Explain how to install cert-manager using ArgoCD#1447
Explain how to install cert-manager using ArgoCD#1447wallrj wants to merge 10 commits intocert-manager:masterfrom
Conversation
Signed-off-by: shahkv95 <35930270+shahkv95@users.noreply.github.com>
Signed-off-by: shahkv95 <35930270+shahkv95@users.noreply.github.com>
Signed-off-by: shahkv95 <35930270+shahkv95@users.noreply.github.com>
Signed-off-by: Richard Wall <richard.wall@venafi.com>
Signed-off-by: Richard Wall <richard.wall@venafi.com>
Signed-off-by: Richard Wall <richard.wall@venafi.com>
Signed-off-by: Richard Wall <richard.wall@venafi.com>
Signed-off-by: Richard Wall <richard.wall@venafi.com>
Signed-off-by: Richard Wall <richard.wall@venafi.com>
Signed-off-by: Richard Wall <richard.wall@venafi.com>
jetstack-bot
added
dco-signoff: yes
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
✅ Deploy Preview for cert-manager-website ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
| ```yaml | ||
| # application.yaml | ||
| apiVersion: argoproj.io/v1alpha1 | ||
| kind: Application | ||
| metadata: | ||
| name: cert-manager | ||
| namespace: argocd | ||
| annotations: | ||
| argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true | ||
| finalizers: | ||
| - resources-finalizer.argocd.argoproj.io | ||
| spec: | ||
| destination: | ||
| namespace: cert-manager | ||
| server: https://kubernetes.default.svc | ||
| project: default | ||
| source: | ||
| chart: cert-manager | ||
| repoURL: https://charts.jetstack.io | ||
| targetRevision: [[VAR::cert_manager_latest_version]] | ||
| helm: | ||
| values: | | ||
| installCRDs: true | ||
| syncPolicy: | ||
| automated: | ||
| prune: true | ||
| selfHeal: true | ||
| syncOptions: | ||
| - CreateNamespace=true |
There was a problem hiding this comment.
NOTE: This still has to be verified
Normally by using ServerSideApply and ServerSide diffing, there should be no issues with mutating webhooks:
| ```yaml | |
| # application.yaml | |
| apiVersion: argoproj.io/v1alpha1 | |
| kind: Application | |
| metadata: | |
| name: cert-manager | |
| namespace: argocd | |
| annotations: | |
| argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true | |
| finalizers: | |
| - resources-finalizer.argocd.argoproj.io | |
| spec: | |
| destination: | |
| namespace: cert-manager | |
| server: https://kubernetes.default.svc | |
| project: default | |
| source: | |
| chart: cert-manager | |
| repoURL: https://charts.jetstack.io | |
| targetRevision: [[VAR::cert_manager_latest_version]] | |
| helm: | |
| values: | | |
| installCRDs: true | |
| syncPolicy: | |
| automated: | |
| prune: true | |
| selfHeal: true | |
| syncOptions: | |
| - CreateNamespace=true | |
| ```yaml | |
| # application.yaml | |
| apiVersion: argoproj.io/v1alpha1 | |
| kind: Application | |
| metadata: | |
| name: cert-manager | |
| namespace: argocd | |
| annotations: | |
| argocd.argoproj.io/compare-options: ServerSideDiff=true | |
| finalizers: | |
| - resources-finalizer.argocd.argoproj.io | |
| spec: | |
| destination: | |
| namespace: cert-manager | |
| server: https://kubernetes.default.svc | |
| project: default | |
| source: | |
| chart: cert-manager | |
| repoURL: https://charts.jetstack.io | |
| targetRevision: [[VAR::cert_manager_latest_version]] | |
| helm: | |
| values: | | |
| installCRDs: true | |
| syncPolicy: | |
| automated: | |
| prune: true | |
| selfHeal: true | |
| syncOptions: | |
| - CreateNamespace=true | |
| - ServerSideApply=true |
This change is based on https://argo-cd.readthedocs.io/en/stable/user-guide/diff-strategies/ and https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/#server-side-apply.
There was a problem hiding this comment.
FWIW, I tested with this manifest
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cert-manager-meta
namespace: argocd
annotations:
argocd.argoproj.io/sync-wave: "-2"
argocd.argoproj.io/compare-options: ServerSideDiff=true,IncludeMutationWebhook=true
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
namespace: cert-manager
server: https://kubernetes.default.svc
project: default
source:
chart: cert-manager
repoURL: https://charts.jetstack.io
targetRevision: v1.19.0
helm:
values: |
installCRDs: true
ignoreDifferences:
- group: admissionregistration.k8s.io
kind: ValidatingWebhookConfiguration
name: cert-manager-meta-webhook
jqPathExpressions:
- .webhooks[].namespaceSelector.matchExpressions[] | select(.key == "control-plane")
- .webhooks[].namespaceSelector.matchExpressions[] | select(.key == "kubernetes.azure.com/managedby")
syncPolicy:
automated:
prune: true
selfHeal: true
respectIgnoreDifferences: true
syncOptions:
- CreateNamespace=true
- ServerSideApply=truebut I am still seeing a metadata.generation diff (I first tried without the ignoreDifferences and respectIgnoreDifferences but that still results in matchExpressions diff.
|
Hey hey @wallrj - looks like this PR is a bit stale
We currently deploy cert-manager with ArgoCD and I would love to add these docs for others that may need them down the line |
6 participants
Preview: https://deploy-preview-1447--cert-manager-website.netlify.app/docs/installation/continuous-deployment-and-gitops/#using-argocd
Continuing the work @shahkv95 started in #1350
Some months later, in #1350 (comment) @Tokynet wrote:
So, in response to that, I've created this PR in which I've implemented the changes that I suggested in #1350 (review) and rebased on top of latest origin/master.
@Tokynet Please either review and make suggestions in thie PR, or branch from wallrj:cert-manager-argocd and continue the work on your own branch, create your own PR and then ping me for