Hide internal resources from graphical view (using annotations)

[salaboy]

Summary

It will be great to have an annotation to hide internal resources that don't need to be shown to users on the graphical interface.

Motivation

Some frameworks can add internal resources that are not user-facing and can add a lot of complexity to the visualization of the user facing resources.

Proposal

Argo cd scans resources for a specific annotation and avoids displaying them in the user interface if the annotation is present. This will enable users to use tools like Kustomize or other tools to hide resources that are not useful for the users.

[salaboy]

I am attaching here an example with Knative

Where several resources are coming from apiVersion: networking.internal.knative.dev/v1alpha1 that can be annotated with a argocd/internal:true annotation or ArgoCD can look for the internal string in the apiVersion field. All these internal resources are not helpful for users to see, as they are only there to perform internal work for Knative.

[alexef]

I have another example where such an annotation would make sense: istio-root-cert Secret which shows as an Orphan on every Application.

[salaboy]

@alexef awesome!.. I will share this issue around, because the more examples we can provide the better

[alexef]

@salaboy it would be best if you can bring it to the Contributors meeting tomorrow (or every Thursday) for discussion

[salaboy]

@alexef it seems that tomorrow is cancelled due US holidays :(

[csantanapr]

What about considering which persona or context? like admins might want not want to hide when debugging something Maybe a setting in the console to toggle the feature?

[alexef]

I like this idea. A checkmark like "Show Orphaned" - "Show Hidden"?

[salaboy]

sounds good to me.. I would call it "internal" but I am biased by the knative API concepts.

[chenrog]

Was this ever discussed? This feature still seems like a great move Alternatively, is there an existing way to do this without annotations? I've looked around but this seems to be the only issue that is discussing hiding resources

[jacek-jablonski]

As for now, is it any way to hide Workflows run by Argo Workflows which are produced by CronWorkflow?

It produces very high amount of resources to render and browser tab becomes unresponsive.

[fgiannetti]

Add another example. With Karpenter provisioners, the nodes and related are showed. It would be great if we can hide those resources from the view

Thank you!

[crenshaw-dev]

We already have a "collapse" button. Maybe the annotation could indicate collapsed-by-default.

[revolunet]

Hi, we're using CNPG and it plays well with ArgoCD but it produce a LOT of resources (+70 with backups) and it would be very handy to be able to hide some resources and toggle collapse based on annotations.

[m00nyONE]

we got the same here with aquasec vulnerability reports. Every pod gets checked by our trivi scanner and creates a resource for it. so there 5 resources related to every pod. This sadly makes the UI almost unreadable sometimes.

[crenshaw-dev]

Is anyone up to implement a collapse-by-default annotation?

[crenshaw-dev]

Would it be possible for y'alls use cases to just exclude the resource using an AppProject's resource exclusion rules? That should also improve performance, because the controller won't need to refresh the app every time one of those resources changes.

[phj-incom]

@crenshaw-dev That would be fine for our use case, and a nice solution as well.

[m00nyONE]

@crenshaw-dev theoretically this should work

[daftping]

If I am not mistaken you can "hide" the child resources (not directly managed by Argo CD), by blocking these resources on the project level.

  namespaceResourceBlacklist:
  - group: '<group>'
    kind: <kind>

[phyzical]

@daftping can confirm this worked for me

[gaeljw]

The solution to use namespaceResourceBlacklist works but it means you have to set it on all AppProject, right?

For excluding resources like Trivy (security reports and stuff like that), it means you have to configure almost every AppProject as they'll all contain such resources.

[phyzical]

@gaeljw yep thats correct.