From 8f83c942ca64fe5bbbe1c0b91b9410abb2f5e412 Mon Sep 17 00:00:00 2001 From: Doug Goldstein Date: Fri, 13 Jun 2025 10:58:14 -0500 Subject: [PATCH 1/2] fix(argocd): ensure ArgoCD updates sync as early as possible If we are making updates to ArgoCD itself, it needs to sync out first before anything else. --- apps/appsets/argocd/appset-argocd.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/apps/appsets/argocd/appset-argocd.yaml b/apps/appsets/argocd/appset-argocd.yaml index ac0b62126..989bb5b2d 100644 --- a/apps/appsets/argocd/appset-argocd.yaml +++ b/apps/appsets/argocd/appset-argocd.yaml @@ -17,6 +17,9 @@ spec: template: metadata: name: '{{.name}}-argocd' + annotations: + # we want ArgoCD itself to sync as early as possible + argocd.argoproj.io/sync-wave: "-1000" spec: project: default sources: From 0652feeba1eaf4c9574e6fa38cf7e04966eba97f Mon Sep 17 00:00:00 2001 From: Doug Goldstein Date: Fri, 13 Jun 2025 10:32:34 -0500 Subject: [PATCH 2/2] fix(argocd): drop resource.exclusions which are defaulted upstream Our list is small and doesn't include everything upstream has identified and included by default so drop our own settings. https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/2.14-3.0/#default-resourceexclusions-configurations https://github.com/argoproj/argo-helm/blob/df0cac1c2c3ad36f21a7f48dd28cbc14ae6b1744/charts/argo-cd/values.yaml#L323 --- bootstrap/argocd/values.yaml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/bootstrap/argocd/values.yaml b/bootstrap/argocd/values.yaml index 932c1cc48..8fc50382b 100644 --- a/bootstrap/argocd/values.yaml +++ b/bootstrap/argocd/values.yaml @@ -20,13 +20,6 @@ configs: server.insecure: true cm: kustomize.buildOptions: --enable-helm --load-restrictor LoadRestrictionsNone - resource.exclusions: | - - apiGroups: - - cilium.io - kinds: - - CiliumIdentity - clusters: - - "*" rbac: policy.csv: | # role:ucadmin can sync applications