search

argoproj / argo-cd

Declarative Continuous Deployment for Kubernetes
https://argo-cd.readthedocs.io
Apache License 2.0
16.75k stars 5.08k forks source link

Adding a namespace to a non-namespaced resource results in duplicate resources #18669

Open sthomson-wyn opened 3 weeks ago

sthomson-wyn commented 3 weeks ago

Checklist:

Describe the bug

When creating a Cluster scoped resource (Like a ClusterRole or ClusterRoleBinding), the application tracks the resource as 2 distinct resources. Due to this, argocd app get incorrectly reports them as having a "Running" sync status

To Reproduce

Add a ClusterRole to an application that also has a namespace

Expected behavior

I think ideally ArgoCD would just ignore the namespace?

Screenshots

image image image (namespace hidden)

Since the tree output doesn't have the namespaces, only one shows up https://github.com/argoproj/argo-cd/blob/48eb7f3608b129c299f8e1a8eddbda2971c8f94e/cmd/argocd/commands/tree.go#L33 image

Version

argocd: v2.11.3+3f344d5
  BuildDate: 2024-06-06T12:31:44Z
  GitCommit: 3f344d54a4e0bbbb4313e1c19cfe1e544b162598
  GitTreeState: clean
  GoVersion: go1.22.4
  Compiler: gc
  Platform: linux/amd64
argocd-server: v2.10.2+fcf5d8c
  BuildDate: 2024-03-01T21:24:51Z
  GitCommit: fcf5d8c2381b68ab1621b90be63913b12cca2eb7
  GitTreeState: clean
  GoVersion: go1.21.3
  Compiler: gc
  Platform: linux/amd64
  Kustomize Version: v5.2.1 2023-10-19T20:13:51Z
  Helm Version: v3.14.2+gc309b6f
  Kubectl Version: v0.26.11
  Jsonnet Version: v0.20.0
T1-leiyang commented 2 weeks ago

/assign

agaudreault commented 2 weeks ago

@sthomson-wyn I am having a hard time to understand your issue with the partial screenshots. So let me try to summarize and correct me if I'm wrong! You have a manifest in your application that is a ClusterRole like the one below. When you sync this resource in an application, it is returned twice in the argocd app get command?

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: storefront
rules:
- apiGroups: [""]
  resources: ["example"]
  verbs: ["get", "watch", "list"]
thecooldrop commented 2 weeks ago

@sthomson-wyn Does the duplicate resource appear in UI as well?

sthomson-wyn commented 2 weeks ago

@agaudreault When the resource has a namespace defined

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: storefront
  namespace: some-namespace
rules:
- apiGroups: [""]
  resources: ["example"]
  verbs: ["get", "watch", "list"]

It appears twice from the argocd app get command, but not in the UI @thecooldrop