Resolving Namespace Overriding in Argo CD with Kustomize

September 27, 2024 September 27, 2024
by Alexander

In Argo CD, if you have an application that targets a specific namespace (e.g., "namespace-to-go") but want a specific resource (such as Cert-Manager Certificate) to be installed in a different namespace (e.g., "istio-system"), you might face some issues.

First, you will need configure Kustomize ignore this resource while transforming a namespace. A simple Kustomize configuration option namespace, will override namespace for every resource in your application, to make a exception you can define a custom NamespaceTransformer

Here's how you can approach it:

For the resource that needs to be installed in the "istio-system" namespace, specify the namespace in its manifest explicitly, like this:

apiVersion: v1
kind: Certificate # or any other resource
metadata:
  name: your-resource-name
  namespace: istio-system

Create the namespace-transformer.yaml:

This file defines how the namespace is applied and which resources to exclude. You’ll use NamespaceTransformer to configure this.

apiVersion: builtin
kind: NamespaceTransformer
metadata:
  name: notImportantHere
  namespace: namespace-to-go
unsetOnly: true

This will add a namespace only when namespace is not defined for the resource

Include the NamespaceTransformer in your kustomization.yaml to exclude certain resource kinds or specific resources from having the namespace applied.

resources:
  - ../../base
#namespace: namespace-to-go


transformers:
  - namespace-transformer.yaml

Remember commenting namespace configuration option

Verify your manifest:

kustomize build <your folder>

Second issue you might face is that, Argo CD Kustomize configuration differs from one on your local machine, resulting the approach above not working. To solve this issue You can try adding the --load_restrictor LoadRestrictionsNone build option to ensure Argo CD handles the Kustomize overlay and namespace transformer correctly.

Here’s an example of how to configure it in the argocd-cm ConfigMap:

kustomize.buildOptions: '--load-restrictor LoadRestrictionsNone'

This should help resolve the issue of Argo CD not applying the unsetOnly: true behavior for namespace transformers.

🚀 Turbocharge Your Infrastructure with Our Terraform Template Kits! 🚀

🌟 Slash deployment time and costs! Discover the ultimate solution for efficient, cost-effective cloud infrastructure. Perfect for DevOps enthusiasts looking for a reliable, scalable setup. Click here to revolutionize your workflow!

Learn More about Starter Terraform Kits for AKS,EKS and GKE

Alexander Lvovich

Solution Architect and Software Developer.

Resolving Namespace Overriding in Argo CD with Kustomize

No comments are allowed for this post