Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow configuration of drift detection on HelmRelease #815

Merged
merged 4 commits into from
Nov 24, 2023
Merged

Allow configuration of drift detection on HelmRelease #815

merged 4 commits into from
Nov 24, 2023

Conversation

hiddeco
Copy link
Member

@hiddeco hiddeco commented Nov 24, 2023
edited
Loading

This adds the option to enable drift detection for a specific
HelmRelease instance using .spec.driftDetection.mode.

Supported configurations are enabled (detect and correct), warn
(detect) and disabled.

In addition to this, it allows defining a set of ignore rules using
.spec.driftDetection.ignore. Which can be used to ignore (portions
of) a resource using JSON pointers and target selectors.

Example

Simple Deployment

spec:
  driftDetection:
    mode: enabled
    ignore:
    # Ignore the number of replicas in any Deployment of the Helm release
    - paths: ["/spec/replicas"]
      target:
        kind: Deployment

kube-prometheus-stack

spec:
  driftDetection:
    mode: enabled
    ignore:
    # Ignore "validated" annotation which is not inserted during install
    - paths: ["/metadata/annotations/prometheus-operator-validated"]
      target:
        kind: PrometheusRule

@hiddeco hiddeco added enhancement New feature or request area/drift Drift detection/correction related issues and pull requests labels Nov 24, 2023
stefanprodan
stefanprodan reviewed Nov 24, 2023
View reviewed changes
go.mod Outdated Show resolved Hide resolved
@hiddeco
api: allow configuration of drift detection
a5db99a 
This adds the option to enable drift detection for a specific
`HelmRelease` instance using `.spec.driftDetection.mode`.

Supported configurations are `enabled` (detect and correct), `warn`
(detect) and `disabled`.

In addition to this, it allows defining a set of ignore rules using
`.spec.driftDetection.ignore`. Which can be used to ignore (portions
of) a resource using JSON pointers and target selectors.

Signed-off-by: Hidde Beydals <[email protected]>
@hiddeco
action: introduce Diff action
98c4118 
The `Diff` action can be used to detect changes between the manifest
from a Helm release and the current cluster state.

Compared to the previous diff functionality, it allows for ignoring
specific fields in a resource using the newly introduced ignore rules
in the API.

Signed-off-by: Hidde Beydals <[email protected]>
@hiddeco hiddeco force-pushed the new-drift-detection branch 2 times, most recently from 9705c95 to dd92f46 Compare November 24, 2023 12:41
@stefanprodan stefanprodan mentioned this pull request Nov 24, 2023
Closed
14 tasks
@hiddeco
reconcile: determine drift in cluster
bb6ad72 
This allows `DetermineReleaseState` to determine if the cluster state
has drifted from the manifest defined in the Helm storage. This allows
the atomic reconciler to determine if an upgrade should happen based
on the configuration of the `HelmRelease`.

If drift detection is `enabled` (or set to `warn`), it will report
drift via the controller logs and a Kubernetes Event. In addition, when
correction is enabled, it will instruct to perform a Helm upgrade to
correct the drift.

To summarize the detected drift in a compact message, summarize
utilities have been introduced to the `diff` package.

Signed-off-by: Hidde Beydals <[email protected]>
@hiddeco
diff: remove Differ code
6b1effc 
In favor of the new `Diff` action.

Signed-off-by: Hidde Beydals <[email protected]>
@hiddeco hiddeco mentioned this pull request Nov 24, 2023
Merged
stefanprodan
stefanprodan approved these changes Nov 24, 2023
View reviewed changes
Copy link
Member

@stefanprodan stefanprodan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

I've tested drift detection with kube-prometheus-stack for exclusion & various in-cluster edits that were promptly corrected.

Thanks @hiddeco 🏅

@hiddeco hiddeco merged commit 85cac77 into main Nov 24, 2023
10 checks passed
@hiddeco hiddeco deleted the new-drift-detection branch November 24, 2023 16:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stefanprodan stefanprodan stefanprodan approved these changes

Assignees
No one assigned
Labels
area/drift Drift detection/correction related issues and pull requests enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hiddeco @stefanprodan