Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Server-side Dry-run Syncs #16131

Closed
tybook opened this issue Oct 26, 2023 · 5 comments
Closed

Support Server-side Dry-run Syncs #16131

tybook opened this issue Oct 26, 2023 · 5 comments
Labels
enhancement New feature or request

Comments

@tybook
Copy link

tybook commented Oct 26, 2023
edited
Loading

Summary

Right now on ArgoCD one can only do client-side dry-runs. Even though I see some code in gitops-engine that shows server-side dry-runs are partially supported already, this bit of code makes it so there's no way to actually trigger them: https://github.com/argoproj/gitops-engine/blob/f15cf615b8141a9f0d8e37cf92bac2d0e7a486da/pkg/sync/sync_context.go#L908-L910
A boolean dryRun comes in, with true mapping to cmdutil.DryRunClient and false mapping to cmdutil.DryRunNone; no way to set cmdutil.DryRunServer or cmdutil.DryRunAll.

(Note that doing argocd app sync --dry-run --server-side does not do a server-side dry-run like I thought it would. It in fact doesn't do a dry-run at all; it does a normal server-side apply that makes changes in the target cluster! A argocd app sync --dry-run --server-side command maps to calls of kubectl apply --dry-run=client --server-side, not calls of kubectl apply --dry-run=server.)

Motivation

I've built a system that validates template/manifest changes via ArgoCD dry-run syncs before allowing them to merge to the main branch for actual sync by ArgoCD. We want to catch as many errors as early as possible, and a server-side dry-run is far more meaningful than a client-side dry-run. I can't easily do direct calls of kubectl apply --dry-run=server on the changed manifests as a workaround, because by design this system doesn't know about every target cluster out there, only our centralized ArgoCD servers do.

Proposal

I suggest changing the argocd app sync boolean --dry-run CLI arg (and the corresponding Application resource sync option bits) to match what kubectl does with a string value: --dry-run=client, --dry-run=server, etc.
@tybook tybook added the enhancement New feature or request label Oct 26, 2023
@tybook
Copy link
Author

tybook commented Nov 29, 2023

Any thoughts on this? Is there a pitfall I'm missing, or would implementation be as simple as wiring up a new --dry-run=server CLI arg to set cmdutil.DryRunServer in gitops-engine?

@tybook
Copy link
Author

tybook commented Dec 21, 2023
edited
Loading

Also it looks like argoproj/gitops-engine#522 (#11574) added code implementing server-side dry-run applies in gitops-engine, so it should be even easier to implement this now, no?

@blakepettersson
Copy link
Member

Indeed, should be resolved with #13663

@jeremych1000
Copy link

Is there a way to use this with autosync? I have autosync enabled on all my appsets/apps and that means I can't use argocd app sync --dry-run.

@akust
Copy link

akust commented Jul 11, 2024

Is it possible to turn off ArgoCD notifications for syncs with --dry-run flag?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@crenshaw-dev @blakepettersson @tybook @jeremych1000 @akust