Sync Options

Argo CD allows users to customize some aspects of how it syncs the desired state in the target cluster. Some Sync Options can defined as annotations in a specific resource. Most of the Sync Options are configured in the Application resource spec.syncPolicy.syncOptions attribute. Multiple Sync Options which are configured with the argocd.argoproj.io/sync-options annotation can be concatenated with a , in the annotation value; white spaces will be trimmed.

Below you can find details about each available Sync Option:

No Prune Resources

v1.1

You may wish to prevent an object from being pruned:

  1. metadata:
  2.   annotations:
  3.     argocd.argoproj.io/sync-options: Prune=false

In the UI, the pod will simply appear as out-of-sync:

sync option no prune

The sync-status panel shows that pruning was skipped, and why:

sync option no prune

The app will be out of sync if ArgoCD expects a resource to be pruned. You may wish to use this along with compare options.

Disable Kubectl Validation

v1.2

For a certain class of objects, it is necessary to kubectl apply them using the --validate=false flag. Examples of this are kubernetes types which uses RawExtension, such as ServiceCatalog. You can do using this annotations:

  1. metadata:
  2.   annotations:
  3.     argocd.argoproj.io/sync-options: Validate=false

If you want to exclude a whole class of objects globally, consider setting resource.customizations in system level configuration.

Skip Dry Run for new custom resources types

v1.6

When syncing a custom resource which is not yet known to the cluster, there are generally two options:

1) The CRD manifest is part of the same sync. Then ArgoCD will automatically skip the dry run, the CRD will be applied and the resource can be created. 2) In some cases the CRD is not part of the sync, but it could be created in another way, e.g. by a controller in the cluster. An example is gatekeeper, which creates CRDs in response to user defined ConstraintTemplates. ArgoCD cannot find the CRD in the sync and will fail with the error the server could not find the requested resource.

To skip the dry run for missing resource types, use the following annotation:

  1. metadata:
  2.   annotations:
  3.     argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true

The dry run will still be executed if the CRD is already present in the cluster.

Selective Sync

Currently when syncing using auto sync Argo CD applies every object in the application. For applications containing thousands of objects this takes quite a long time and puts undue pressure on the api server. Turning on selective sync option which will sync only out-of-sync resources.

You can add this option by following ways

1) Add ApplyOutOfSyncOnly=true in manifest

Example:

  1. apiVersion: argoproj.io/v1alpha1
  2. kind: Application
  3. spec:
  4.   syncPolicy:
  5.     syncOptions:
  6.     - ApplyOutOfSyncOnly=true

2) Set sync option via argocd cli

Example:

  1. $ argocd app set guestbook --sync-option ApplyOutOfSyncOnly=true

Resources Prune Deletion Propagation Policy

By default, extraneous resources get pruned using foreground deletion policy. The propagation policy can be controlled using PrunePropagationPolicy sync option. Supported policies are background, foreground and orphan. More information about those policies could be found here.

  1. apiVersion: argoproj.io/v1alpha1
  2. kind: Application
  3. spec:
  4.   syncPolicy:
  5.     syncOptions:
  6.     - PrunePropagationPolicy=foreground

Prune Last

This feature is to allow the ability for resource pruning to happen as a final, implicit wave of a sync operation, after the other resources have been deployed and become healthy, and after all other waves completed successfully.

  1. apiVersion: argoproj.io/v1alpha1
  2. kind: Application
  3. spec:
  4.   syncPolicy:
  5.     syncOptions:
  6.     - PruneLast=true

This can also be configured at individual resource level.

  1. metadata:
  2.   annotations:
  3.     argocd.argoproj.io/sync-options: PruneLast=true

Replace Resource Instead Of Applying Changes

By default, ArgoCD executes kubectl apply operation to apply the configuration stored in Git. In some cases kubectl apply is not suitable. For example, resource spec might be too big and won’t fit into kubectl.kubernetes.io/last-applied-configuration annotation that is added by kubectl apply. In such cases you might use Replace=true sync option:

  1. apiVersion: argoproj.io/v1alpha1
  2. kind: Application
  3. spec:
  4.   syncPolicy:
  5.     syncOptions:
  6.     - Replace=true

If the Replace=true sync option is set the ArgoCD will use kubectl replace or kubectl create command to apply changes.

Warning

During the sync process, the resources will be synchronized using the ‘kubectl replace/create’ command. This sync option has the potential to be destructive and might lead to resources having to be recreated, which could cause an outage for your application.

This can also be configured at individual resource level.

  1. metadata:
  2.   annotations:
  3.     argocd.argoproj.io/sync-options: Replace=true

Fail the sync if a shared resource is found

By default, ArgoCD will apply all manifests found in the git path configured in the Application regardless if the resources defined in the yamls are already applied by another Application. If the FailOnSharedResource sync option is set, ArgoCD will fail the sync whenever it finds a resource in the current Application that is already applied in the cluster by another Application.

  1. apiVersion: argoproj.io/v1alpha1
  2. kind: Application
  3. spec:
  4.   syncPolicy:
  5.     syncOptions:
  6.     - FailOnSharedResource=true

Respect ignore difference configs

This sync option is used to enable Argo CD to consider the configurations made in the spec.ignoreDifferences attribute also during the sync stage. By default, Argo CD uses the ignoreDifferences config just for computing the diff between the live and desired state which defines if the application is synced or not. However during the sync stage, the desired state is applied as-is. The patch is calculated using a 3-way-merge between the live state the desired state and the last-applied-configuration annotation. This sometimes leads to an undesired results. This behavior can be changed by setting the RespectIgnoreDifferences=true sync option like in the example below:

  1. apiVersion: argoproj.io/v1alpha1
  2. kind: Application
  3. spec:
  5.   ignoreDifferences:
  6.   - group: "apps"
  7.     kind: "Deployment"
  8.     jsonPointers:
  9.     - /spec/replicas
  11.   syncPolicy:
  12.     syncOptions:
  13.     - RespectIgnoreDifferences=true

The example above shows how an ArgoCD Application can be configured so it will ignore the spec.replicas field from the desired state (git) during the sync stage. This is achieve by calculating and pre-patching the desired state before applying it in the cluster. Note that the RespectIgnoreDifferences sync option is only effective when the resource is already created in the cluster. If the Application is being created and no live state exists, the desired state is applied as-is.

Create Namespace

  1. apiVersion: argoproj.io/v1alpha1
  2. kind: Application
  3. metadata:
  4.   namespace: argocd
  5. spec:
  6.   destination:
  7.     server: https://kubernetes.default.svc
  8.     namespace: some-namespace
  9.   syncPolicy:
  10.     syncOptions:
  11.     - CreateNamespace=true

The example above shows how an Argo CD Application can be configured so it will create the namespace specified in spec.destination.namespace if it doesn’t exist already. Without this either declared in the Application manifest or passed in the CLI via --sync-option CreateNamespace=true, the Application will fail to sync if the namespace doesn’t exist.

Note that the namespace to be created must be informed in the spec.destination.namespace field of the Application resource. The metadata.namespace field in the Application’s child manifests must match this value, or can be omitted, so resources are created in the proper destination.