Skip to main content
Kubernetes Made Easy! Instantly spin up best-practice clusters with GetInfra templates. Browse Now

Resolving Namespace Overriding in Argo CD with Kustomize

Kubernetes

In Argo CD, if you have an application that targets a specific namespace (e.g., "namespace-to-go") but want a specific resource (such as Cert-Manager Certificate) to be installed in a different namespace (e.g., "istio-system"), you might face some issues.

First, you will need configure Kustomize ignore this resource while transforming a namespace. A simple Kustomize configuration option namespace, will override namespace for every resource in your application, to make a exception you can define a custom NamespaceTransformer

Here's how you can approach it:

  • For the resource that needs to be installed in the "istio-system" namespace, specify the namespace in its manifest explicitly, like this:
apiVersion: v1
kind: Certificate # or any other resource
metadata:
  name: your-resource-name
  namespace: istio-system
  • Create the namespace-transformer.yaml:

This file defines how the namespace is applied and which resources to exclude. You’ll use NamespaceTransformer to configure this.

apiVersion: builtin
kind: NamespaceTransformer
metadata:
  name: notImportantHere
  namespace: namespace-to-go
unsetOnly: true

This will add a namespace only when namespace is not defined for the resource

  • Include the NamespaceTransformer in your kustomization.yaml to exclude certain resource kinds or specific resources from having the namespace applied.
resources:
  - ../../base
#namespace: namespace-to-go


transformers:
  - namespace-transformer.yaml

Remember commenting namespace configuration option

  • Verify your manifest:
kustomize build <your folder>

Second issue you might face is that, Argo CD Kustomize configuration differs from one on your local machine, resulting the approach above not working. To solve this issue You can try adding the --load_restrictor LoadRestrictionsNone build option to ensure Argo CD handles the Kustomize overlay and namespace transformer correctly.

Here’s an example of how to configure it in the argocd-cm ConfigMap:

kustomize.buildOptions: '--load-restrictor LoadRestrictionsNone'

This should help resolve the issue of Argo CD not applying the unsetOnly: true behavior for namespace transformers.

Share this article

Facebook Twitter LinkedIn

About the Author

Alexander Lvovich

Alexander Lvovich

Solution Architect & Software Developer | Automating & Scaling Infrastructure

💡 Working with Kubernetes, Istio, and DevOps. Got questions? Feel free to reach out!

About me

No comments are allowed for this post