Mutatingwebhook drifting at application level not working

[ghost]

Describe the bug

Deploying vault secrets agent through argo and observed vault-agent-injector-cfg keep out of sync

added this to ignore the differences but its still not working

ignoreDifferences:

• group: "" kind: MutatingWebhookConfiguration name: webhookignore namespace: "default" jsonPointers:
  • /webhooks

tried with

ignoreDifferences:

• group: "" kind: MutatingWebhookConfiguration name: webhookignore namespace: "" # even removed this name space entry jsonPointers:
  • /webhooks

Note: added /* in end of this and added individual entries like - /webhooks/0/clientConfig/caBundle \n -/webhooks/0/clientConfig/caBundle

No change in out put, saw a cluster level change in argocd-cm but I need a change at the application level

To Reproduce Deploy vault agent through helm

https://learn.hashicorp.com/tutorials/vault/kubernetes-external-vault

login to argo and can see webhook out of sync

A list of the steps required to reproduce the issue. Best of all, give us the URL to a repository that exhibits this issue.

Expected behavior

no out of sync any time

Screenshots

Version

v1.6.1+1 Logs

[jessesuen]

You need to specify group as admissionregistration.k8s.io

[ghost]

No change, still getting same issue

[ghost]

tried with single tab or space at group too to cross verify yaml format issues, no change

[andreas-theswede]

@kotlak did you solve the above issue? I am experiencing the same problem

[Rahulsharma0810]

Facing same issue

[St4NNi]

There is an example in: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/ I could only solve this issue by adding:

  resource.customizations.ignoreDifferences.admissionregistration.k8s.io_MutatingWebhookConfiguration: |
    jqPathExpressions:
    - '.webhooks[]?.clientConfig.caBundle'

to my argo-cm configmap.

[Rahulsharma0810]

@St4NNi can you share snippet, not working

ignoreDifferences:
  - group: apps
    kind: Deployment
    jsonPointers:
      - /spec/replicas
  - group: admissionregistration.k8s.io/v1
    kind: MutatingWebhookConfiguration
    jsonPointers:
      - /webhooks
data:
  resource.customizations.ignoreDifferences.admissionregistration.k8s.io_MutatingWebhookConfiguration: |
    jqPathExpressions:
    - '.webhooks[]?.clientConfig.caBundle'
    - ```

[St4NNi]

@Rahulsharma0810 This looks like an application spec. I used the global configmap (argocd-cm) to change this. My kustomize overlay looks like this:

apiVersion: v1
kind: ConfigMap
metadata:
  name: argocd-cm
data:
  resource.customizations.ignoreDifferences.admissionregistration.k8s.io_MutatingWebhookConfiguration: |
    jqPathExpressions:
    - '.webhooks[]?.clientConfig.caBundle'

[Rahulsharma0810]

Doesn't been resolved yet

╰─❯ k describe cm argocd-cm
Name:         argocd-cm
Namespace:    vault
Labels:       <none>
Annotations:  <none>

Data
====
resource.customizations.ignoreDifferences.admissionregistration.k8s.io_MutatingWebhookConfiguration:
----
jqPathExpressions:
- '.webhooks[]?.clientConfig.caBundle'

BinaryData
====

Events:  <none>

[Mais316]

Having the same issue was there any fix, tried the above didnt work.

[mhjacks]

I had the same issue, but was able to resolve it by specifying the group as noted above in https://github.com/argoproj/argo-cd/issues/4326#issuecomment-692308968

[jozefs]

This worked for me:

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: vault
  namespace: argocd
spec:
  project: default
  source:
    chart: vault
    repoURL: https://helm.releases.hashicorp.com
    targetRevision: 0.19.0
  syncPolicy:
    syncOptions:
    - CreateNamespace=true
  destination:
    namespace: vault
    server: https://kubernetes.default.svc
  ignoreDifferences:
  - group: admissionregistration.k8s.io
    kind: MutatingWebhookConfiguration
    jqPathExpressions:
    - .webhooks[]?.clientConfig.caBundle