Avoid Kubernetes resources reconciliation by ArgoCD using a user script
Resource exclusions tell Argo CD to ignore certain Kubernetes resources during synchronization and health checks. This is useful when:
-
Argo CD doesn’t have permissions to list or read certain resources (e.g., due to cluster RBAC constraints).
-
Resources are managed externally and should not be reconciled by Argo CD.
-
Preventing sync failures due to unsupported or inaccessible APIs.
These exclusions are typically configured in the Argo CD settings (e.g., argocd-cm ConfigMap or cluster settings in Akuity UI) under resource.exclusions.
🔧 The Purpose of argo_resource_check.sh Script
This script helps identify Kubernetes resources that Argo CD is not managing, which makes them good candidates for resource exclusion.
#!/bin/bash# Collect resources on the clusterRESOURCE_NAMES=$(kubectl api-resources --no-headers | tr -s ' ' | cut -d ' ' -f 1)for line in $RESOURCE_NAMESdo echo ======={$line}====== if [ -z "$(kubectl get $line --all-namespaces -o json | jq -r --arg key "argocd.argoproj.io/tracking-id" '.items[] | select(.metadata.annotations[$key] != null) | .metadata.name')" ]; then echo -e 'Resource is not managed by Argo CD,'$(kubectl get $line -A --no-headers | wc -l)' resources can be possibly be added to an exclusion rule\n' else echo -e "*** At least one resource is managed by Argo CD and cannot be excluded ***\n" fidone
🧪 How to Use the Script
-
Save the script as
argo_resource_check.sh. -
Make it executable:
chmod +x argo_resource_check.sh -
Run it:
./argo_resource_check.sh