It seems that Helm will always try to patch the ArtifactoryServiceAccount object, even if there are not actual changes. Patching of ArtifactoryServiceAccount is not permitted as it can lead to undesirable behaviour in the operator. Unless we can find how to avoid Helm attempting to patch the ArtifactoryServiceAccount for no reason, the solution will be to move it to a different helm chart, and to create a make provision_artifactory target that we only use once.
The new service account must keep the same name, so that helm chart using artifactory don't need updating
However, deleting and re-creating the service account will lead to a new randomly-named pull secret being generated, which means that we will need to redeploy the last deployment of all of the applications using artifactory (airflow and cif), so that Helm can find the name of the new pull secrets.
It seems that Helm will always try to patch the ArtifactoryServiceAccount object, even if there are not actual changes. Patching of ArtifactoryServiceAccount is not permitted as it can lead to undesirable behaviour in the operator. Unless we can find how to avoid Helm attempting to patch the ArtifactoryServiceAccount for no reason, the solution will be to move it to a different helm chart, and to create a
make provision_artifactory
target that we only use once.The new service account must keep the same name, so that helm chart using artifactory don't need updating
However, deleting and re-creating the service account will lead to a new randomly-named pull secret being generated, which means that we will need to redeploy the last deployment of all of the applications using artifactory (airflow and cif), so that Helm can find the name of the new pull secrets.