Enhancement Proposal: Support ignoreDifferences for Cluster Diffing Only (Exclude Git Diffing)

uriariel commented 1 year ago

Summary

Introduce a new customization option for ignoreDifferences that allows users to apply this setting exclusively for diffing changes in the cluster, without affecting the diffing from the Git repository.

Motivation

The current ignoreDifferences field in resource customizations causes ArgoCD to ignore specific field differences both in the cluster and in the Git repository. This is useful when certain fields are being dynamically managed in the cluster by operators or controllers, such as the Vertical Pod Autoscaler (VPA) adjusting resources or the Horizontal Pod Autoscaler (HPA) modifying replicas.

However, in a GitOps-focused approach, changes made to these fields in the Git repo should still be recognized and synced by ArgoCD. For instance, if VPA adjusts the resources of a pod or HPA changes the replicas count, using ignoreDifferences for these fields will prevent ArgoCD from detecting and syncing genuine changes made to these fields in the Git repository.

By providing an option for ignoreDifferences to target only cluster diffs, we allow users to maintain a genuine GitOps workflow, even in environments with active in-cluster controllers.

Proposal

Introduce a new field, possibly named ignoreClusterDifferences, which functions in a manner analogous to the current ignoreDifferences but is exclusive to cluster diffs.
If both ignoreDifferences and ignoreClusterDifferences are defined, the settings in ignoreClusterDifferences should take precedence for cluster diffs, while the ignoreDifferences setting continues to govern Git diffs.
Update the ArgoCD documentation to highlight the differences and use cases for both fields, supplemented by examples to aid users.

Benefits

Flexibility: Offers users the ability to apply distinct diffing strategies for in-cluster changes and Git changes, thus granting more granular control over the sync process.
True GitOps: With this proposed enhancement, ArgoCD can be configured to uphold GitOps principles faithfully, even when in-cluster resources are actively managed by controllers such as VPA or HPA.

leoluz commented 1 year ago

in a GitOps-focused approach, changes made to these fields in the Git repo should still be recognized and synced by ArgoCD

This is not related to gitops. When you decide to use HPA/VPA, it means that you want to collaborate with those external controllers to define specifics resource state. Note that you can still apply gitops practices but not in the main resource (e.g. Deployment). In this case you have to have the HPA/VPA resources in git.

For instance, if VPA adjusts the resources of a pod or HPA changes the replicas count, using ignoreDifferences for these fields will prevent ArgoCD from detecting and syncing genuine changes made to these fields in the Git repository.

This generates a conflicting scenario where Argo CD is fighting with external controllers to define a specific field state. If a given team decided to use HPA/VPA is because they want the external controller to manage those specific fields. In this case changes must be made in the HPA/VPA resources and not in the main ones (e.g. Deployment, Rollouts, etc). Implementing this proposal would cause Argo CD to keep syncing the application eternally which is something that we must avoid.

agaudreault commented 1 week ago

Closing based on answer above

argoproj / argo-cd