Vault Secrets Operator Restart Annotation shows resources as out of drift #24598
Unanswered
the-green-man14
asked this question in
Q&A
Replies: 1 comment
-
|
It is worth noting that this solution has been provided before: But that appears to ignore all annotations from my testing which isn't ideal as sometimes we want annotations to be synced from argo |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hello,
We have Vault Secrets Operator configured to restart deployments when vault secrets get changed. As part of this, it adds the following annotation to deployments:
spec:
metadata:
annotations:
vso.secrets.hashicorp.com/restartedAt: '2025-09-16T08:00:52Z'
How is it possible to get argocd to ignore this annotation for the whole of argocd?
https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#system-level-configuration
We have tried to ignore differences like the below:
resource.customizations.ignoreDifferences.apps_Deployment: |
jqPathExpressions:
- '.spec.template.metadata.annotations."vso.secrets.hashicorp.com/restartedAt"'
resource.customizations.ignoreDifferences.apps_ReplicaSet: |
jqPathExpressions:
- '.spec.template.metadata.annotations."vso.secrets.hashicorp.com/restartedAt"'
resource.customizations.ignoreDifferences.apps_StatefulSet: |
jqPathExpressions:
- '.spec.template.metadata.annotations."vso.secrets.hashicorp.com/restartedAt"'
However, then the annotation field just becomes out of sync despite the vso correctly being hidden.
Does anyone have any recommendations on how they go this to work nicely?
Beta Was this translation helpful? Give feedback.
All reactions