Open keekdageek opened 1 month ago
AppKey includes the namespace https://github.com/argoproj/argo-cd/blob/9b11b21f00f006ec5bfca1ff39210e54b65bf4b5/controller/appcontroller.go#L2398
We are creating a Cluster Workflow Templates application a namespace.
Can you rephrase it, please? I'm having a hard time understanding what exactly is being done. It'd be helpful if you share some resources definitions and application manifest.
k, application set and example resource, all resources in this application would be the same cluster workflow templates which don't have a namespace.
appset
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: argo-workflows-cluster-wft
namespace: argo-system
spec:
goTemplate: true
generators:
- git:
repoURL: https://gitlab.com/devops/cicd/devops-deployment-manifests
revision: main
directories:
- path: applications/devops/argo-workflows-cluster-wft/*
- exclude: true
path: applications/devops/argo-workflows-cluster-wft/*use1
- exclude: true
path: applications/devops/argo-workflows-cluster-wft/*.disable*
syncPolicy:
preserveResourcesOnDeletion: false
template:
metadata:
name: "argo-workflows-cluster-wft-{{ .path.basenameNormalized }}"
labels:
service-name: argo-workflows-cluster-wft
deployment-type: system
spec:
project: devops-no-orphan
source:
repoURL: https://gitlab.com/devops/cicd/devops-deployment-manifests
targetRevision: main
path: "{{ .path.path }}"
destination:
name: '{{
ternary
"devops-doeks-sysopmaster-eks-cluster-v1"
(printf "%s-eks-cluster-v1" (.path.basenameNormalized))
( eq .path.basenameNormalized "sysopmaster" )
}}'
syncPolicy:
syncOptions:
- ApplyOutOfSyncOnly=true
- CreateNamespace=false
cluster WF template
apiVersion: argoproj.io/v1alpha1
kind: ClusterWorkflowTemplate
metadata:
name: utils-cluster-wft
labels:
{{- include "common.labels" . |nindent 4 }}
spec:
volumeClaimTemplates:
- metadata:
name: mnt-code
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Mi
storageClassName: gp2
volumes:
- name: secrets
csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: "secrets"
templates:
# sh-mntvol - run sh command on image assume a mount valume. Often used to list contents in a volume.
- name: sh-mntvol
inputs:
parameters:
- name: sh
- name: image
default: alpine
- name: volume
default: mnt-code
- name: mountPath
default: /mnt/code
container:
image: '{{ printf "{{inputs.parameters.image}}" }}'
command: [sh, -c]
args: ['{{ printf "{{inputs.parameters.sh}}" }}']
volumeMounts:
- name: '{{ printf "{{inputs.parameters.volume}}" }}'
persistentVolumeClaim:
claimName: '{{ printf "{{inputs.parameters.volume}}" }}'
mountPath: '{{ printf "{{inputs.parameters.mountPath}}" }}'
# echo - the input parameter surrounded but gt & lt signs ><
- name: echo
inputs:
parameters:
- name: text
script:
image: alpine
command: ['/bin/sh']
source: |
echo '>{{ printf "{{inputs.parameters.text}}" }}<'
# gitlab-code - clone a git repo, create config, commit, and mr json/yml files in <mountPath>/vars/git
- name: gitlab-code
inputs:
parameters:
- name: repo
- name: branch
default: main
- name: volume
default: mnt-code
- name: mountPath
default: /mnt/code
- name: debug
default: "false"
script:
# todo change image to gitlab-tools
image: amazonaws.com/devops/cicd/docker/jinja-tools:0.2.0
command: [ '/bin/sh' ]
source: |
set -e
repo=$(basename '{{ printf "{{inputs.parameters.repo}}" }}' .git)
git clone --depth 1 -b {{ printf "{{inputs.parameters.branch}}" }} https://${GIT_USERNAME}:${GIT_PASSWORD}@gitlab.retirementpartner.com/{{ printf "{{inputs.parameters.repo}}" }} {{ printf "{{inputs.parameters.mountPath}}" }}/$repo
git_dir='{{ printf "{{inputs.parameters.mountPath}}" }}/vars/git'
commit-dump $git_dir -g -a -r "{{ printf "{{inputs.parameters.mountPath}}" }}/$repo"
if [[ '{{ printf "{{inputs.parameters.debug}}" }}' == "true" ]]; then
cat $git_dir/*
fi
env:
- name: GIT_USERNAME
valueFrom:
secretKeyRef:
name: gitlab-creds
key: gitlab_username
- name: GIT_PASSWORD
valueFrom:
secretKeyRef:
name: gitlab-creds
key: gitlab_password
volumeMounts:
- name: '{{ printf "{{inputs.parameters.volume}}" }}'
mountPath: '{{ printf "{{inputs.parameters.mountPath}}" }}'
- name: 'secrets-gitlab'
mountPath: '/mnt/secrets-gitlab'
Describe the bug
We are creating a Cluster Workflow Templates application a namespace. The application project includes the
orphanedResources.warn = true
which then leads to ArgoCD reporting pretty much every resource in the cluster orphaned and starts to slow down the performance.I'm aware of the workaround to just remove the orphanedResources from the project which is what we are doing.
It appears to be related to how
belongToAnotherApp
is calculated, in particular how theappKey := ctrl.toAppKey(appName)
is calculated for this type of appproject without a namespacehttps://github.com/argoproj/argo-cd/blob/9b11b21f00f006ec5bfca1ff39210e54b65bf4b5/controller/appcontroller.go#L600-L604
To Reproduce
Setup apprproject like defined above with a Cluster no namespace resource
Expected behavior
Don't show orphanedInstances seamlessly without the performance hit or check for this case and inform the user that it doesn't work with this type of application.
Version