Resolving Namespace Overriding in Argo CD with Kustomize
In Argo CD, if you have an application that targets a specific namespace (e.g., "namespace-to-go") but want a specific resource (such as Cert-Manager Certificate) to be installed in a different namespace (e.g., "istio-system"), you might face some issues.
First, you will need configure Kustomize ignore this resource while transforming a namespace. A simple Kustomize configuration option namespace, will override namespace for every resource in your application, to make a exception you can define a custom NamespaceTransformer
Here's how you can approach it:
- For the resource that needs to be installed in the "istio-system" namespace, specify the namespace in its manifest explicitly, like this:
apiVersion: v1
kind: Certificate # or any other resource
metadata:
name: your-resource-name
namespace: istio-system
- Create the
namespace-transformer.yaml:
This file defines how the namespace is applied and which resources to exclude. You’ll use NamespaceTransformer to configure this.
apiVersion: builtin
kind: NamespaceTransformer
metadata:
name: notImportantHere
namespace: namespace-to-go
unsetOnly: true
This will add a namespace only when namespace is not defined for the resource
- Include the
NamespaceTransformerin yourkustomization.yamlto exclude certain resource kinds or specific resources from having the namespace applied.
resources:
- ../../base
#namespace: namespace-to-go
transformers:
- namespace-transformer.yaml
Remember commenting namespace configuration option
- Verify your manifest:
kustomize build <your folder>
Second issue you might face is that, Argo CD Kustomize configuration differs from one on your local machine, resulting the approach above not working. To solve this issue You can try adding the --load_restrictor LoadRestrictionsNone build option to ensure Argo CD handles the Kustomize overlay and namespace transformer correctly.
Here’s an example of how to configure it in the argocd-cm ConfigMap:
kustomize.buildOptions: '--load-restrictor LoadRestrictionsNone'
This should help resolve the issue of Argo CD not applying the unsetOnly: true behavior for namespace transformers.
🚀 Turbocharge Your Kubernetes Cluster with my Terraform Kits! 🚀
🌟 Slash deployment time and costs! Discover the ultimate solution for efficient, cost-effective Kubernetes Terraform Kits. Perfect for DevOps enthusiasts looking for a reliable, scalable setup.
Learn More about Terraform Kits for AKS,EKS and GKE
Solution Architect & Software Developer | Automating & Scaling Infrastructure
💡 Working with Kubernetes, Istio, and DevOps. Got questions? Feel free to reach out!
No comments are allowed for this post