search

argoproj / argo-cd

Declarative Continuous Deployment for Kubernetes
https://argo-cd.readthedocs.io
Apache License 2.0
17.92k stars 5.46k forks source link

How to have ArgoCD manage lifecycle of Lease resource #12722

Open james-callahan opened 1 year ago

james-callahan commented 1 year ago

Checklist:

Describe the bug

I get a warning:

ExcludedResourceWarning Resource coordination.k8s.io/Lease mylease is excluded in the settings

My Lease is not created when I sync my application.

It appears that this resource kind is hardcoded to always be excluded: https://github.com/argoproj/argo-cd/blob/352e51fdbd1bc729178ca5c16880dc9fcb5a5504/util/settings/resources_filter.go#L10

To Reproduce

Include a Lease as part of your application manifests. e.g.

apiVersion: coordination.k8s.io/v1
kind: Lease
metadata:
  name: mylease
spec: {}

Expected behavior

The lease should be created/managed.

I have the Lease as part of my application, as I don't wish to grant an RBAC role to the service to create arbitrarily named leases (The Kubernetes create RBAC doesn't allow you to limit by resourceName), but only to update a specific lease.

Version

argocd-server: v2.6.3+e05298b
shivjm commented 1 year ago

Same issue with Linkerd. edge-23.3.2 uses a Lease object. Argo CD ignores it and prevents the Application from syncing.

log1cb0mb commented 1 year ago

@shivjm Did you manage to workaround this? Facing same with edge-23.3.4

shivjm commented 1 year ago

Unfortunately not. I’m stuck on the previous version for now.

netanel-sayada commented 1 year ago

Also having this issue with Lease object.

rodrigoalvamat commented 1 year ago

Also having the same issue with linkerd edge-23.3.4 and argocd v2.6.7

andreygolev commented 1 year ago

Having same issue with Linkerd, which chart creates Lease objects. ArgoCD ignores it. Created Lease object manually as a workaround.

TheStopsign commented 1 year ago

Would love to maybe see an acknowledgeDifferences option (or some similar functionality) to override, ignore, etc. the hard-coded defaults in ArgoCD for specific Applications (if not already possible).

Experienced this deploying Linkerd stable-2.13.0, as the Lease has made its way there now.

SansDK commented 1 year ago

Also having this issue with Linkerd stable-2.13.0. I created a ticket in the Linkerd support forum so that they are also aware of this issue.

janlonsetteig commented 1 year ago

Should not the Lease object be runtime only? So not part of the Helm chart at all. The applications that use a Lease object should create it in runtime

SansDK commented 1 year ago

Also, I've opened an issue over @ Linkerd, since this is probably an issue that Linkerd should and can fix. Instead of the Lease object being a part of the helm chart, I think it should be created at runtime by the destination pod(s).

https://github.com/linkerd/linkerd2/issues/10762

james-callahan commented 1 year ago

Instead of the Lease object being a part of the helm chart, I think it should be created at runtime by the destination pod(s).

No; a create in kubernetes RBAC cannot be restricted to a specific name. An application that holds a lease should only ever need update permissions on its specific resource.

kahirokunn commented 4 months ago

I got the same issue.