argo-cd/docs/user-guide/orphaned-resources.md

# Orphaned Resources Monitoring

Orphaned Kubernetes resource is a top-level namespaced resource which does not belong to any Argo CD Application. The Orphaned Resources Monitoring feature allows detecting
orphaned resources, inspect/remove resources using Argo CD UI and generate a warning.

The Orphaned Resources monitoring is enabled in [Project](projects.md) settings, 
and the below is an example of enabling the feature using the AppProject custom resource.

```yaml
kind: AppProject
metadata:
  ...
spec:
  ...
  orphanedResources:
    warn: true
...
```

Once the feature is enabled, each project application which has any orphaned resources in its target namespace
will get a warning. The orphaned resources can be located using the application details page:

![orphaned resources](../assets/orphaned-resources.png)

When enabling the feature, you might want to consider disabling warning at first.

```yaml
spec:
  orphanedResources:
    warn: false # Disable warning
```

While warning disabled, application users can still view orphaned resources in the UI.

## Exceptions

Not every resource in the Kubernetes cluster is controlled by the end user. Following resources are never considered as orphaned:

* Namespaced resources denied in the project. Usually, such resources are managed by cluster administrators and not supposed to be modified by namespace user.
* `ServiceAccount` with name `default` ( and corresponding auto-generated `ServiceAccountToken` ).
* `Service` with name `kubernetes` in the `default` namespace.
* `ConfigMap` with name `kube-root-ca.crt` in all namespaces.

Also, you can configure to ignore resources by providing a list of resource Group, Kind and Name.

```yaml
spec:
  orphanedResources:
    ignore:
    - kind: ConfigMap
      name: orphaned-but-ignored-configmap
```
Issue #1167 - Document orphaned resources, update proj CLI (#2188) 2019-08-22 18:35:43 +00:00			`# Orphaned Resources Monitoring`

			`Orphaned Kubernetes resource is a top-level namespaced resource which does not belong to any Argo CD Application. The Orphaned Resources Monitoring feature allows detecting`
docs: improve Orphaned Resources Monitoring with more examples and correct grammar (#6006) Signed-off-by: Ryota <rytswd@gmail.com> 2021-04-13 09:59:15 +00:00			`orphaned resources, inspect/remove resources using Argo CD UI and generate a warning.`
Issue #1167 - Document orphaned resources, update proj CLI (#2188) 2019-08-22 18:35:43 +00:00
docs: improve Orphaned Resources Monitoring with more examples and correct grammar (#6006) Signed-off-by: Ryota <rytswd@gmail.com> 2021-04-13 09:59:15 +00:00			`The Orphaned Resources monitoring is enabled in [Project](projects.md) settings,`
			`and the below is an example of enabling the feature using the AppProject custom resource.`

			```yaml
			`kind: AppProject`
			`metadata:`
			`...`
			`spec:`
			`...`
			`orphanedResources:`
			`warn: true`
			`...`
			```

			`Once the feature is enabled, each project application which has any orphaned resources in its target namespace`
			`will get a warning. The orphaned resources can be located using the application details page:`
Issue #1167 - Document orphaned resources, update proj CLI (#2188) 2019-08-22 18:35:43 +00:00
			`![orphaned resources](../assets/orphaned-resources.png)`

docs: improve Orphaned Resources Monitoring with more examples and correct grammar (#6006) Signed-off-by: Ryota <rytswd@gmail.com> 2021-04-13 09:59:15 +00:00			`When enabling the feature, you might want to consider disabling warning at first.`

			```yaml
			`spec:`
			`orphanedResources:`
			`warn: false # Disable warning`
			```

			`While warning disabled, application users can still view orphaned resources in the UI.`
Issue #1167 - Document orphaned resources, update proj CLI (#2188) 2019-08-22 18:35:43 +00:00
			`## Exceptions`

chore: Spelling - md files (#3651) chore: Spelling - md files (#3651) 2020-05-26 20:58:29 +00:00			`Not every resource in the Kubernetes cluster is controlled by the end user. Following resources are never considered as orphaned:`
Issue #1167 - Document orphaned resources, update proj CLI (#2188) 2019-08-22 18:35:43 +00:00
Allow deny (#4293) (#4294) * chore(ui): switch to using allow/deny (#4293) Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> 2020-11-03 18:54:13 +00:00			`* Namespaced resources denied in the project. Usually, such resources are managed by cluster administrators and not supposed to be modified by namespace user.`
Issue #1167 - Document orphaned resources, update proj CLI (#2188) 2019-08-22 18:35:43 +00:00			* `ServiceAccount` with name `default` ( and corresponding auto-generated `ServiceAccountToken` ).
			* `Service` with name `kubernetes` in the `default` namespace.
fix: Exclude kube-root-ca.crt ConfigMap from Orphaned Resources monitoring by default (#5490) (#5523) Signed-off-by: iam-veeramalla <abhishek.veeramalla@gmail.com> 2021-02-17 10:25:21 +00:00			* `ConfigMap` with name `kube-root-ca.crt` in all namespaces.
docs: improve Orphaned Resources Monitoring with more examples and correct grammar (#6006) Signed-off-by: Ryota <rytswd@gmail.com> 2021-04-13 09:59:15 +00:00
			`Also, you can configure to ignore resources by providing a list of resource Group, Kind and Name.`

			```yaml
			`spec:`
			`orphanedResources:`
			`ignore:`
			`- kind: ConfigMap`
			`name: orphaned-but-ignored-configmap`
			```