From ebf7a9a91c09249ee031a426a638b55eacd06eaf Mon Sep 17 00:00:00 2001 From: Matt Pryor Date: Mon, 30 Jan 2023 17:16:31 +0000 Subject: [PATCH 1/2] Only respect controller refs for resources Signed-off-by: Matt Pryor --- pkg/cache/references.go | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/pkg/cache/references.go b/pkg/cache/references.go index cb16314b9..bd08d04e3 100644 --- a/pkg/cache/references.go +++ b/pkg/cache/references.go @@ -20,9 +20,17 @@ func mightHaveInferredOwner(r *Resource) bool { func (c *clusterCache) resolveResourceReferences(un *unstructured.Unstructured) ([]metav1.OwnerReference, func(kube.ResourceKey) bool) { var isInferredParentOf func(_ kube.ResourceKey) bool - ownerRefs := un.GetOwnerReferences() + allOwnerRefs := un.GetOwnerReferences() gvk := un.GroupVersionKind() + // TODO: Put this behind a gate + ownerRefs := []metav1.OwnerReference{} + for _, ownerRef := range allOwnerRefs { + if ownerRef.Controller != nil && *ownerRef.Controller { + ownerRefs = append(ownerRefs, ownerRef) + } + } + switch { // Special case for endpoint. Remove after https://github.com/kubernetes/kubernetes/issues/28483 is fixed case gvk.Group == "" && gvk.Kind == kube.EndpointsKind && len(ownerRefs) == 0: From 2ea054214370b057ed31bb15a0b6af0118132906 Mon Sep 17 00:00:00 2001 From: Matt Pryor Date: Wed, 1 Feb 2023 12:44:31 +0000 Subject: [PATCH 2/2] Move code behind a resource-specific annotation Signed-off-by: Matt Pryor --- pkg/cache/references.go | 16 ++++++++++------ pkg/sync/common/types.go | 2 ++ 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/pkg/cache/references.go b/pkg/cache/references.go index bd08d04e3..750ac48f4 100644 --- a/pkg/cache/references.go +++ b/pkg/cache/references.go @@ -10,6 +10,8 @@ import ( "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/types" + synccommon "github.com/argoproj/gitops-engine/pkg/sync/common" + syncresource "github.com/argoproj/gitops-engine/pkg/sync/resource" "github.com/argoproj/gitops-engine/pkg/utils/kube" ) @@ -20,15 +22,17 @@ func mightHaveInferredOwner(r *Resource) bool { func (c *clusterCache) resolveResourceReferences(un *unstructured.Unstructured) ([]metav1.OwnerReference, func(kube.ResourceKey) bool) { var isInferredParentOf func(_ kube.ResourceKey) bool - allOwnerRefs := un.GetOwnerReferences() + ownerRefs := un.GetOwnerReferences() gvk := un.GroupVersionKind() - // TODO: Put this behind a gate - ownerRefs := []metav1.OwnerReference{} - for _, ownerRef := range allOwnerRefs { - if ownerRef.Controller != nil && *ownerRef.Controller { - ownerRefs = append(ownerRefs, ownerRef) + if syncresource.HasAnnotationOption(un, synccommon.AnnotationSyncOptions, synccommon.SyncOptionControllerReferencesOnly) { + controllerOwnerRefs := []metav1.OwnerReference{} + for _, ownerRef := range un.GetOwnerReferences() { + if ownerRef.Controller != nil && *ownerRef.Controller { + controllerOwnerRefs = append(controllerOwnerRefs, ownerRef) + } } + return controllerOwnerRefs, isInferredParentOf } switch { diff --git a/pkg/sync/common/types.go b/pkg/sync/common/types.go index 00976ff5d..b3c777bc7 100644 --- a/pkg/sync/common/types.go +++ b/pkg/sync/common/types.go @@ -50,6 +50,8 @@ const ( SyncOptionClientSideApplyMigration = "ClientSideApplyMigration=true" // Sync option that disables client-side apply migration SyncOptionDisableClientSideApplyMigration = "ClientSideApplyMigration=false" + // Sync option that means only controller owner references are respected + SyncOptionControllerReferencesOnly = "ControllerReferencesOnly=true" // Default field manager for client-side apply migration DefaultClientSideApplyMigrationManager = "kubectl-client-side-apply"