argoproj-labs · anandf · Oct 19, 2023 · Jul 31, 2023 · Aug 2, 2023 · Aug 3, 2023
diff --git a/bundle/manifests/argocd-operator.clusterserviceversion.yaml b/bundle/manifests/argocd-operator.clusterserviceversion.yaml
@@ -1733,13 +1733,15 @@ spec:
               containers:
               - args:
                 - --leader-elect
+                - --label-selector
                 command:
                 - /manager
                 env:
                 - name: WATCH_NAMESPACE
                   valueFrom:
                     fieldRef:
                       fieldPath: metadata.annotations['olm.targetNamespaces']
+                - name: ARGOCD_LABEL_SELECTOR
                 - name: ENABLE_CONVERSION_WEBHOOK
                   value: "true"
                 image: quay.io/argoprojlabs/argocd-operator:v0.8.0

diff --git a/common/defaults.go b/common/defaults.go
@@ -178,6 +178,9 @@ const (
 	// ArgoCDKeycloakImage is the default Keycloak Image used for the non-openshift platforms when not specified.
 	ArgoCDKeycloakImage = "quay.io/keycloak/keycloak"
 
+	// ArgoCDDefaultLabelSelector is the default Label Selector which will reconcile all ArgoCD instances.
+	ArgoCDDefaultLabelSelector = ""
+
 	// ArgoCDKeycloakVersion is the default Keycloak version used for the non-openshift platform when not specified.
 	// Version: 15.0.2
 	ArgoCDKeycloakVersion = "sha256:64fb81886fde61dee55091e6033481fa5ccdac62ae30a4fd29b54eb5e97df6a9"

diff --git a/common/keys.go b/common/keys.go
@@ -228,4 +228,7 @@ const (
 
 	// ArgoCDDexSecretKey is used to reference Dex secret from Argo CD secret into Argo CD configmap
 	ArgoCDDexSecretKey = "oidc.dex.clientSecret"
+
+	// Label Selector is an env variable for ArgoCD instance reconcilliation.
+	ArgoCDLabelSelectorKey = "ARGOCD_LABEL_SELECTOR"
 )
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -29,6 +29,7 @@ spec:
         - /manager
         args:
         - --leader-elect
+        - --label-selector
         image: controller:latest
         name: manager
         securityContext:
@@ -55,5 +56,7 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.annotations['olm.targetNamespaces']
+        - name: ARGOCD_LABEL_SELECTOR
+          value: ""
       serviceAccountName: controller-manager
       terminationGracePeriodSeconds: 10
diff --git a/controllers/argocd/argocd_controller.go b/controllers/argocd/argocd_controller.go
@@ -27,6 +27,7 @@ import (
 
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/apimachinery/pkg/runtime"
 
 	ctrl "sigs.k8s.io/controller-runtime"
@@ -46,6 +47,8 @@ type ReconcileArgoCD struct {
 	ManagedNamespaces *corev1.NamespaceList
 	// Stores a list of SourceNamespaces as values
 	ManagedSourceNamespaces map[string]string
+	// Stores label selector used to reconcile a subset of ArgoCD
+	LabelSelector string
 }
 
 var log = logr.Log.WithName("controller_argocd")
@@ -105,6 +108,18 @@ func (r *ReconcileArgoCD) Reconcile(ctx context.Context, request ctrl.Request) (
 		return reconcile.Result{}, err
 	}
 
+	// Fetch labelSelector from r.LabelSelector (command-line option)
+	labelSelector, err := labels.Parse(r.LabelSelector)
+	if err != nil {
+		reqLogger.Info(fmt.Sprintf("error parsing the labelSelector '%s'.", labelSelector))
+		return reconcile.Result{}, err
+	}
+	// Match the value of labelSelector from ReconcileArgoCD to labels from the argocd instance
+	if !labelSelector.Matches(labels.Set(argocd.Labels)) {
+		reqLogger.Info(fmt.Sprintf("the ArgoCD instance '%s' does not match the label selector '%s' and skipping for reconciliation", request.NamespacedName, r.LabelSelector))
+		return reconcile.Result{}, fmt.Errorf("Error: failed to reconcile ArgoCD instance: '%s'", request.NamespacedName)
+	}
+
 	newPhase := argocd.Status.Phase
 	// If we discover a new Argo CD instance in a previously un-seen namespace
 	// we add it to the map and increment active instance count by phase

diff --git a/controllers/argocd/argocd_controller_test.go b/controllers/argocd/argocd_controller_test.go
@@ -102,6 +102,151 @@ func TestReconcileArgoCD_Reconcile(t *testing.T) {
 	}
 }
 
+func TestReconcileArgoCD_LabelSelector(t *testing.T) {
+	logf.SetLogger(ZapLogger(true))
+	//ctx := context.Background()
+	a := makeTestArgoCD()
+	a.Name = "argo-test-1"
+	b := makeTestArgoCD()
+	b.Name = "argo-test-2"
+	c := makeTestArgoCD()
+	c.Name = "argo-test-3"
+	rt := makeTestReconciler(t, a, b, c)
+	assert.NoError(t, createNamespace(rt, a.Namespace, ""))
+
+	// All ArgoCD instance should be reconciled if no label-selctor is applied to the operator.
+	// No label selector provided and all argocd instances are reconciled
+
+	// Instance 'a'
+	req1 := reconcile.Request{
+		NamespacedName: types.NamespacedName{
+			Name:      a.Name,
+			Namespace: a.Namespace,
+		},
+	}
+	res1, err := rt.Reconcile(context.TODO(), req1)
+	assert.NoError(t, err)
+	if res1.Requeue {
+		t.Fatal("reconcile requeued request")
+	}
+
+	//Instance 'b'
+	req2 := reconcile.Request{
+		NamespacedName: types.NamespacedName{
+			Name:      b.Name,
+			Namespace: b.Namespace,
+		},
+	}
+	res2, err := rt.Reconcile(context.TODO(), req2)
+	assert.NoError(t, err)
+	if res2.Requeue {
+		t.Fatal("reconcile requeued request")
+	}
+
+	//Instance 'c'
+	req3 := reconcile.Request{
+		NamespacedName: types.NamespacedName{
+			Name:      c.Name,
+			Namespace: c.Namespace,
+		},
+	}
+	res3, err := rt.Reconcile(context.TODO(), req3)
+	assert.NoError(t, err)
+	if res3.Requeue {
+		t.Fatal("reconcile requeued request")
+	}
+
+	// Apply label-selector foo=bar to the operator but not to the argocd instances. No reconciliation will happen and an error is expected.
+	rt.LabelSelector = "foo=bar"
+	reqTest := reconcile.Request{
+		NamespacedName: types.NamespacedName{
+			Name:      a.Name,
+			Namespace: a.Namespace,
+		},
+	}
+	resTest, err := rt.Reconcile(context.TODO(), reqTest)
+	assert.Error(t, err)
+	if resTest.Requeue {
+		t.Fatal("reconcile requeued request")
+	}
+
+	//not reconciled should return error
+	reqTest2 := reconcile.Request{
+		NamespacedName: types.NamespacedName{
+			Name:      b.Name,
+			Namespace: b.Namespace,
+		},
+	}
+	resTest2, err := rt.Reconcile(context.TODO(), reqTest2)
+	assert.Error(t, err)
+	if resTest2.Requeue {
+		t.Fatal("reconcile requeued request")
+	}
+
+	//not reconciled should return error
+	reqTest3 := reconcile.Request{
+		NamespacedName: types.NamespacedName{
+			Name:      c.Name,
+			Namespace: c.Namespace,
+		},
+	}
+	resTest3, err := rt.Reconcile(context.TODO(), reqTest3)
+	assert.Error(t, err)
+	if resTest3.Requeue {
+		t.Fatal("reconcile requeued request")
+	}
+}
+func TestReconcileArgoCD_ReconcileLabel(t *testing.T) {
+
+	// Multiple ArgoCD instances present with matching label present on some and absent on some.
+	// Only instances matching the label are reconciled.
+
+	logf.SetLogger(ZapLogger(true))
+	ctx := context.Background()
+	a := makeTestArgoCD()
+	r1 := makeTestReconciler(t, a)
+	assert.NoError(t, createNamespace(r1, a.Namespace, ""))
+	b := makeTestArgoCD()
+	r2 := makeTestReconciler(t, b)
+	assert.NoError(t, createNamespace(r2, b.Namespace, ""))
+
+	// Apply label foo=bar to the argocd instance and to the operator for reconciliation without any error.
+	r1.LabelSelector = "foo=bar"
+	r2.LabelSelector = "foo=bar"
+
+	//Apply label to Instance 'a' but not to Instance 'b'
+	a.SetLabels(map[string]string{"foo": "bar"})
+	err := r1.Client.Update(ctx, a)
+	fatalIfError(t, err, "failed to update the ArgoCD: %s", err)
+	reqTest2 := reconcile.Request{
+		NamespacedName: types.NamespacedName{
+			Name:      a.Name,
+			Namespace: a.Namespace,
+		},
+	}
+	resTest2, err := r1.Reconcile(context.TODO(), reqTest2)
+
+	//Instance 'a' reconciled without error
+	assert.NoError(t, err)
+	if resTest2.Requeue {
+		t.Fatal("reconcile requeued request")
+	}
+
+	reqTest3 := reconcile.Request{
+		NamespacedName: types.NamespacedName{
+			Name:      b.Name,
+			Namespace: b.Namespace,
+		},
+	}
+	resTest3, err := r2.Reconcile(context.TODO(), reqTest3)
+	//Instance 'b' is not reconciled and an error is expeced
+	assert.Error(t, err)
+	if resTest3.Requeue {
+		t.Fatal("reconcile requeued request")
+	}
+
+}
+
 func TestReconcileArgoCD_Reconcile_RemoveManagedByLabelOnArgocdDeletion(t *testing.T) {
 	logf.SetLogger(ZapLogger(true))
 

diff --git a/deploy/olm-catalog/argocd-operator/0.8.0/argocd-operator.v0.8.0.clusterserviceversion.yaml b/deploy/olm-catalog/argocd-operator/0.8.0/argocd-operator.v0.8.0.clusterserviceversion.yaml
@@ -1733,13 +1733,15 @@ spec:
               containers:
               - args:
                 - --leader-elect
+                - --label-selector
                 command:
                 - /manager
                 env:
                 - name: WATCH_NAMESPACE
                   valueFrom:
                     fieldRef:
                       fieldPath: metadata.annotations['olm.targetNamespaces']
+                - name: ARGOCD_LABEL_SELECTOR
                 - name: ENABLE_CONVERSION_WEBHOOK
                   value: "true"
                 image: quay.io/argoprojlabs/argocd-operator:v0.8.0

diff --git a/docs/usage/environment_variables.md b/docs/usage/environment_variables.md
@@ -7,6 +7,7 @@ The following environment variables are available in `argocd-operator`:
 | `CONTROLLER_CLUSTER_ROLE` | none | Administrators can configure a common cluster role for all the managed namespaces in role bindings for the Argo CD application controller with this environment variable. Note: If this environment variable contains custom roles, the Operator doesn't create the default admin role. Instead, it uses the existing custom role for all managed namespaces. |
 | `SERVER_CLUSTER_ROLE` | none | Administrators can configure a common cluster role for all the managed namespaces in role bindings for the Argo CD server with this environment variable. Note: If this environment variable contains custom roles, the Operator doesn’t create the default admin role. Instead, it uses the existing custom role for all managed namespaces. |
 | `REMOVE_MANAGED_BY_LABEL_ON_ARGOCD_DELETION` | false | When an Argo CD instance is deleted, namespaces managed by that instance (via the `argocd.argoproj.io/managed-by` label ) will retain the label by default. Users can change this behavior by setting the environment variable `REMOVE_MANAGED_BY_LABEL_ON_ARGOCD_DELETION` to `true` in the Subscription. |
+| `ARGOCD_LABEL_SELECTOR` | none | The label selector can be set on argocd-opertor by exporting `ARGOCD_LABEL_SELECTOR` (eg: `export ARGOCD_LABEL_SELECTOR=foo=bar`). The labels can be added to the argocd instances using the command `kubectl label argocd test1 foo=bar -n test-argocd`. This will enable the operator instance to be tailored to oversee only the corresponding ArgoCD instances having the matching label selector. |
 
 Custom Environment Variables are supported in `applicationSet`, `controller`, `notifications`, `repo` and `server` components. For example:
 

diff --git a/go.mod b/go.mod
@@ -34,6 +34,7 @@ require (
 	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
 	github.com/Azure/go-autorest/logger v0.2.1 // indirect
 	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
+	github.com/argoproj/pkg v0.13.7-0.20230626144333-d56162821bd1 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
@@ -63,6 +64,7 @@ require (
 	github.com/prometheus/client_model v0.4.0 // indirect
 	github.com/prometheus/common v0.43.0 // indirect
 	github.com/prometheus/procfs v0.10.1 // indirect
+	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	go.uber.org/atomic v1.11.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect