Konubinix' opinionated web of thoughts

Argo

Fleeting

argoCD

Argo CD polls Git repositories every three minutes to detect changes to the manifests

https://argo-cd.readthedocs.io/en/stable/operator-manual/webhook/

helm hooks in argocd

Sync Phases and Waves - Argo CD - Declarative GitOps CD for Kubernetes

diff strategies

some common pitfalls

not reporting diff in environment variable configuration

infinite loop when providing useless spec: {}

Consider the following configmap.

apiVersion: v1
kind: ConfigMap
metadata:
  name: something
spec: {}
data:
  someenv: somevalue

This will always be Out of sync. Argocd desiring to put spec: {} and k8s silently removing it because it does not make sense.

beware the sync-wave and helm hooks

To make some resources sync before others, argocd provides the sync-wave annotation. It also provides access to several phases, like PreSync and PostSync, but according to the documentation, is is mostly meant to run jobs rather than installing generic resources (although the documentation says you can).

In helm, you can provide hooks that will decide when the resource will be installed.

argo-cd knows how to deal with helm hooks, but behaves a bit strangely when it is not a job.

When you provide a pre-install hook, you may only want the resource to be installed before the other ones. In argo cd, kubectl get on the application will show that the resource will also have the property hook: true and requiresPruning: true.

Also, it will appear separately in the interface

And it will not be automatically healed if it modified.

Therefore, I would tend to make sure to use wave-sync to install priority resources, like secrets, service accounts, roles etc and leave sync-phases (and helm hooks) for transient jobs.

Notes linking here