Allow multiple clusters pointing to the same URL #15027
Description
See original discussion highlighting the issue below
Summary
It is currently impossible to define multiple clusters pointing to the same URL, even if they have different name.
Motivation
Similar to what is discussed in the discussion below, I was trying to set up multiple clusters pointing to the same URL but managing different namespaces. This did not work because internally ArgoCD refers to clusters by its URL. This caused ArgoCD to take one of the clusters, put it into cache and use it for the following operations even if the resources were on clusters with different names.
Example:
2 clusters are configured:
- dev, configured to manage namespace dev with URL http://kubernetes.default.svc
- staging, configured to manage namespace staging http://kubernetes.default.svc
And two applications, one targeting dev:
destination:
namespace: dev
name: dev
And one targeting staging:
destination:
namespace: staging
name: staging
When the first reconciliation of dev happens, ArgoCD chooses one cluster (seemingly randomly) and puts in into the cluster cache. If it chooses staging, then the operation will fail with
Failed to load live state: Namespace "dev" for AppProject "x" is not managed since the staging cluster does not manage the dev namespace.
Proposal
Instead of using the server URL to refer to a cluster, it should use a pair of the name and server URL. This would make it possible to differentiate between clusters using the same server URL.
Discussed in #9388
Originally posted by mFranz82 May 12, 2022
I am working in a Rancher environment where a DEV team belongs to a Rancher project with corresponding rights within the cluster.
As ArgoCD does not provide the option to specify service accounts on project or application level we thought we could wrap a cluster around each project providing a cluster scoped service account. Something like a virtual cluster per team pointing to the same k8s api:
dev-cluster-team-a (api url) > project > application > Sync actions using SA argcd-manager-team-a
dev-cluster-team-b (api url) > project > application > Sync actions using SA argcd-manager-team-b
When starting with the implementation we quickly realised that the API url is used by ArgoCD to identify the cluster which of course won't work in our setup. We simply can not create a ArgoCD cluster pointing to the same api twice.
Do you think this is intentional? Are there any concept considerations which I missed?
Update:
We found a simple solution:
Simple create a Service (External Name) per cluster pointing to the same api.