Argo CD can be configured to avoid sync failures when it doesn't have permission to list all Kubernetes APIs in a cluster
Argo CD may fail to sync with a cluster if it cannot list certain API resources due to RBAC restrictions. To prevent these sync failures, specific resources can be excluded from reconciliation using the resource exclusion feature.
Recommended Solution: Use Resource Exclusions
This can be configured under "Reconciliation Settings" in the cluster configuration. Add entries for each API group and resource kind that should be ignored during reconciliation.
Example Configuration:
- apiGroups: - "apps" kinds: - "DaemonSet" clusters: - http://cluster-resource-excl-testing:8001- apiGroups: - "discovery.k8s.io" kinds: - "EndpointSlice" clusters: - http://cluster-resource-excl-testing:8001- apiGroups: - "argoproj.io" kinds: - "EventSource" clusters: - http://cluster-resource-excl-testing:8001
Where to Configure:
-
Navigate to the Akuity Platform UI.
-
Open the Settings for that instance.
-
Under Reconciliation Settings, apply the resource exclusions.
-
Save it.
This prevents Argo CD from querying excluded resources, avoiding permission-related sync errors.
Reference:
- https://argo-cd.readthedocs.io/en/latest/operator-manual/declarative-setup/#resource-exclusioninclusion