diff --git a/ssa/manager_diff.go b/ssa/manager_diff.go
index f01ffff0b..762c6e8ee 100644
--- a/ssa/manager_diff.go
+++ b/ssa/manager_diff.go
@@ -34,12 +34,37 @@ const (
 	diffMask    = "******"
 )
 
+// DiffOptions contains options for server-side dry-run apply requests.
+type DiffOptions struct {
+	// Exclusions determines which in-cluster objects are skipped from dry-run apply
+	// based on the specified key-value pairs.
+	// A nil Exclusions map means all objects are applied
+	// regardless of their metadata labels and annotations.
+	Exclusions map[string]string `json:"exclusions"`
+}
+
+// DefaultDiffOptions returns the default dry-run apply options.
+func DefaultDiffOptions() DiffOptions {
+	return DiffOptions{
+		Exclusions: nil,
+	}
+}
+
 // Diff performs a server-side apply dry-un and returns the live and merged objects if drift is detected.
 // If the diff contains Kubernetes Secrets, the data values are masked.
-func (m *ResourceManager) Diff(ctx context.Context, object *unstructured.Unstructured) (*ChangeSetEntry, *unstructured.Unstructured, *unstructured.Unstructured, error) {
+func (m *ResourceManager) Diff(ctx context.Context, object *unstructured.Unstructured, opts DiffOptions) (
+	*ChangeSetEntry,
+	*unstructured.Unstructured,
+	*unstructured.Unstructured,
+	error,
+) {
 	existingObject := object.DeepCopy()
 	_ = m.client.Get(ctx, client.ObjectKeyFromObject(object), existingObject)
 
+	if existingObject != nil && AnyInMetadata(existingObject, opts.Exclusions) {
+		return m.changeSetEntry(existingObject, UnchangedAction), nil, nil, nil
+	}
+
 	dryRunObject := object.DeepCopy()
 	if err := m.dryRunApply(ctx, dryRunObject); err != nil {
 		return nil, nil, nil, m.validationError(dryRunObject, err)
diff --git a/ssa/manager_diff_test.go b/ssa/manager_diff_test.go
index bf3b25480..d2bbe58bd 100644
--- a/ssa/manager_diff_test.go
+++ b/ssa/manager_diff_test.go
@@ -50,7 +50,7 @@ func TestDiff(t *testing.T) {
 	}
 
 	t.Run("generates empty diff for unchanged object", func(t *testing.T) {
-		changeSetEntry, _, _, err := manager.Diff(ctx, configMap)
+		changeSetEntry, _, _, err := manager.Diff(ctx, configMap, DefaultDiffOptions())
 		if err != nil {
 			t.Fatal(err)
 		}
@@ -71,7 +71,7 @@ func TestDiff(t *testing.T) {
 			t.Fatal(err)
 		}
 
-		changeSetEntry, _, mergedObj, err := manager.Diff(ctx, configMap)
+		changeSetEntry, _, mergedObj, err := manager.Diff(ctx, configMap, DefaultDiffOptions())
 		if err != nil {
 			t.Fatal(err)
 		}
@@ -99,7 +99,7 @@ func TestDiff(t *testing.T) {
 			t.Fatal(err)
 		}
 
-		changeSetEntry, _, mergedObj, err := manager.Diff(ctx, secret)
+		changeSetEntry, _, mergedObj, err := manager.Diff(ctx, secret, DefaultDiffOptions())
 		if err != nil {
 			t.Fatal(err)
 		}
@@ -139,7 +139,7 @@ func TestDiff_Removals(t *testing.T) {
 	}
 
 	t.Run("generates empty diff for unchanged object", func(t *testing.T) {
-		changeSetEntry, _, _, err := manager.Diff(ctx, configMap)
+		changeSetEntry, _, _, err := manager.Diff(ctx, configMap, DefaultDiffOptions())
 		if err != nil {
 			t.Fatal(err)
 		}
@@ -164,7 +164,7 @@ func TestDiff_Removals(t *testing.T) {
 			t.Fatal(err)
 		}
 
-		changeSetEntry, _, mergedObj, err := manager.Diff(ctx, configMap)
+		changeSetEntry, _, mergedObj, err := manager.Diff(ctx, configMap, DefaultDiffOptions())
 		if err != nil {
 			t.Fatal(err)
 		}
@@ -187,7 +187,7 @@ func TestDiff_Removals(t *testing.T) {
 	t.Run("generates diff for removed map entry", func(t *testing.T) {
 		unstructured.RemoveNestedField(configMap.Object, "data", "token")
 
-		changeSetEntry, _, _, err := manager.Diff(ctx, configMap)
+		changeSetEntry, _, _, err := manager.Diff(ctx, configMap, DefaultDiffOptions())
 		if err != nil {
 			t.Fatal(err)
 		}
@@ -222,7 +222,7 @@ func TestDiffHPA(t *testing.T) {
 	}
 
 	t.Run("generates empty diff for unchanged object", func(t *testing.T) {
-		changeSetEntry, _, _, err := manager.Diff(ctx, hpa)
+		changeSetEntry, _, _, err := manager.Diff(ctx, hpa, DefaultDiffOptions())
 		if err != nil {
 			t.Fatal(err)
 		}
@@ -247,7 +247,7 @@ func TestDiffHPA(t *testing.T) {
 			t.Fatal(err)
 		}
 
-		changeSetEntry, _, _, err := manager.Diff(ctx, hpa)
+		changeSetEntry, _, _, err := manager.Diff(ctx, hpa, DefaultDiffOptions())
 		if err != nil {
 			t.Fatal(err)
 		}
@@ -262,7 +262,7 @@ func TestDiffHPA(t *testing.T) {
 	})
 
 	t.Run("generates empty diff for unchanged metric", func(t *testing.T) {
-		changeSetEntry, _, _, err := manager.Diff(ctx, hpa)
+		changeSetEntry, _, _, err := manager.Diff(ctx, hpa, DefaultDiffOptions())
 		if err != nil {
 			t.Fatal(err)
 		}
@@ -278,7 +278,7 @@ func TestDiffHPA(t *testing.T) {
 			t.Fatal(err)
 		}
 
-		changeSetEntry, _, _, err := manager.Diff(ctx, hpa)
+		changeSetEntry, _, _, err := manager.Diff(ctx, hpa, DefaultDiffOptions())
 		if err != nil {
 			t.Fatal(err)
 		}