diff --git a/stacks/beads-server/main.tf b/stacks/beads-server/main.tf index 22e31480..91ed3755 100644 --- a/stacks/beads-server/main.tf +++ b/stacks/beads-server/main.tf @@ -29,6 +29,7 @@ resource "kubernetes_namespace" "beads" { name = "beads-server" labels = { tier = local.tiers.aux + "keel.sh/enrolled" = "true" } } lifecycle { @@ -177,7 +178,11 @@ resource "kubernetes_deployment" "dolt" { } lifecycle { ignore_changes = [ - spec[0].template[0].spec[0].dns_config # KYVERNO_LIFECYCLE_V1 + spec[0].template[0].spec[0].dns_config, # KYVERNO_LIFECYCLE_V1 + metadata[0].annotations["keel.sh/policy"], + metadata[0].annotations["keel.sh/trigger"], + metadata[0].annotations["keel.sh/pollSchedule"], # KYVERNO_LIFECYCLE_V2 + spec[0].template[0].spec[0].container[0].image, # KEEL_IGNORE_IMAGE ] } } @@ -381,7 +386,11 @@ resource "kubernetes_deployment" "workbench" { } lifecycle { ignore_changes = [ - spec[0].template[0].spec[0].dns_config # KYVERNO_LIFECYCLE_V1 + spec[0].template[0].spec[0].dns_config, # KYVERNO_LIFECYCLE_V1 + metadata[0].annotations["keel.sh/policy"], + metadata[0].annotations["keel.sh/trigger"], + metadata[0].annotations["keel.sh/pollSchedule"], # KYVERNO_LIFECYCLE_V2 + spec[0].template[0].spec[0].container[0].image, # KEEL_IGNORE_IMAGE ] } } @@ -654,7 +663,11 @@ resource "kubernetes_deployment" "beadboard" { } lifecycle { ignore_changes = [ - spec[0].template[0].spec[0].dns_config # KYVERNO_LIFECYCLE_V1 + spec[0].template[0].spec[0].dns_config, # KYVERNO_LIFECYCLE_V1 + metadata[0].annotations["keel.sh/policy"], + metadata[0].annotations["keel.sh/trigger"], + metadata[0].annotations["keel.sh/pollSchedule"], # KYVERNO_LIFECYCLE_V2 + spec[0].template[0].spec[0].container[0].image, # KEEL_IGNORE_IMAGE ] } } diff --git a/stacks/llama-cpp/main.tf b/stacks/llama-cpp/main.tf index 27c952d6..13b3cb3b 100644 --- a/stacks/llama-cpp/main.tf +++ b/stacks/llama-cpp/main.tf @@ -101,6 +101,7 @@ resource "kubernetes_namespace" "llama_cpp" { labels = { tier = local.tiers.gpu "istio-injection" = "disabled" + "keel.sh/enrolled" = "true" } } lifecycle { @@ -372,6 +373,10 @@ resource "kubernetes_deployment" "llama_swap" { lifecycle { ignore_changes = [ spec[0].template[0].spec[0].dns_config, # KYVERNO_LIFECYCLE_V1 + metadata[0].annotations["keel.sh/policy"], + metadata[0].annotations["keel.sh/trigger"], + metadata[0].annotations["keel.sh/pollSchedule"], # KYVERNO_LIFECYCLE_V2 + spec[0].template[0].spec[0].container[0].image, # KEEL_IGNORE_IMAGE ] } diff --git a/stacks/novelapp/main.tf b/stacks/novelapp/main.tf index 1c66030b..fe50a66f 100644 --- a/stacks/novelapp/main.tf +++ b/stacks/novelapp/main.tf @@ -36,6 +36,7 @@ resource "kubernetes_namespace" "novelapp" { labels = { "istio-injection" : "disabled" tier = local.tiers.aux + "keel.sh/enrolled" = "true" } } lifecycle { diff --git a/stacks/plotting-book/main.tf b/stacks/plotting-book/main.tf index 1f6f2b06..a0e8f3d9 100644 --- a/stacks/plotting-book/main.tf +++ b/stacks/plotting-book/main.tf @@ -9,6 +9,7 @@ resource "kubernetes_namespace" "plotting-book" { labels = { "istio-injection" : "disabled" tier = local.tiers.aux + "keel.sh/enrolled" = "true" } } lifecycle { diff --git a/stacks/trading-bot/main.tf b/stacks/trading-bot/main.tf index ff35f6c9..21281897 100644 --- a/stacks/trading-bot/main.tf +++ b/stacks/trading-bot/main.tf @@ -35,6 +35,7 @@ resource "kubernetes_namespace" "trading-bot" { name = "trading-bot" labels = { tier = local.tiers.edge + "keel.sh/enrolled" = "true" } } }