Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unnecessary Harbor Pod Restarts Triggered on every PR merge #1901

Open
amar-opsverse opened this issue Jan 2, 2025 · 0 comments
Open

Unnecessary Harbor Pod Restarts Triggered on every PR merge #1901

amar-opsverse opened this issue Jan 2, 2025 · 0 comments

Comments

@amar-opsverse
Copy link

Expected behavior and actual behavior:

Expected behavior:
Harbor pods should remain stable without unnecessary restarts when no functional changes are made to Harbor's configuration or resources. ArgoCD should only trigger syncs for actual changes in Harbor's deployment or configuration.

Actual behavior:
Every time a PR is merged into the GitOps repository, ArgoCD detects changes in Harbor-related resources (like secrets or ConfigMaps) and triggers a sync. This results in Harbor pods restarting, even when there are no functional changes. This disrupts availability, impacts builds, and causes unnecessary delays in deployments.
Despite adding the ignoreDifferences rule for Harbor-related secrets in the ArgoCD App YAML, the pod restarts continue due to the checksum in Helm templates for the Deployment and StatefulSet, which detects changes in the associated resources.

Steps to reproduce the problem:

Set up Harbor with ArgoCD for GitOps-based deployment.
Add Harbor to ArgoCD with ignoreDifferences set for secrets and ConfigMaps in the ArgoCD App YAML.
Merge any PR to the GitOps repository that isn't related to Harbor.
Observe that ArgoCD triggers a sync, resulting in Harbor pods restarting, even if no changes were made to Harbor-related resources.
Versions:

Harbor version: v2.5.5
Kubernetes version: 1.31
ArgoCD version: v2.3.3
Helm version: v3.15.4

harbor:
  expose:
    type: ingress
    tls:
      enabled: true
      certSource: secret
      secretName: infra-harbor-ingress
      notarySecretName: infra-harbor-ingress-notary
    ingress:
      hosts:
        core: registry.devopsnow.io
        notary: notary-registry.devopsnow.io
      controller: default
      annotations:
        ingress.kubernetes.io/ssl-redirect: "true"
        ingress.kubernetes.io/proxy-body-size: "0"
        nginx.ingress.kubernetes.io/ssl-redirect: "true"
        nginx.ingress.kubernetes.io/proxy-body-size: "0"
        cert-manager.io/cluster-issuer: cluster-letsencrypt-prod
    clusterIP:
      name: harbor
      annotations: {}
      ports:
        httpPort: 80
        httpsPort: 443
        notaryPort: 4443

  externalURL: https://registry.devopsnow.io

  persistence:
    enabled: true
    resourcePolicy: "keep"
    imageChartStorage:
      type: s3
      s3:
        region: us-east-1
        bucket: "<BUCKET_NAME>"
        accesskey: "<ACCESS_KEY>"
        secretkey: "<SECRET_KEY>"

  updateStrategy:
    type: Recreate

  harborAdminPassword: "<HARBOR_ADMIN_PASSWORD>"

  core:
    replicas: 2

  registry:
    replicas: 2
    relativeurls: true

  chartmuseum:
    replicas: 1

  trivy:
    enabled: true
    image:
      tag: v2.9.1
    gitHubToken: "<GITHUB_TOKEN>"
    skipUpdate: false

  notary:
    server:
      replicas: 2
    signer:
      replicas: 2

Screenshot 2024-12-30 at 5 23 17 PM
Screenshot 2024-12-30 at 5 23 53 PM
Screenshot 2024-12-23 at 10 57 09 AM
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@amar-opsverse