search

argoproj / argo-cd

Declarative Continuous Deployment for Kubernetes
https://argo-cd.readthedocs.io
Apache License 2.0
17.61k stars 5.37k forks source link

apiVersion in Live Manifest in ArgoCD differs from the one in K8s #12901

Open Armstrong4444 opened 1 year ago

Armstrong4444 commented 1 year ago

If apiVersion in yaml manifests is deprecated, K8s automatically changes its value to the latest one. But ArgoCD doesn´t reflect to this change. It leads to situations that the Live Manifests in ArgoCD is different from the ones in Kubernetes. This thing can cause wrong diffs between git repo and Live manifests in ArgoCD.

If I execute kubectl diff command I can see warning in shell: Warning: secrets-store.csi.x-k8s.io/v1alpha1 is deprecated. Use secrets-store.csi.x-k8s.io/v1 instead. But I can´t see any warning like that in ArgoCD.

To Reproduce

  1. Create, for Example SecretProviderClass, manifest with apiVersion secrets-store.csi.x-k8s.io/v1alpha1
  2. Sync this manifest with target K8s cluster through ArgoCD
  3. Go to ArgoCD Web UI and open the Live Manifest on the appropriate SecretProviderClass resource. Check apiVersion item.
  4. Check the apiVersion item again in shell by executing kubectl get secretproviderclass <name> -o yaml and check apiVersion in it. There is the difference.

Expected behavior I would expect corresponding values in apiVersion item in Live Manifest in ArgoCD as it is in K8s or some warning about this situation during comparing manifests in git repo and K8s.

Screenshots image image

Version

argocd: v2.5.4+86b2dde
  BuildDate: 2022-12-06T20:09:11Z
  GitCommit: 86b2dde8e4bf1187acd2b4294e94451cd104dad8
  GitTreeState: clean
  GoVersion: go1.18.8
  Compiler: gc
  Platform: linux/amd64
WARN[0000] Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web.
argocd-server: v2.6.3+e05298b
willemm commented 1 year ago

I think this is by design. ArgoCD needs to see the changes from the manifest in git, and the resource in kubernetes. So therefore it requests the k8s resource manifest with the version from the git repo (which is a standard feature in kubernetes).

However, what would be very useful is if ArgoCD flags a deprecated resource, so that the user knows they're using a deprecated api version. (Is there already a feature request for that?) Argocd should know it's deprecated because the k8s api gives it a warning header every time it accesses the resource.

yogeek commented 1 year ago

@willemm what you propose seems interesting (the deprecation flag) because the difference between ArgoCD Live Manifest and the one in K8S also suprised us and it appeared "like a bug" at first sight.

JerbiAhmed commented 6 months ago

I don't believe the situation is normal; ArgoCD should be able to detect any changes in the deployed manifests and reflect that in the live manifest section, regardless of what is read from git.

evilr00t commented 4 days ago

Bump. Any update on this one?