No difference in appproject detected

[philipp1992]

Hi,

i am syncing an appproject with ArgoCD from a normal Git repoistory along with other resources. When i make manual changes to the appproject live manifest from the argo UI or through kubernetes, agrocd wont detect any changes to the live manifest and will therefore not overwrite the changes / sync.

Selfheal is activated. Changes on other resources are correctly detected and synced.

To Reproduce

Sync an appproject, make changes to it, see the live manifest differs from the desired manifest but argocd does nothing.

Expected behavior

Reverting the changes made to the live manifest back to the version in git.

Screenshots

live manifest:

desired manifest:

Application does not show out-of-sync or changes detected:

Version

v2.1.7+a408e29

[alexmt]

Argo CD uses the same logic as kubectl diff to detect differences. The resources change is reported as a diff if the same field is specified in Git (or was specified). If you added a new field then it won't be detected as a diff.

So most likely current behavior is expected. To be sure can you specify which field did you modify in the project?

[philipp1992]

Argo CD uses the same logic as kubectl diff to detect differences. The resources change is reported as a diff if the same field is specified in Git (or was specified). If you added a new field then it won't be detected as a diff.

So most likely current behavior is expected. To be sure can you specify which field did you modify in the project?

ive added the "spec.role" section. Kubectl apply does apply a difference. Why would kubectl diff not show a difference when theres a difference in the spec?

[alexmt]

If you added role using kubectl edit then both argocd and kubectl diff won't report it as a difference. Both tools assume that change was performed by a controller. Quick summary is here: https://argo-cd.readthedocs.io/en/stable/user-guide/best_practices/#leaving-room-for-imperativeness

More detailed description is in k8s documentation: https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/

[roy-work]

I am hitting this exact same bug.

I'm clearly too stupid for all of this, or my blood:caffeine level is far too low.

Argo CD uses the same logic as kubectl diff to detect differences.

Well, you're right that kubectl diff also fails to detect the difference between the desired manifest and the actual manifest.

But it doesn't really help me understand the problem.

If you added role using kubectl edit then both argocd and kubectl diff won't report it as a difference.

Both tools assume that change was performed by a controller.

… why, though? And is it somehow figuring all this out from kubectl.kubernetes.io/last-applied-configuration? But how do these tool use that annotation to make these judgements? (What is the route from "the value of kubectl.kubernetes.io/last-applied-configuration" to "I am going to ignore a change to $attr"…?)

All of this seems like exactly opposite of what I want Argo to do? If I make a by-hand change to a resource, it persists indefinitely seems nuts to me, and the exact opposite of IaC.

(Like right now it is boggling my mind that I have applied the exact same resource to two k8s clusters. Argo, in both of these clusters, thinks desired == live. kubectl thinks desired == live. But good 'ole diff tells me the truth: the live manifests are not the same. What is the value of IaC, if this is the outcome?)