Orphan managed resources when deleting GitOpsClaim #7
Comments
|
If I remember correctly, when I created that composition Argo CD did not yet have the option to change the tracking method. You should be able to fix it by adding Here's an example of Argo CD Helm values file I used recently: https://github.com/vfarcic/idp-demo/blob/main/argocd/helm-values.yaml#L6 |
|
Hi @vfarcic Here you can see my crossplane XR https://github.com/irizzante/port-demo/blob/455fe2472ebdf288f1f09ec74ff624d0662bedb8/crossplane/working/gitops.yaml And here the Argo configuration I use https://github.com/irizzante/port-demo/blob/455fe2472ebdf288f1f09ec74ff624d0662bedb8/argocd/values/argocd.yaml#L52 When I delete the GitOps claim I see this orphan object left And the status says that it cannot be deleted because the corresponding AppProject https://github.com/irizzante/port-demo/blob/455fe2472ebdf288f1f09ec74ff624d0662bedb8/crossplane/working/gitops.yaml#L197 doesn't exist anymore. It looks like crossplane first deleted the AppProject leaving the Application orphaned. |
|
I misunderstood your question. Sorry for that... There is an issue in Crossplane with orphaned resources. Since there is no order (yet), when a resource where another resource should be running is deleted, Crossplane fails (rightfully) to delete the other. That should be solved soon in one of the upcoming releases. Until then, you might have to delete |
|
Hi @vfarcic Removing the finalizers automatically is possible but it's tricky. In one of "you choose" videos (which I love by the way) you suggested ArgoCD can also be set in the management cluster to deploy ArgoCD in other clusters created by crossplane instead of having one independent ArgoCD instance in each cluster. Any other suggestions? |
|
Argo CD can be set up centrally. However, there is a small issue with that. When you create a Kubernetes cluster from the management cluster, a secret is generate (in the management cluster). The issue is that the secret contains kubeconfig and Argo CD expects a different format (unlike Flux which does understand kubeconfig). So, some type of a transformation is needed from that secret to the one Argo CD understands. One option could be Kyverno which has Mutating Admission Controllers that can do just that. |
I found a workaround for this using ESO (external secret), see here https://github.com/irizzante/port-demo/blob/dd6ed3778d5494df272b11791489cf7de76f66fb/eso/kubernetes-provider.yaml This provider configuration allows you to replicate a secret in the same cluster ESO is running using templates |
|
I'm not sure that's it. The secret needs to be transformed from having |
|
I didn't report all the needed resources, sorry for that. You can find the ESO SecretStore configuration here The actual ExternalSecret object is here. I believe this is a better approach than installing and managing multiple ArgoCD instances in crossplane created clusters, at least when it comes to clusters leaving in the same region or vclusters |
|
Yeah. That's really good. |
Hi @vfarcic ,
how do you manage Crossplane managed resources deletion dependencies?
In my setup I have a cluster created with vcluster and I install a XR called GitOps which does exactly the same as your GitOpsClaim (install ArgoCD, install some projects, some applications...)
As far as I can see when you delete the GitOps XR Crossplane leaves orphaned object resources for ArgoCD Application objects like this.
Is there a way to get rid of them?
The text was updated successfully, but these errors were encountered: