-
Notifications
You must be signed in to change notification settings - Fork 5.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: status.sync.comparedTo should use replace patch strategy #18061
Conversation
5c9f939
to
33ef7d3
Compare
33ef7d3
to
d292362
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice, thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wait pausing a moment to think 😆
Can we try the tests in the other PR? To see what differences there are? I understand this PR does a replace vs. the other does json merge, and so there may be expected differences, but I would like the data point. The other one also has added e2e tests which may be worthwhile. |
One important question is: will Kustomize partial patching still work, since that's afaik the main (only?) use case for valuesObject. It looks like maybe not, because the openapi spec will be modified to include the replace patch strategy - I expect that Kustomize probably respects that. |
But maybe that doesn't matter, if the Kustomize user doesn't set |
Yes, I think you answered your own question. Unless a user references an Argo CD Application OpenAPI spec in their kustomization.yaml, then kustomize offline patching should default to json merge (since it wouldn't even know how to perform strategic merge on this non-native type). Since I believe no one references an Argo CD application openapi spec in their kustomization.yaml (it doesn't appear to me that we even generate this file for this to be possible), users won't notice any difference. |
I think some folks might reference it, we do generate the schema: https://github.com/argoproj/argo-schema-generator/tree/main/schema |
Ah, I forgot it lived in a different repo. Thanks. I didn't see it auto-generated in this PR so I incorrectly assumed it was not generated at all. I can see in https://github.com/argoproj/argo-schema-generator/blob/main/schema/argo_cd_kustomize_schema.json#L1083-L1091, values has a "values": {
"description": "Values specifies Helm values to be passed to helm template, typically defined as a block. ValuesObject takes precedence over Values, so use one or the other.",
"type": "string",
"x-kubernetes-patch-strategy": "replace"
},
"valuesObject": {
"description": "ValuesObject specifies Helm values to be passed to helm template, defined as a map. This takes precedence over Values.",
"$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension"
}, So after this PR, @alexmt had pointed this out as an inconsistency between the two fields that would make sense to fix. My thoughts on this:
|
Thinking about this some more, I think valuesObject behaving like SMP vs. json merge patch is completely moot. SMP matters most when there are merge keys in lists. But since |
The problem is that the inconsistency is the point of the field.
I think this is probably true, at least partially because we don't have many (any?) merge keys in the spec. But there are issues requesting merge keys for things like names of sources in multi-source apps, so using the openapi schema in Kustomize may become more popular.
True, I think that's a viable workaround for Kustomize users.
I don't think the target state of the other PR is SMP support, but rather just working JMP support. If I understand this PR correctly, it could take certain users back to "simple replace" instead of either SMP or JMP. imo using
|
status.sync.comparedTo
should use replace patch strategy
Thank you for catching it @crenshaw-dev . I agree the Kustomize use case is important and we should support it. I've realized that controller never modifies application spec. It only patches status. The error happens only when controller patches |
Oh nice that's genius-level stuff, thanks! Will review. |
status.sync.comparedTo
should use replace patch strategyd292362
to
685c3b8
Compare
@jessesuen, missed your comments, sorry. Adding tests from another PR - great suggestion. I think the replace strategy still affects kustomize because it prevent uses from merging even maps. It will be impossible to introduce one key in one patch and another key in other patch. |
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
685c3b8
to
184ab1d
Compare
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
184ab1d
to
9dde883
Compare
for me it's avoiding yaml string in yaml
if they dont behave equivalent, it should be documented? https://argo-cd.readthedocs.io/en/stable/user-guide/helm/#values |
@ro0NL behavior with respect to manifest hydration is identical. Patching behavior is different, but I think the difference is intuitive due to the field types. |
@crenshaw-dev excuse my ignorance. You mean ArgoCD uses a different update method depending on |
@ro0NL I just mean that it's possible for tools like Kustomize to apply json patches to the object field, but not the string field. From a user's perspective, everything else should behave the same. |
/cherry-pick release-2.11 |
* fix: status.sync.comparedTo should use replace patch strategy Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com> * add e2e tests Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com> --------- Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
/cherry-pick release-2.10 |
Cherry-pick failed with |
/cherry-pick release-2.9 |
Cherry-pick failed with |
#18071) * fix: status.sync.comparedTo should use replace patch strategy * add e2e tests --------- Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com> Co-authored-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
…oj#18061) * fix: status.sync.comparedTo should use replace patch strategy Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com> * add e2e tests Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com> --------- Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
…oj#18061) * fix: status.sync.comparedTo should use replace patch strategy Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com> * add e2e tests Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com> --------- Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
…oj#18061) * fix: status.sync.comparedTo should use replace patch strategy Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com> * add e2e tests Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com> --------- Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
#18075) * fix: status.sync.comparedTo should use replace patch strategy * add e2e tests --------- Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
#18076) * fix: status.sync.comparedTo should use replace patch strategy * add e2e tests --------- Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
#18077) * fix: status.sync.comparedTo should use replace patch strategy * add e2e tests --------- Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
Is it possible to know what release versions will contain this patch? I see the cherry picks failed for 2.9 and 2.10. Does that mean we need to wait until 2.11 comes out? |
Is it possible that this patch has suddenly changed the behavior of the Application Controller so that it isn't comparing things the same way? We are seeing a massive (relatively speaking) jump in the I suspect the issue has to do with how the code is comparing the
|
* fix: elements should be optional (argoproj#17424) (argoproj#17510) A bug was reported, where an applicationset with an empty elements array, when created with `argocd appset create <filename>.yaml` gets a `...list.elements: Required value` error. My hypothesis is that when calling the K8s API, golang JSON marshalling mangles the empty `elements` array to `nil`, rather than creating an empty array when submitting the `POST`. Still need to figure out why the same setup seemingly works fine when the same appset is in an app-of-apps. Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> Co-authored-by: Blake Pettersson <blake.pettersson@gmail.com> * Merge pull request from GHSA-jhwx-mhww-rgc3 * sec: limit helm index max size Signed-off-by: pashakostohrys <pavel@codefresh.io> * sec: limit helm index max size Signed-off-by: pashakostohrys <pavel@codefresh.io> * feat: fix tests and linter Signed-off-by: pashakostohrys <pavel@codefresh.io> --------- Signed-off-by: pashakostohrys <pavel@codefresh.io> * Bump version to 2.10.5 (argoproj#17654) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: pasha-codefresh <pasha-codefresh@users.noreply.github.com> * fix cosign (argoproj#17656) Signed-off-by: Justin Marquis <justin@akuity.io> * chore(deps): bump webpack-dev-middleware from 5.3.1 to 5.3.4 in /ui (argoproj#17598) (argoproj#17686) Bumps [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) from 5.3.1 to 5.3.4. - [Release notes](https://github.com/webpack/webpack-dev-middleware/releases) - [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md) - [Commits](webpack/webpack-dev-middleware@v5.3.1...v5.3.4) --- updated-dependencies: - dependency-name: webpack-dev-middleware dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix(ui): Fix color generation for pod name in logs viewer. Fixes argoproj#17704 (argoproj#17706) (argoproj#17710) * Fix color generation for pod name in logs viewer * Add rebuy to users.md --------- Signed-off-by: Philipp Trulson <der-eismann@users.noreply.github.com> Co-authored-by: Philipp Trulson <der-eismann@users.noreply.github.com> * fix: fix calculating patch for respect ignore diff feature (argoproj#17693) * test: unit test for respectIgnoreDifferences bug Signed-off-by: Jesse Suen <jesse@akuity.io> * test: simplify unit test Signed-off-by: Jesse Suen <jesse@akuity.io> * fix: fix calculating patch for respect ignore diff feature Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com> --------- Signed-off-by: Jesse Suen <jesse@akuity.io> Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com> Co-authored-by: Jesse Suen <jesse@akuity.io> * fix(security): use Chainguard fork of git-urls (argoproj#17732) (argoproj#17735) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * Bump version to 2.10.6 (argoproj#17744) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: alexmt <alexmt@users.noreply.github.com> * Merge pull request from GHSA-2gvw-w6fj-7m3c Signed-off-by: pashakostohrys <pavel@codefresh.io> * Bump version to 2.10.7 (argoproj#17831) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: pasha-codefresh <pasha-codefresh@users.noreply.github.com> * fix: docker build fails due to "The repository 'http://deb.debian.org/debian buster-backports Release' does not have a Release file." Signed-off-by: pashakostohrys <pavel@codefresh.io> * fix: codegen and e2e tests in release-2.10 (argoproj#17844) * fix: codegen and e2e tests Signed-off-by: pashakostohrys <pavel@codefresh.io> * fix: codegen and e2e tests Signed-off-by: pashakostohrys <pavel@codefresh.io> --------- Signed-off-by: pashakostohrys <pavel@codefresh.io> * chore: upgrade redis to 7.0.15 (argoproj#17666) Upgrade to latest stable 7.0.x version to fix CVEs: CVE-2023-41056 Signed-off-by: Tais P. Hansen <taishansen@gmail.com> * Merge pull request from GHSA-9m6p-x4h2-6frq * feat: limit jq.Run with timeout Signed-off-by: pashakostohrys <pavel@codefresh.io> * feat: ignore normalizer jq execution timeout as env variable Signed-off-by: pashakostohrys <pavel@codefresh.io> * feat: customize error message and add doc section Signed-off-by: pashakostohrys <pavel@codefresh.io> * feat: improve log and change a way how to get variable Signed-off-by: pashakostohrys <pavel@codefresh.io> * chore: fix import`s order Signed-off-by: pashakostohrys <pavel@codefresh.io> * chore: rename variable inside sts Signed-off-by: pashakostohrys <pavel@codefresh.io> * chore: fix import order Signed-off-by: pashakostohrys <pavel@codefresh.io> * chore: fix import`s order Signed-off-by: pashakostohrys <pavel@codefresh.io> --------- Signed-off-by: pashakostohrys <pavel@codefresh.io> * Merge pull request from GHSA-9m6p-x4h2-6frq * feat: limit jq.Run with timeout Signed-off-by: pashakostohrys <pavel@codefresh.io> * feat: ignore normalizer jq execution timeout as env variable Signed-off-by: pashakostohrys <pavel@codefresh.io> * feat: customize error message and add doc section Signed-off-by: pashakostohrys <pavel@codefresh.io> * feat: improve log and change a way how to get variable Signed-off-by: pashakostohrys <pavel@codefresh.io> * chore: fix import`s order Signed-off-by: pashakostohrys <pavel@codefresh.io> * chore: rename variable inside sts Signed-off-by: pashakostohrys <pavel@codefresh.io> * chore: fix import order Signed-off-by: pashakostohrys <pavel@codefresh.io> * chore: fix import`s order Signed-off-by: pashakostohrys <pavel@codefresh.io> --------- Signed-off-by: pashakostohrys <pavel@codefresh.io> * fix: codegen after security fix - 2.10 (argoproj#17985) * fix: codegen after security fix Signed-off-by: pashakostohrys <pavel@codefresh.io> * fix: codegen after security fix Signed-off-by: pashakostohrys <pavel@codefresh.io> --------- Signed-off-by: pashakostohrys <pavel@codefresh.io> * Bump version to 2.10.8 (argoproj#17990) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: pasha-codefresh <39732895+pasha-codefresh@users.noreply.github.com> * fix: enable sha256 and sha512 for git ssh (argoproj#18028) (argoproj#18029) * fix: bumping the knownhosts to v1.2.2 since this contains a fix that allows for sha256 and sha512 algorithms when using git ssh * chore: remove older version of module from go sum --------- Signed-off-by: Marc Arndt <marc@marcarndt.com> Signed-off-by: Marc Arndt <m.arndt@evana.de> Co-authored-by: Marc Arndt <marc@marcarndt.com> Co-authored-by: Marc Arndt <m.arndt@evana.de> * Bump version to 2.10.9 (argoproj#18033) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: jannfis <3942683+jannfis@users.noreply.github.com> * fix: status.sync.comparedTo should use replace patch strategy (argoproj#18061) (argoproj#18075) * fix: status.sync.comparedTo should use replace patch strategy * add e2e tests --------- Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com> * chore: bump go-jose from 3.0.1 to 3.0.3 (argoproj#18102) Signed-off-by: Jayendra Parsai <jparsai@jparsai-thinkpadp1gen4i.remote.csb> Co-authored-by: Jayendra Parsai <jparsai@jparsai-thinkpadp1gen4i.remote.csb> * docs: fix 404 styling (argoproj#18094) (argoproj#18105) * docs: fix 404 styling * hack around custom tag destruction --------- Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * chore: update gitops engine for force sync option (argoproj#5882) - 2.10 (argoproj#18123) Signed-off-by: pashakostohrys <pavel@codefresh.io> * fix: Enable Redis authentication in the default installation * fix: linter issue * fix: linter issue --------- Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> Signed-off-by: pashakostohrys <pavel@codefresh.io> Signed-off-by: GitHub <noreply@github.com> Signed-off-by: Justin Marquis <justin@akuity.io> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Philipp Trulson <der-eismann@users.noreply.github.com> Signed-off-by: Jesse Suen <jesse@akuity.io> Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Tais P. Hansen <taishansen@gmail.com> Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Signed-off-by: Marc Arndt <marc@marcarndt.com> Signed-off-by: Marc Arndt <m.arndt@evana.de> Signed-off-by: Jayendra Parsai <jparsai@jparsai-thinkpadp1gen4i.remote.csb> Co-authored-by: gcp-cherry-pick-bot[bot] <98988430+gcp-cherry-pick-bot[bot]@users.noreply.github.com> Co-authored-by: Blake Pettersson <blake.pettersson@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: pasha-codefresh <pasha-codefresh@users.noreply.github.com> Co-authored-by: Justin Marquis <76892343+34fathombelow@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Philipp Trulson <der-eismann@users.noreply.github.com> Co-authored-by: Alexander Matyushentsev <AMatyushentsev@gmail.com> Co-authored-by: Jesse Suen <jesse@akuity.io> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: alexmt <alexmt@users.noreply.github.com> Co-authored-by: Tais P. Hansen <taisph@users.noreply.github.com> Co-authored-by: Marc Arndt <marc@marcarndt.com> Co-authored-by: Marc Arndt <m.arndt@evana.de> Co-authored-by: jannfis <3942683+jannfis@users.noreply.github.com> Co-authored-by: Jayendra Parsai <jparsai@redhat.com> Co-authored-by: Jayendra Parsai <jparsai@jparsai-thinkpadp1gen4i.remote.csb> Co-authored-by: May Zhang <may_zhang@intuit.com>
Sorry, @PaulSonOfLars, I totally forgot to give you credit for the e2e tests. Fixing authorship in this PR: #18515 |
…oj#18061) (argoproj#18071) * fix: status.sync.comparedTo should use replace patch strategy * add e2e tests --------- Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com> Co-authored-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
…oj#18061) * fix: status.sync.comparedTo should use replace patch strategy Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com> * add e2e tests Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com> --------- Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
@alexmt Is this now released? Does this resolve the issue where the Argo CD app is in a degraded state despite being healthy? I followed bunch of PR links here and I am a bit confused. Thanks in advance! |
…oj#18061) * fix: status.sync.comparedTo should use replace patch strategy Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com> * add e2e tests Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com> --------- Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
@Laakso yes, i can confirm from ~ 6.10 of helm chart its out or ~2.11 of argo. whatever your install method is. |
Closes #15126
PR adds
patchStrategy:"replace"
tag to thestatus.sync.comparedTo
field to avoidunable to find api field in struct
error during calculating patch.