferences:
- group: apiextensions.k8s.io
kind: CustomResourceDefinition
name: configs.config.gatekeeper.sh
jsonPointers:
- /status
- group: apiextensions.k8s.io
kind: CustomResourceDefinition
name: constrainttemplates.templates.gatekeeper.sh
jsonPointers:
- /status
Environment:
- ArgoCD version: 1.6.1
- Gatekeeper version: 3.1.0-beta.9
- Kubernetes version: (use
kubectl version):Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.2", GitCommit:"52c56ce7a8272c798dbc29846288d7cd9fbae032", GitTreeState:"clean", BuildDate:"2020-04-16T23:35:15Z", GoVersion:"go1.14.2", Compiler:"gc", Platform:"darwin/amd64"} Server Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.3", GitCommit:"2e7996e3e2712684bc73f0dec0200d64eec7fe40", GitTreeState:"clean", BuildDate:"2020-05-20T12:43:34Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}
This is the generated CRD output from controller-gen, it might be useful to fix this generally, as no manifest should have status included.
This issue was resolved by https://github.com/open-policy-agent/gatekeeper/pull/2466, so you can use v3.12.0-rc.0 or later.
