docs: Clarify what the Force sync option does

[lindhe]

This change attempts to clarify what exactly the Force sync option does.

I have a handful of issues with the current description:

• Most of all, I would really like to know if the Force sync option corresponds to the --force flag in kubectl. If it does, then we should probably warn the user that there may be unintended consequences such as the pod being deleted from Kubernetes but the containers keep running on the node. If it does not, I think we should clarify that so users (like me) aren't too afraid to use it.
• To some degree, I think the current description is very vague and it would be more helpful if we clarified it.
• There is no example of only setting Force=true, only an example setting both Force=true and Replace=true. Does it not make sense to use only Force=true? I think it does! We should clarify the use-case for this.

I opened a PR rather than discussing in an Issue first, because I think it's easier to reason about texts if we see the suggested change in front of us.

Checklist:

• [x] Either (a) I've created an enhancement proposal and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
• [x] The title of the PR states what changed and the related issues number (used for the release note).
• [x] The title of the PR conforms to the Toolchain Guide
• [ ] I've included "Closes [ISSUE #]" or "Fixes [ISSUE #]" in the description to automatically close the associated issue.
• [ ] I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
• [x] Does this PR require documentation updates?
• [x] I've updated documentation as required by this PR.
• [x] I have signed off all my commits as required by DCO
• [ ] I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
• [x] My build is green (troubleshooting builds).
• [ ] My new feature complies with the feature status guidelines.
• [x] I have added a brief description of why this PR is necessary and/or what this PR solves.
• [ ] Optional. My organization is added to USERS.md.
• [ ] Optional. For bug fixes, I've indicated what older releases this fix should be cherry-picked into (this may or may not happen depending on risk/complexity).

[bunnyshell[bot]]

:exclamation: Preview Environment undeploy from Bunnyshell failed

See: Environment Details | Pipeline Logs

Available commands (reply to this comment):

• :rocket: /bns:deploy to redeploy the environment
• :x: /bns:delete to try again to remove the environment

[lindhe]

Please note: my initial suggestion here is not intended to be the end-result if we merge this PR. But I need to discuss this and get some input before I can improve the suggested change.

[todaywasawesome]

The force flag on sync option bypasses graceful deletion in the same way kubectl --force does but force also does a delete and replace on all other items.

Thanks to #8574 we have a warning in the UI about doing force deletion which reads "The resources will be synced using '--force' that is a potentially destructive action and will immediately remove resources from the API and bypasses graceful deletion. Immediate deletion of some resources may result in inconsistency or data loss. Are you sure you want to continue?"

Another relevant discussion on the topic is in #5172

[lindhe]

The force flag on sync option bypasses graceful deletion in the same way kubectl --force does but force also does a delete and replace on all other items.

Thanks to #8574 we have a warning in the UI about doing force deletion which reads "The resources will be synced using '--force' that is a potentially destructive action and will immediately remove resources from the API and bypasses graceful deletion. Immediate deletion of some resources may result in inconsistency or data loss. Are you sure you want to continue?"

Another relevant discussion on the topic is in #5172

That's great, thank you for the details! I'll review the details in the links you sent and see if that can be incorporated into the docs.

[lindhe]

I would like some clarification on two details, before I know what to write:

The force flag on sync option bypasses graceful deletion in the same way kubectl --force does

I assume you mean kubectl apply --force? Or is it kubectl create --force?

but force also does a delete and replace on all other items.

Does it really do delete and replace, even when Replace=false??

And also: on all other items?? I tried running it, I don't think it seems like it touches any other resources than the one with annotation argocd.argoproj.io/sync-options: Force=true. Or am I misinterpreting you?

[lindhe]

I've split the section in two now, to distinguish between Force=true and Force=true,Replace=true. As soon as you have helped me understand the points I asked about, I'll do one last change and then I think this is ready for review.

[todaywasawesome]

// SyncStrategyApply uses `kubectl apply` to perform the apply
type SyncStrategyApply struct {
	// Force indicates whether or not to supply the --force flag to `kubectl apply`.
	// The --force flag deletes and re-create the resource, when PATCH encounters conflict and has
	// retried for 5 times.
	Force bool `json:"force,omitempty" protobuf:"bytes,1,opt,name=force"`
}

https://github.com/argoproj/argo-cd/blob/d408909df6f950dd4b1a0b898c3b77259aef394f/pkg/apis/application/v1alpha1/types.go#L1371C1-L1376C2

The relevant code seems to indicate the exact behavior but I think this also just relies on kubectl behavior so a question is does this comment accurately reflect kubectl apply --force. The docs are surprisingly non-specific about this in kubectl, I think we actually have to dig around there...