From 756ac9e32d9eb27992ea2d61c2c0f1db09e3d02b Mon Sep 17 00:00:00 2001 From: Simon Gerber Date: Wed, 26 Jun 2024 10:42:28 +0200 Subject: [PATCH] Remove `hook=PostSync` annotation from hook RBAC This should fix the intermittent KubeJobFailed alerts for the post-sync hook job, since the job sometimes fails because the ServiceAccount and RBAC rules are missing. --- component/hooks.jsonnet | 9 --------- tests/golden/defaults/argocd/argocd/25_hooks/hooks.yaml | 9 +++------ tests/golden/openshift/argocd/argocd/25_hooks/hooks.yaml | 9 +++------ tests/golden/params/argocd/argocd/25_hooks/hooks.yaml | 9 +++------ .../golden/prometheus/argocd/argocd/25_hooks/hooks.yaml | 9 +++------ 5 files changed, 12 insertions(+), 33 deletions(-) diff --git a/component/hooks.jsonnet b/component/hooks.jsonnet index 69124187..5dd94129 100644 --- a/component/hooks.jsonnet +++ b/component/hooks.jsonnet @@ -10,9 +10,6 @@ local name = 'argocd-hooks'; local role = kube.Role(name) { metadata+: { namespace: params.namespace, - annotations+: { - 'argocd.argoproj.io/hook': 'PostSync', - }, }, rules: [ { @@ -31,18 +28,12 @@ local role = kube.Role(name) { local serviceAccount = kube.ServiceAccount(name) { metadata+: { namespace: params.namespace, - annotations+: { - 'argocd.argoproj.io/hook': 'PostSync', - }, }, }; local roleBinding = kube.RoleBinding(name) { metadata+: { namespace: params.namespace, - annotations+: { - 'argocd.argoproj.io/hook': 'PostSync', - }, }, subjects_: [ serviceAccount ], roleRef_: role, diff --git a/tests/golden/defaults/argocd/argocd/25_hooks/hooks.yaml b/tests/golden/defaults/argocd/argocd/25_hooks/hooks.yaml index d5709c46..9197d6ad 100644 --- a/tests/golden/defaults/argocd/argocd/25_hooks/hooks.yaml +++ b/tests/golden/defaults/argocd/argocd/25_hooks/hooks.yaml @@ -1,8 +1,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - argocd.argoproj.io/hook: PostSync + annotations: {} labels: name: argocd-hooks name: argocd-hooks @@ -31,8 +30,7 @@ rules: apiVersion: v1 kind: ServiceAccount metadata: - annotations: - argocd.argoproj.io/hook: PostSync + annotations: {} labels: name: argocd-hooks name: argocd-hooks @@ -41,8 +39,7 @@ metadata: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - argocd.argoproj.io/hook: PostSync + annotations: {} labels: name: argocd-hooks name: argocd-hooks diff --git a/tests/golden/openshift/argocd/argocd/25_hooks/hooks.yaml b/tests/golden/openshift/argocd/argocd/25_hooks/hooks.yaml index d5709c46..9197d6ad 100644 --- a/tests/golden/openshift/argocd/argocd/25_hooks/hooks.yaml +++ b/tests/golden/openshift/argocd/argocd/25_hooks/hooks.yaml @@ -1,8 +1,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - argocd.argoproj.io/hook: PostSync + annotations: {} labels: name: argocd-hooks name: argocd-hooks @@ -31,8 +30,7 @@ rules: apiVersion: v1 kind: ServiceAccount metadata: - annotations: - argocd.argoproj.io/hook: PostSync + annotations: {} labels: name: argocd-hooks name: argocd-hooks @@ -41,8 +39,7 @@ metadata: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - argocd.argoproj.io/hook: PostSync + annotations: {} labels: name: argocd-hooks name: argocd-hooks diff --git a/tests/golden/params/argocd/argocd/25_hooks/hooks.yaml b/tests/golden/params/argocd/argocd/25_hooks/hooks.yaml index d5709c46..9197d6ad 100644 --- a/tests/golden/params/argocd/argocd/25_hooks/hooks.yaml +++ b/tests/golden/params/argocd/argocd/25_hooks/hooks.yaml @@ -1,8 +1,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - argocd.argoproj.io/hook: PostSync + annotations: {} labels: name: argocd-hooks name: argocd-hooks @@ -31,8 +30,7 @@ rules: apiVersion: v1 kind: ServiceAccount metadata: - annotations: - argocd.argoproj.io/hook: PostSync + annotations: {} labels: name: argocd-hooks name: argocd-hooks @@ -41,8 +39,7 @@ metadata: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - argocd.argoproj.io/hook: PostSync + annotations: {} labels: name: argocd-hooks name: argocd-hooks diff --git a/tests/golden/prometheus/argocd/argocd/25_hooks/hooks.yaml b/tests/golden/prometheus/argocd/argocd/25_hooks/hooks.yaml index d5709c46..9197d6ad 100644 --- a/tests/golden/prometheus/argocd/argocd/25_hooks/hooks.yaml +++ b/tests/golden/prometheus/argocd/argocd/25_hooks/hooks.yaml @@ -1,8 +1,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - annotations: - argocd.argoproj.io/hook: PostSync + annotations: {} labels: name: argocd-hooks name: argocd-hooks @@ -31,8 +30,7 @@ rules: apiVersion: v1 kind: ServiceAccount metadata: - annotations: - argocd.argoproj.io/hook: PostSync + annotations: {} labels: name: argocd-hooks name: argocd-hooks @@ -41,8 +39,7 @@ metadata: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - annotations: - argocd.argoproj.io/hook: PostSync + annotations: {} labels: name: argocd-hooks name: argocd-hooks