Argo-cd: Ignoring Dynamic Volume Claims

Created on 29 Dec 2019  路  9Comments  路  Source: argoproj/argo-cd

Checklist:

  • [X] I've searched in the docs and FAQ for my answer: http://bit.ly/argocd-faq.
  • [X] I've included steps to reproduce the bug.
  • [X] I've pasted the output of argocd version.

Describe the bug

Argo-cd should support ignoring dynamically provisioned volume claims using the ignoreDifferences syntax.

To Reproduce

Given the following project definition:

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: mariadb-galera
  namespace: argocd
spec:
  project: default
  source:
    repoURL: https://charts.bitnami.com/bitnami
    chart: mariadb-galera
    targetRevision: 0.5.6
    helm:
      valueFiles:
        - values-production.yaml
      values: |
        rootUser:
          password: password
        db:
          database: dummy
          user: dummy
          password: password
        galera:
          mariabackup:
            password: password

        persistence:
          enabled: true
          subPath: mariadb-galera
          storageClass: csi-cephfs (any dynamic pv)
          accessModes:
            - ReadWriteMany
          size: 100Gi

  destination:
    server: https://kubernetes.default.svc
    namespace: default

Multiple volume claims are created by Kubernetes.

e.g. data-mariadb-galera-0, data-mariadb-galera-1, data-mariadb-galera-2

This leads to an expected out-of-sync state within argo-cd. Attempting to ignore these dynamic claims, like so, fails:

  ignoreDifferences:
    - group: ''
      kind: PersistentVolumeClaim
      jsonPointers:
      - "/"
      - ""
      - "."
      - "/spec"
      - "/status"
      - "/metadata"
    - kind: PersistentVolumeClaim
      jsonPointers:
      - "/"
      - ""
      - "."
      - "/spec"
      - "/status"
      - "/metadata"

(just trying everything I can think of).

Expected behavior

I would expect that ignoring the json root (either with / or <zero-length string>) would ignore the entire resource.

Version

argocd: v1.3.6+89be1c9
  BuildDate: 2019-12-10T22:46:45Z
  GitCommit: 89be1c9ce6db0f727c81277c1cfdfb1e385bf248
  GitTreeState: clean
  GoVersion: go1.12.6
  Compiler: gc
  Platform: linux/amd64
argocd-server: v1.3.6+89be1c9
  BuildDate: 2019-12-10T22:47:48Z
  GitCommit: 89be1c9ce6db0f727c81277c1cfdfb1e385bf248
  GitTreeState: clean
  GoVersion: go1.12.6
  Compiler: gc
  Platform: linux/amd64
  Ksonnet Version: v0.13.1
  Kustomize Version: Version: {Version:kustomize/v3.2.1 GitCommit:d89b448c745937f0cf1936162f26a5aac688f840 BuildDate:2019-09-27T00:10:52Z GoOs:linux GoArch:amd64}
  Helm Version: v2.15.2
  Kubectl Version: v1.14.0
bug core
Source
picture Silvenga
👍5

Most helpful comment

The ignoreDifferences does not allow ignoring the whole object. Only fields within the object might be ignored.

Some Kubernetes resources managed by other resources don't have owner reference. Argo CD infer owner reference for well known Kubernetes resources e.g. Endpoint -> Service, ServiceAccount ->
token Secret . I think we should do the same for PersistentVolumeClaim -> VolumeClaim -> Volume. In this case argo cd won't mark VolumeClaim as managed resources and should not make application as out of sync.

picture alexmt on 29 Dec 2019
👍7

All 9 comments

This might be better filed under a feature request, but I'm unsure of the expected behavior, if any.

Silvenga picture Silvenga on 29 Dec 2019

The ignoreDifferences does not allow ignoring the whole object. Only fields within the object might be ignored.

Some Kubernetes resources managed by other resources don't have owner reference. Argo CD infer owner reference for well known Kubernetes resources e.g. Endpoint -> Service, ServiceAccount ->
token Secret . I think we should do the same for PersistentVolumeClaim -> VolumeClaim -> Volume. In this case argo cd won't mark VolumeClaim as managed resources and should not make application as out of sync.

alexmt picture alexmt on 29 Dec 2019
👍7

Some Kubernetes resources managed by other resources don't have owner reference. Argo CD infer owner reference for well known Kubernetes resources e.g. Endpoint -> Service, ServiceAccount ->
token Secret . I think we should do the same for PersistentVolumeClaim -> VolumeClaim -> Volume. In this case argo cd won't mark VolumeClaim as managed resources and should not make application as out of sync.

Please add StatefulSets to the custom inference, because volumeClaimTemplates key also not setting the ownerReferences by design on the created persisitentVolumeClaim (to avoid removal of data on recreation of statefulset I think)

zsedem picture zsedem on 3 Apr 2020
👍2

Currently experiencing this, statefulsets that use volumeClaimTemplates have PVC resources that show up as out of sync.

process0 picture process0 on 2 Jun 2020
👍2

@alexmt Any update on this ?

xianlubird picture xianlubird on 9 Jul 2020

@alexmt any updates on this ?

opensourceonly picture opensourceonly on 15 Jul 2020

Is there a way to dynamically manage owner references, such that users that add things like CRDs can update that dependency list and ignore list on their own?

ghostsquad picture ghostsquad on 15 Jul 2020

@jannfis any updates on this please ?

opensourceonly picture opensourceonly on 24 Jul 2020

Thanks for fixing this one! When will argo-cd 1.7 be released?

morhook picture morhook on 4 Aug 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

cchanley2003 picture cchanley2003  路  25Comments
rosscdh picture rosscdh  路  20Comments
tomjohnburton picture tomjohnburton  路  26Comments
raffaelespazzoli picture raffaelespazzoli  路  21Comments
storm1kk picture storm1kk  路  20Comments