-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ServerSideApply breaks CreateNamespace #13874
Comments
Does this work when adding syncPolicy:
automated:
selfHeal: true
managedNamespaceMetadata:
labels: {}
annotations: {}
syncOptions:
- CreateNamespace=true |
We tried that already. Unfortunately it doesn't. |
In my example, the addition of apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: 'kustomize-guestbook'
spec:
project: default
source:
repoURL: 'https://github.com/morey-tech/argocd-example-apps/'
path: general/kustomize-guestbook
targetRevision: ssa-createnamespace-test
destination:
namespace: kustomize-guestbook
name: kind
syncPolicy:
automated:
selfHeal: true
syncOptions:
- CreateNamespace=true
++ managedNamespaceMetadata: {} |
@nicl-dev, can you provide the steps to reproduce the issue with |
Yea sure, I will try to reproduce it on Monday. My colleague was 100% sure he tried that solution but I'll try it again. |
@morey-tech Not an expected behaviour. If it doesn't, it might be a bug.
@morey-tech That is surprising because enabling |
@leoluz, this almost makes sense then right? Without that, the Deployment uses SSA, but the namespace isn't. So SSA complains that the namespace doesn't exist. But with |
Alright, I just tested it again and |
closing this issue since it sounds like we have reached a resolution |
@jaideepr97 the resolution reached was merely a way to mitigate this issue's bug. I assume it's not the desired behaviour for any resource using It seems like automatically including |
I can confirm that also in version v2.9.2 the problem exists. I tried to use managedNamespaceMetadata on an applicationset with ServerSideApply=true and it didn't do anything. Once I removed ServerSideApply it worked like a charm |
@evs-ops can you show the
The issue is that gitops-engine will already SSA the namespace if the [whole] application itself has |
The fix done for #16829 via PR argoproj/gitops-engine#563 seems to fix this issue as well. I used the following application to reproduce the error (in v2.10.0-rc1) and validate the fix with the modified code.
|
I ran some tests yesterday and I understand the problem:
In my opinion the better way to solve this problem is, regardless if the sync context is defined to sync with ServerSideApply, the dry-run phase should always run with client-side-apply and dry-run=client. This will address all the problems mentioned above and the implementation will be simpler. I think that this direction should be taken instead of this, this and this. Related to #16829 |
@leoluz I am not gonna say what's wrong or right in terms of implementation, but I think it is important to know that a server dry run will catch issues that would not be shown in a client dry run. For us, a client dry run is basically useless for what we're trying to test before applying a manifest. A good example of this is when using any form of policy controller that validates the manifest, for example Kyverno. While I understand that the first reasoning behind implementing it might have been the wrong direction, I think having the ability to run with |
@MattiasAng I agree with you and the feature that you described is already implemented and will be available as part of Argo CD 2.10 release. It is called ServerSide Diff and when enabled will calculate diffs using server-side apply in dryrun mode. This will take into consideration validation and mutation webhooks use-cases like what you are describing. We blogged about it here. The current dry-run phase that is currently executed on every sync will be obsolete (and possibly removed) when server-side diff is promoted as the main diff strategy. |
@leoluz Thanks for the clarification, seems like I was missing some context. |
@morey-tech Given that we just merged the PRs(argoproj/gitops-engine#564 and #16942) with the fix suggested here can you give it another try with the latest master build? |
Closing this for now as this is addressed by argoproj/gitops-engine#564 and #16942. |
Checklist:
argocd version
.Describe the bug
When
ServerSideApply
is enabled on a resource (e.g., aConfigMap
orDeployment
) and the Application is usingCreateNamespace
, the sync will fail withnamespaces "<namespace>" not found
.Based on this thread in the
#argo-cd
channel.To Reproduce
Create new application using this spec:
Expected behavior
Without
ServerSideApply
on a resource, the sync creates the namespace and the resources without issue. I would expect the same here. Here's a working example (the only difference is no SSA on the deployment):Version
Logs
The text was updated successfully, but these errors were encountered: