github.com/argoproj/argo-cd/v3@v3.2.1/docs/user-guide/orphaned-resources.md

github.com/argoproj/argo-cd/v3@v3.2.1/docs/user-guide/orphaned-resources.md (about)

     1  # Orphaned Resources Monitoring
     2  
     3  An [orphaned Kubernetes resource](https://kubernetes.io/docs/concepts/architecture/garbage-collection/#orphaned-dependents) is a top-level namespaced resource that does not belong to any Argo CD Application. The Orphaned Resources Monitoring feature allows detecting
     4  orphaned resources, inspecting/removing resources using the Argo CD UI, and generating a warning.
     5  
     6  The Orphaned Resources monitoring is enabled in the [Project](projects.md) settings.
     7  Below is an example of enabling the feature using the AppProject custom resource.
     8  
     9  ```yaml
    10  kind: AppProject
    11  metadata:
    12    ...
    13  spec:
    14    ...
    15    orphanedResources:
    16      warn: true
    17  ...
    18  ```
    19  
    20  Once the feature is enabled, each project application that has any orphaned resources in its target namespace
    21  will get a warning. The orphaned resources can be located using the application details page by enabling the "Show Orphaned" filter:
    22  
    23  ![orphaned resources](../assets/orphaned-resources.png)
    24  
    25  When enabling the feature, you might want to consider disabling warnings at first.
    26  
    27  ```yaml
    28  spec:
    29    orphanedResources:
    30      warn: false # Disable warning
    31  ```
    32  
    33  When warnings are disabled, application users can still view orphaned resources in the UI.
    34  
    35  ## Exceptions
    36  
    37  Not every resource in the Kubernetes cluster is controlled by the end user and managed by Argo CD. Other operators in the cluster can automatically create resources (e.g., the cert-manager creating secrets), which are then considered orphaned.
    38  
    39  The following resources are never considered orphaned:
    40  
    41  * Namespaced resources denied in the project. Usually, such resources are managed by cluster administrators and are not supposed to be modified by a namespace user.
    42  * `ServiceAccount` with the name `default` (and the corresponding auto-generated `ServiceAccountToken`).
    43  * `Service` with the name `kubernetes` in the `default` namespace.
    44  * `ConfigMap` with the name `kube-root-ca.crt` in all namespaces.
    45  
    46  You can prevent resources from being declared orphaned by providing a list of ignore rules, each defining a Group, Kind, and Name.
    47  
    48  ```yaml
    49  spec:
    50    orphanedResources:
    51      ignore:
    52      - kind: ConfigMap
    53        name: orphaned-but-ignored-configmap
    54  ```
    55  
    56  The `name` can be a [glob pattern](https://github.com/gobwas/glob), e.g.:
    57  
    58  ```yaml
    59  spec:
    60    orphanedResources:
    61      ignore:
    62      - kind: Secret
    63        name: *.example.com
    64  ```