Checklist:
Describe the bug
When running Argo CD locally on a Kind cluster and applying an Application with ServerSideApply enabled, the aggregationRules on the admin ClusterRole are unexpectedly removed.
To Reproduce
-
created a kind cluster
-
deployed argocd locally using cd argo-cd
ARGOCD_GPG_ENABLED=false && goreman start
-
clusterRole admin yaml before applying argocd application looks like below, for complete yaml, refer
before_apply_clusterrole.yaml
kubectl get clusterrole admin -o yaml
aggregationRule:
clusterRoleSelectors:
- matchLabels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
creationTimestamp: "2026-02-02T06:28:35Z"
labels:
kubernetes.io/bootstrapping: rbac-defaults
name: admin
resourceVersion: "321"
uid: 7848eed6-f4c4-411c-96b4-4f12ae51ebe2
rules:
- apiGroups:
- once argocd is stable and running, applied below argocd application
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: argocd-test
spec:
destination:
namespace: ""
server: https://kubernetes.default.svc
source:
path: aggregate
repoURL: https://github.com/jparsai/openshift-gitops-getting-started.git
targetRevision: main
sources: []
project: default
syncPolicy:
automated:
prune: false
selfHeal: true
enabled: true
syncOptions:
- ServerSideApply=true
- aggregationRules on clusterRole admin got removed., for complete clusterrole yaml refer
after_apply_clusterrole.yaml
kubectl get clusterrole admin -o yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
argocd.argoproj.io/tracking-id: argocd-test:rbac.authorization.k8s.io/ClusterRole:/admin
rbac.authorization.kubernetes.io/autoupdate: "true"
creationTimestamp: "2026-02-02T06:28:35Z"
labels:
kubernetes.io/bootstrapping: rbac-defaults
rbac.authorization.k8s.io/aggregate-to-test1-admin: "true"
name: admin
resourceVersion: "2283"
uid: 7848eed6-f4c4-411c-96b4-4f12ae51ebe2
rules:
- apiGroups:
- ""
Expected behavior
Expected aggregationRules to remain normal, as it is the behavior when tried from kubectl cli command
kubectl apply --server-side -f cluster-role-patch.yaml
below is the content of cluster-role-patch.yaml.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: admin
labels:
rbac.authorization.k8s.io/aggregate-to-test1-admin: "true"
Screenshots
Version
Logs
goreman.log
Checklist:
argocd version.Describe the bug
When running Argo CD locally on a Kind cluster and applying an Application with ServerSideApply enabled, the aggregationRules on the admin ClusterRole are unexpectedly removed.
To Reproduce
created a kind cluster
deployed argocd locally using cd argo-cd
ARGOCD_GPG_ENABLED=false && goreman start
clusterRole admin yaml before applying argocd application looks like below, for complete yaml, refer
before_apply_clusterrole.yaml
kubectl get clusterrole admin -o yamlafter_apply_clusterrole.yaml
kubectl get clusterrole admin -o yamlExpected behavior
Expected aggregationRules to remain normal, as it is the behavior when tried from kubectl cli command
kubectl apply --server-side -f cluster-role-patch.yamlbelow is the content of cluster-role-patch.yaml.
Screenshots
Version
Logs
goreman.log