Skip to main content
Struggling to hire strong frontend developers? Analyze real GitHub code with AI — not take-home tests. Learn More

Resolving Namespace Overriding in Argo CD with Kustomize

Kubernetes

In Argo CD, if you have an application that targets a specific namespace (e.g., "namespace-to-go") but want a specific resource (such as Cert-Manager Certificate) to be installed in a different namespace (e.g., "istio-system"), you might face some issues.

First, you will need configure Kustomize ignore this resource while transforming a namespace. A simple Kustomize configuration option namespace, will override namespace for every resource in your application, to make a exception you can define a custom NamespaceTransformer

Here's how you can approach it:

  • For the resource that needs to be installed in the "istio-system" namespace, specify the namespace in its manifest explicitly, like this:
apiVersion: v1
kind: Certificate # or any other resource
metadata:
  name: your-resource-name
  namespace: istio-system
  • Create the namespace-transformer.yaml:

This file defines how the namespace is applied and which resources to exclude. You’ll use NamespaceTransformer to configure this.

apiVersion: builtin
kind: NamespaceTransformer
metadata:
  name: notImportantHere
  namespace: namespace-to-go
unsetOnly: true

This will add a namespace only when namespace is not defined for the resource

  • Include the NamespaceTransformer in your kustomization.yaml to exclude certain resource kinds or specific resources from having the namespace applied.
resources:
  - ../../base
#namespace: namespace-to-go


transformers:
  - namespace-transformer.yaml

Remember commenting namespace configuration option

  • Verify your manifest:
kustomize build <your folder>

Second issue you might face is that, Argo CD Kustomize configuration differs from one on your local machine, resulting the approach above not working. To solve this issue You can try adding the --load_restrictor LoadRestrictionsNone build option to ensure Argo CD handles the Kustomize overlay and namespace transformer correctly.

Here’s an example of how to configure it in the argocd-cm ConfigMap:

kustomize.buildOptions: '--load-restrictor LoadRestrictionsNone'

This should help resolve the issue of Argo CD not applying the unsetOnly: true behavior for namespace transformers.

Share this article

Facebook X LinkedIn

About the Author

Alexander Lvovich

Alexander Lvovich

Solution Architect | Cloud-Native Platforms, DevOps & Service Mesh

💡 Kubernetes architecture, Istio service mesh, CI/CD, and cloud-native DevOps — from strategy to hands-on implementation. Reach out if you need expert support.

Services

No comments are allowed for this post