Enhance hubble-server-certs management for Argo CD by adding a new configuration option and updating tasks to ensure compatibility with older kubectl versions. This includes improved handling of managed fields for Helm SSA conflict resolution.
This commit is contained in:
Nikholas Pcenicni
@@ -1,4 +1,8 @@
|
|||||||
---
|
---
|
||||||
# When true, delete **kube-system/hubble-server-certs** if its **managedFields** show **argocd-controller**
|
# When true, delete **kube-system/hubble-server-certs** if **managedFields** show **argocd-controller**
|
||||||
# (recover from Helm SSA conflicts after Argo synced Cilium before Ansible).
|
# (recover from Helm SSA conflicts after Argo synced Cilium before Ansible). Requires **kubectl** with
|
||||||
|
# **--show-managed-fields** on the pre-check (see tasks).
|
||||||
noble_cilium_repair_argo_ssa_on_hubble_secret: true
|
noble_cilium_repair_argo_ssa_on_hubble_secret: true
|
||||||
|
# When true, delete **hubble-server-certs** whenever it exists (before Helm). Use only if the Argo check
|
||||||
|
# still does not fire (older kubectl) or you need a one-shot cleanup.
|
||||||
|
noble_cilium_delete_hubble_server_certs_if_present: false
|
||||||
|
|||||||
@@ -1,6 +1,7 @@
|
|||||||
---
|
---
|
||||||
# Argo may have server-side-applied chart-owned Secrets during earlier runs; Helm then fails with
|
# Argo may have server-side-applied chart-owned Secrets during earlier runs; Helm then fails with
|
||||||
# "conflict with argocd-controller". Drop the Secret only when that manager is present.
|
# "conflict with argocd-controller". **kubectl** omits **managedFields** unless **--show-managed-fields=true**.
|
||||||
|
# We delete the Secret only when **argocd-controller** appears there (or set **noble_cilium_delete_hubble_server_certs_if_present**).
|
||||||
- name: Read hubble-server-certs Secret (if any) for SSA repair
|
- name: Read hubble-server-certs Secret (if any) for SSA repair
|
||||||
ansible.builtin.command:
|
ansible.builtin.command:
|
||||||
argv:
|
argv:
|
||||||
@@ -10,6 +11,7 @@
|
|||||||
- hubble-server-certs
|
- hubble-server-certs
|
||||||
- -n
|
- -n
|
||||||
- kube-system
|
- kube-system
|
||||||
|
- --show-managed-fields=true
|
||||||
- -o
|
- -o
|
||||||
- json
|
- json
|
||||||
environment:
|
environment:
|
||||||
@@ -35,7 +37,7 @@
|
|||||||
- noble_cilium_repair_argo_ssa_on_hubble_secret | default(true) | bool
|
- noble_cilium_repair_argo_ssa_on_hubble_secret | default(true) | bool
|
||||||
- not (noble_cilium_hubble_secret_json.skipped | default(false))
|
- not (noble_cilium_hubble_secret_json.skipped | default(false))
|
||||||
- noble_cilium_hubble_secret_json.rc | default(-1) | int == 0
|
- noble_cilium_hubble_secret_json.rc | default(-1) | int == 0
|
||||||
- '"argocd-controller" in (noble_cilium_hubble_secret_json.stdout | default(""))'
|
- (noble_cilium_delete_hubble_server_certs_if_present | default(false) | bool) or ("argocd-controller" in (noble_cilium_hubble_secret_json.stdout | default("")))
|
||||||
changed_when: true
|
changed_when: true
|
||||||
|
|
||||||
- name: Install Cilium (required CNI for Talos cni:none)
|
- name: Install Cilium (required CNI for Talos cni:none)
|
||||||
|
|||||||
Reference in New Issue
Block a user