cert-manager / cert-manager-olm

Definitions for the cert-manager operator published via Red Hat's Operator Lifecycle Manager (OLM)
Apache License 2.0
14 stars 13 forks source link

OLM deployment with ArgoCD is OutOfSync #70

Open andreadecorte opened 2 years ago

andreadecorte commented 2 years ago

Hi, I am facing an issue with the OLM packaging and ArgoCD. I am applying the cert-manager Subscription with ArgoCd in a dedicated Application and deployment completes fine. The issue is that the Application stays in OutOfSync because ArgoCD insists in matching the cert-manager CRD to the application thanks to the label app.kubernetes.io/instance: cert-manager present in the CRDs and to reach a Sync status he would prune those ones (which is bad). I am wondering if there is any solution that you are aware of as this is quite annoying. On ArgoCD side, there are possible options, but so far not working for me. It should definitely be followed up on their side too, but it would probably be good to share a workaround in the docs if it exists

wallrj commented 2 years ago

@andreadecorte I have no experience with ArgoCD and I don't think I've seen anyone else using it to deploy the OLM packages, so I haven't got any suggestions. Sorry.

The cert-manager team do want to add installation documentation for ArgoCD, Flux and other GitOps systems, so if you had time to contribute a few words about this problem and the possible work arounds, that would be fantastic.

QuingKhaos commented 2 years ago

@andreadecorte that's not an cert-manager issue, that's a general bad Argo CD design decision to use the app.kubernetes.io/instance label as default tracking label and you will stumble in into this problem with many other operators (e.g. RabbitMQ Operator) and and Helm charts too if you change the release name.

If you don't want to change your tracking method to annotation or annotation+label, you must change the application.instanceLabelKey, e.g. to argocd.argoproj.io/instance. Basically this is something you always should do with Argo CD. Ref: https://argo-cd.readthedocs.io/en/stable/faq/#why-is-my-app-out-of-sync-even-after-syncing

As said, not a cert-manager issue.