Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Post-Delete Hook support mutate Application object #17433

Open
llavaud opened this issue Mar 7, 2024 · 21 comments
Open

Post-Delete Hook support mutate Application object #17433

llavaud opened this issue Mar 7, 2024 · 21 comments
Labels
bug Something isn't working component:application-controller component:helm component:hooks version:2.13 Latest confirmed affected version is 2.13

Comments

@llavaud
Copy link
Contributor

llavaud commented Mar 7, 2024

Describe the bug

The recent Post-Delete hook support PR, mutate the Application object when refreshing by adding two finalizers if a resource have a "helm.sh/hook": post-delete annotation.
In an apps of apps context it causes unnecesssary reconciliations due to object updated:

{"api-version":"argoproj.io/v1alpha1","application":"myRootApp","cluster-name":"myCluster","fields.level":0,"kind":"Application","level":"debug","msg":"Requesting app refresh caused by object update","name":"myApp","namespace":"argo-cd","server":"myServer","time":"2024-03-07T08:14:40Z"}

To Reproduce

Create an Application that deploy another Application, in the nested Application deploy a resource that have a "helm.sh/hook": post-delete annotation. Wait for the 3m default refresh interval and search for the Requesting app refresh caused by object update debug log line.

Expected behavior

Do not mutate the Application object or at least maybe automaticaly ignore thoses finalizers like it is currently done for the metadata fields generation and resourceVersion

Version

argocd: v2.10.2+fcf5d8c
  BuildDate: 2024-03-01T21:24:51Z
  GitCommit: fcf5d8c2381b68ab1621b90be63913b12cca2eb7
  GitTreeState: clean
  GoVersion: go1.21.3
  Compiler: gc
  Platform: linux/amd64
@llavaud llavaud added the bug Something isn't working label Mar 7, 2024
@llavaud
Copy link
Contributor Author

llavaud commented Mar 7, 2024

A possible workaround:

resource.customizations.ignoreDifferences.argoproj.io_Application: |
  jqPathExpressions:
    - .metadata.finalizers[]? | select(. == "post-delete-finalizer.argocd.argoproj.io" or . == "post-delete-finalizer.argocd.argoproj.io/cleanup")
    - if (.metadata.finalizers | length) == 0 then .metadata.finalizers else empty end

@llavaud
Copy link
Contributor Author

llavaud commented Mar 7, 2024

@alexmt Hello, can I have your opinion on this please ? do you consider it as a bug or normal behavior ?

@msvechla
Copy link
Contributor

we are experiencing the same issue. The workaround above works, but it looks like this should be handled on argocd side

@didlawowo
Copy link

A possible workaround:

resource.customizations.ignoreDifferences.argoproj.io_Application: |
  jqPathExpressions:
    - .metadata.finalizers[]? | select(. == "post-delete-finalizer.argocd.argoproj.io" or . == "post-delete-finalizer.argocd.argoproj.io/cleanup")
    - if (.metadata.finalizers | length) == 0 then .metadata.finalizers else empty end

how can i make that in config map ?

@llavaud
Copy link
Contributor Author

llavaud commented Sep 5, 2024

A possible workaround:

resource.customizations.ignoreDifferences.argoproj.io_Application: |
  jqPathExpressions:
    - .metadata.finalizers[]? | select(. == "post-delete-finalizer.argocd.argoproj.io" or . == "post-delete-finalizer.argocd.argoproj.io/cleanup")
    - if (.metadata.finalizers | length) == 0 then .metadata.finalizers else empty end

how can i make that in config map ?

not sure to understand your question, the example is what you must add to the argocd-cm ConfigMap

@nbarrientos
Copy link

@andrii-korotkov-verkada
Copy link
Contributor

@nbarrientos, which ArgoCD version are you using when reproducing?

@andrii-korotkov-verkada andrii-korotkov-verkada added the more-information-needed Further information is requested label Nov 11, 2024
@nbarrientos
Copy link

@andrii-korotkov-verkada Hi! v2.12.6+4dab5bd

@andrii-korotkov-verkada andrii-korotkov-verkada added version:2.12 Latest confirmed affected version is 2.12 and removed more-information-needed Further information is requested labels Nov 11, 2024
@cmontemuino
Copy link
Contributor

We're also experiencing the same as @nbarrientos, NVIDIA GPU Operator including NFD.

Argo CD v2.12.3+6b9cd82

@Farfaday
Copy link

Experiencing the same with the current latest kyverno helm chart :)
Using argo-cd v2.12.3+6b9cd82

@diranged
Copy link

Experiencing the same with the current latest kyverno helm chart :) Using argo-cd v2.12.3+6b9cd82

Agreed - we just ran into this with the latest Kyverno chart as well due to kyverno/kyverno#11504.

@andrii-korotkov-verkada
Copy link
Contributor

Why are extra refreshes an issue? They are normal to happen a lot, e.g. when some pods are updated and watches identify there's an update. If they are slow, try 2.13.1, there's been some major perf improvements for when it comes to reconciliation.

@andrii-korotkov-verkada andrii-korotkov-verkada added the more-information-needed Further information is requested label Nov 22, 2024
@diranged
Copy link

@andrii-korotkov-verkada No the issue we have is that our app-of-apps applications show up with a diff:

image

@andrii-korotkov-verkada
Copy link
Contributor

Which diffing strategy are you using? Is it default or server side diff?

@andrii-korotkov-verkada
Copy link
Contributor

Server side diff can be enabled on the controller level as well as application level and has some logic to remove webhook mutations when diffing. If you use server side diff and don't explicitly add webhook mutations and see this, let me know, as it could be a bug in that logic.

@diranged
Copy link

Which diffing strategy are you using? Is it default or server side diff?

Hmm. We have not made any changes - so whatever the default is in the latest ArgoCD.

@andrii-korotkov-verkada
Copy link
Contributor

Then you are using legacy, at least I don't think we've switched to server side diff by default.
Try that out https://argo-cd.readthedocs.io/en/stable/user-guide/diff-strategies/#enabling-it.

@diranged
Copy link

For now - the ignoredifferences fix works for us.. Going into the holidays, I'm hesitant to change the apply method (we have thousands of applications across dozens of argocd installations... it would be risky!). Either way, just reporting here that this is definitely a bug that should be fixed (regardless of the apply-policy).

@cmontemuino
Copy link
Contributor

btw, I think this comment is relevant, especially for Kyverno users: kyverno/kyverno#9451 (comment)

@ChanduReddy123
Copy link

We are using kyverno (helm chart version: 3.3.4) and our argocd is v2.13.2

we are still getting the same error even after adding the annotation
image
image

this is when we are doing apps of apps

@andrii-korotkov-verkada andrii-korotkov-verkada removed the more-information-needed Further information is requested label Dec 20, 2024
@andrii-korotkov-verkada andrii-korotkov-verkada added version:2.13 Latest confirmed affected version is 2.13 and removed version:2.12 Latest confirmed affected version is 2.12 labels Dec 20, 2024
@pandvan
Copy link

pandvan commented Dec 27, 2024

We're facing the same issue with teleport-kube-agent Helm chart
ArgoCD version is v2.12.6+4dab5bd
No server-side diff enabled on controller nor app-of-apps Applcation

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working component:application-controller component:helm component:hooks version:2.13 Latest confirmed affected version is 2.13
Projects
None yet
Development

No branches or pull requests