Details
-
Story
-
Resolution: Done
-
Undefined
-
None
-
5
-
False
-
None
-
False
-
GITOPS Sprint 218, GITOPS Sprint 219
Description
Currently the operator remvoes argocd.argoproj.io/managed-by labels from all namespaces once the ArgoCD instance is removed. This is unfortunate, since that label cannot be added by regular users (since by default it require special privileges) AND thus prohibits re-deploying a new ArgoCD instance, that can manage the namespaces in question again. Since it is not a label owned by the operator, it is questionable, whether the operator should remove it at all.
Example:
User gets a set of namespaces to deploy their app into different namespaces (per-env) and a namespace to manage deployments in these namespaces through ArgoCD. For that an external provisioning process sets up the following:
Name: myapp
Namespaces:
- myapp-dev
- myapp-test
- myapp-prod
- myapp-gitops
The 3 namespaces representing the different environments, all get the label: `argocd.argoproj.io/managed-by: myapp-gitops`. Since labeling projects is not allowed for regular users, these labels are set at provisioning time. No ArgoCD instance is yet deployed, since this is left to the user if they want or not.
Users creates and ArgoCD instance and can manage workload in the 3 different env namespaces. While working further on their deployment code, they also improve their argocd deployment and decide to re-deploy argocd by deleting the instance and re-creating from their git repository.
=> Since the operator removes the manage-by label the newly deployed Instance won't be able to manage anyworkload anymore within the 3 env namespaces.
The opeartor should not touch things it does not own and thus not delete the label from the namespaces.
