Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

htpasswd function generates new htpasswd on every helm upgrade / gitops deploy #1102

Closed
mweibel opened this issue Nov 25, 2021 · 5 comments
Closed

htpasswd function generates new htpasswd on every helm upgrade / gitops deploy #1102

mweibel opened this issue Nov 25, 2021 · 5 comments
Assignees
@reasonerjt
Labels
Stale

Comments

@mweibel
Copy link

mweibel commented Nov 25, 2021

hi

I had issues with replicasets being recreated way too often and upon looking closer into it I saw that there are several random generators in the helm chart which cause those secrets to change and the deployments to automatically create new replicasets.

Related issues are: #459, #107, #597

I have a similar issue with registry-htpasswd secret as the htpasswd function creates a new value on each call. I changed that locally to have a separate value too:

REGISTRY_HTPASSWD: {{ .Values.registry.credentials.htpasswd | default (htpasswd .Values.registry.credentials.username .Values.registry.credentials.password) | b64enc | quote }}

But that's a bit ugly, not sure if you want that in the helm chart.

Anyway I think there should be somewhere a word of warning about using GitOps tools with this helm chart specifying which values need to be set to avoid the recreation of replicasets over and over again. Or remove the automatic defaults and require the user to specify those secrets like it's done with several other secrets (secretKey f.e.)

JFYI I needed to set:

.Values.registry.secret
.Values.jobservice.secret
.Values.core.secret
.Values.core.xsrfKey
.Values.registry.credentials.htpasswd (new, does not exist usually)
@TomHellier
Copy link
Contributor

I've been seeing something similar, I use argocd to deploy harbor, and its pointed at a monorepo which updates these resources whenever a PR is merged into master.

I'd welcome some change which would support gitops

@sebtiz13
Copy link

sebtiz13 commented Jan 20, 2022
edited
Loading

Hello have you try to ignore the generated secret in your Argo CD app ?

For exemple to ignore REGISTRY_HTPASSWD in harbor-registry secret

spec:
  ignoreDifferences:
    - kind: Secret
      name: harbor-registry
      jsonPointers:
        - /data/REGISTRY_HTPASSWD

I had the same issue with generation of notary certificates, I tried these approaches and it seems to work for now.

For more information:
https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/

@TomHellier
Copy link
Contributor

That's a great idea, I will give it a go tomorrow. I typically only have used ignoreDifferences where apps show out of sync for reasons I cannot easily control without updating upstream charts.

@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 8, 2024

This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.

@github-actions github-actions bot added the Stale label Feb 8, 2024
@github-actions GitHub Actions
Copy link

This issue was closed because it has been stalled for 30 days with no activity. If this issue is still relevant, please re-open a new issue.

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Mar 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@reasonerjt reasonerjt

Labels
Stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mweibel @sebtiz13 @reasonerjt @TomHellier