ApplicationSet not works as expected when parameter inClusterEnabled is "false"

[vhsantos]

Summary

If you set the parameter inClusterEnabled to "false" and create an ApplicationSet, argo-cd will still try to deploy the application on local cluster (kubernetes.default.svc) and it will show the app on local cluster as "Status = Unknown"

Logs and manifests

app output

$ argocd app list
NAME                       CLUSTER                         NAMESPACE       PROJECT   STATUS   HEALTH   SYNCPOLICY  CONDITIONS                     
sealed-secrets-at-lab      https://10.12.101.49:6443       sealed-secrets  xxxxxxxx  Synced   Healthy  Auto-Prune  <none>                         
sealed-secrets-in-cluster  https://kubernetes.default.svc  sealed-secrets  xxxxxxxx  Unknown  Healthy  Auto-Prune  ComparisonError(2),UnknownError

argocd-applicationset-controller logs

level=info msg="ApplicationSet controller v2.4.6+a48bca0 using namespace 'argo-dev' namespaceargo-devCOMMIT_IDa48bca03c79b6d63be0c34d6094831bc6916b3bc"
level=info msg="Starting configmap/secret informers"
level=info msg="Configmap/secret informer synced"
level=info msg="Starting webhook server"
level=info msg="Starting manager"
level=info msg="processing event for cluster secret" name=cluster-10.12.101.49-2217194788 namespace=argo-dev type=createSecretEventHandler
level=info msg="listed ApplicationSets" count=1 type=createSecretEventHandler
level=info msg="matched local cluster" cluster="local cluster"
level=info msg="matched cluster secret" cluster=cluster-10.12.101.49-2217194788
level=info msg="generated 2 applications" generator="{<nil> 0xc0009e6160 <nil> <nil> <nil> <nil> <nil> <nil>}"
level=info msg="unchanged Application" app=sealed-secrets-in-cluster appSet=sealed-secrets
level=info msg="unchanged Application" app=sealed-secrets-at-lab appSet=sealed-secrets
level=info msg="end reconcile" requeueAfter=0s
level=info msg="matched local cluster" cluster="local cluster"
level=info msg="matched cluster secret" cluster=cluster-10.12.101.49-2217194788
level=info msg="generated 2 applications" generator="{<nil> 0xc000ba5e40 <nil> <nil> <nil> <nil> <nil> <nil>}"
level=info msg="unchanged Application" app=sealed-secrets-in-cluster appSet=sealed-secrets
level=info msg="unchanged Application" app=sealed-secrets-at-lab appSet=sealed-secrets

applicationset

apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
  name: sealed-secrets
spec:
  generators:
    - clusters: {}
  template:
    metadata:
      name: "sealed-secrets-{{name}}"
    spec:
      project: sysadmin
      source:
        repoURL: https://xxxxxxxxxxxxxxx/sealedsecrets.git
        targetRevision: master
        path: "{{name}}"
      destination:
        namespace: sealed-secrets
        server: "{{server}}"
      syncPolicy:
        automated:
          prune: true
          selfHeal: true
          allowEmpty: true
  syncPolicy:
    preserveResourcesOnDeletion: true

Proposal and expected behavior

ApplicationSet should not try to deploy applications on local clusters disabled by parameter inClusterEnabled.

Related Tickets

• 7571
• 7620

[crenshaw-dev]

To clarify, cluster.inClusterEnabled is a setting in the argocd-cm ConfigMap. The ApplicationSet controller will have to read that value. I assume we'd also want it to auto-update the parameters when the ConfigMap changes, which might make this a little tricky.