-
Notifications
You must be signed in to change notification settings - Fork 5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow resources to be excluded from sync via annotation #1373
Comments
Alternatively, we could come up with a different understanding of "ownership" other than the instance label. For example we could switch to injection of an annotation, instead of a label. With the new controller design, we actually no longer depend on the injected object being a label, since we no longer query by label. |
You may be able to exclude a resource from sync using See https://argoproj.github.io/argo-cd/user-guide/resource_hooks/#available-hooks. |
Oh... sneaky ;) Does this also affect the sync status calculation? In fact, I think I'm looking more like something as described in #1629 (comment). Maybe close this one in favor of #1629? |
Not sure about the sync status. You'll need to experiment. |
I have agreement with @alexec on syntax. Resources can be annotated like the following: metadata:
annotations:
compare-options: IgnoreExtraneous
sync-options: Prune=false In the future, these options might be expanded: metadata:
annotations:
compare-options: IgnoreExtraneous,IgnoreDifference=/spec/some/field
sync-options: Prune=false,Validate=false,Force=true,ConfigGC=enabled |
Is there a way to tell ArgoCD to just completely disregard any child resources created by a resource managed by Argo? We're deploying HNC with Argo and it's creating n number of namespaces - don't really need Argo to manage those at all, but unfortunately we also do need Argo to create some namespaces outside of HNC (so we can't just ignore all namespace objects). |
@rayterrill I ran into the same and was able to resolve this by adding the below annotation to the resources which are being propagated by the HNC CR: metadata:
annotations:
argocd.argoproj.io/compare-options: IgnoreExtraneous Something to keep in mind is that the resource itself will still be shown out of sync, but in the overall application status, the annotated resource out of sync status will be ignored. So, it is required for all the resources to be annotated and then the application will report a Synced status. |
based on @abhi-kapoor 's answer, this is my automated solution : apiVersion: batch/v1
kind: Job
metadata:
name: exclude-sync-some-argocd-resources
annotations:
argocd.argoproj.io/sync-wave: "0"
argocd.argoproj.io/hook: PostSync
argocd.argoproj.io/hook-delete-policy: HookSucceeded
spec:
template:
spec:
containers:
- name: kubectl
image: bitnami/kubectl:{{ .Capabilities.KubeVersion }}
command:
- /bin/sh
- -c
- |
kubeclt annotate cm,secret,anyotherresoruce \
-lapp.kubernetes.io/instance={{ .Release.Name }} \
argocd.argoproj.io/compare-options=IgnoreExtraneous --overwrite
restartPolicy: Never
serviceAccount: kube-bot
serviceAccountName: kube-bot
backoffLimit: 2 |
any annotation to disable sync, not only IgnoreExtraneous |
In order to allow more fine-grained control over the synchronization behavior of individual resources, Argo CD could support a certain annotation, like e.g.
argocd.argoproj.io/synchronization: Exclude
that can be added to resources to exclude them from being synchronized, similar to the globalresource.exclusions
setting.This might come in handy for a variety of use cases, one of them being kustomize/commonLabels (like described in #1250 (comment)). So one can propagate the
app.kubernetes.io/instance
label to dependent, auto-generated resources that Argo CD cannot correlate with their owning resources (like PersistentVolumeClaims generated from volumeClaimTemplates) and also add the "exclude" annotation to them.The text was updated successfully, but these errors were encountered: