Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add IfNotPresent and Ignore SSA policies #943

Merged
merged 3 commits into from
Aug 11, 2023
Merged

Add IfNotPresent and Ignore SSA policies #943

merged 3 commits into from
Aug 11, 2023

Conversation

stefanprodan
Copy link
Member

@stefanprodan stefanprodan commented Aug 9, 2023
edited
Loading

This PR extends the apply behaviour with two policies IfNotPresent and Ignore.

Fix: #936
Implementation and tests: fluxcd/pkg#625

Controlling the apply behavior of resources

To change the apply behaviour for specific Kubernetes resources, you can annotate them with:

Annotation Default Values Role
kustomize.toolkit.fluxcd.io/ssa Override - Override
- Merge
- IfNotPresent
- Ignore		 Apply policy
kustomize.toolkit.fluxcd.io/force Disabled - Enabled
- Disabled		 Recreate policy
kustomize.toolkit.fluxcd.io/prune Enabled - Enabled
- Disabled		 Delete policy

kustomize.toolkit.fluxcd.io/ssa

Override

The Override policy instructs the controller to reconcile the Kubernetes resources with the desired state (YAML manifests) defined in the Flux source (Git, OCI, Bucket).

Merge

The Merge policy instructs the controller to preserve the fields added by other tools to the Kubernetes resources managed by Flux.

The fields defined in the manifests applied by the controller will always be overridden, the Merge policy works only for adding new fields that don’t overlap with the desired state.

IfNotPresent

The IfNotPresent policy instructs the controller to only apply the Kubernetes resources if they are not present on the cluster.

This policy can be used for Kubernetes Secrets and ValidatingWebhookConfigurations managed by cert-manager, where Flux creates the resources with fields that are later on mutated by other controllers.

Ignore

The Ignore policy instructs the controller to skip applying Kubernetes resources even if they present in a Flux source (Git, OCI, Bucket).

@stefanprodan
Update github.com/fluxcd/pkg/ssa to v0.30.0
6b85c71 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
@stefanprodan
Add IfNotPresent and Ignore SSA policies
6d32b08 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
@stefanprodan stefanprodan added area/docs Documentation related issues and pull requests enhancement New feature or request area/server-side-apply SSA related issues and pull requests labels Aug 9, 2023
@stefanprodan stefanprodan requested a review from hiddeco August 9, 2023 11:23
hiddeco
hiddeco reviewed Aug 9, 2023
View reviewed changes
docs/spec/v1/kustomizations.md Outdated Show resolved Hide resolved
docs/spec/v1/kustomizations.md Outdated Show resolved Hide resolved
docs/spec/v1/kustomizations.md Outdated Show resolved Hide resolved
docs/spec/v1/kustomizations.md Outdated Show resolved Hide resolved
@stefanprodan stefanprodan force-pushed the ssa-policies branch 2 times, most recently from 561c780 to 642cc7c Compare August 9, 2023 11:50
hiddeco
hiddeco approved these changes Aug 9, 2023
View reviewed changes
Copy link
Member

@hiddeco hiddeco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome to have the annotations documented in one place now 💯 🥇

@hiddeco
Copy link
Member

hiddeco commented Aug 9, 2023

You may want to link from https://fluxcd.io/flux/faq/#how-to-patch-coredns-and-other-pre-installed-addons to the new documentation once this is available on the website.

@stefanprodan
Document the apply behavior of resources
743cb79 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
@stefanprodan stefanprodan merged commit 4c1ea27 into main Aug 11, 2023
@stefanprodan stefanprodan deleted the ssa-policies branch August 11, 2023 13:40
@stefanprodan stefanprodan mentioned this pull request Aug 23, 2023
Closed
9 tasks
@JeremyMordkoff
Copy link

I am struggling to get this to work for a configmap.

We are using helm and it includes a configmap to which I have added this annotation. Then my master pod overwrites this configmap. This version also has the annotation. But flux still reconciles the configmap back the helm chart version.

Does the annotation need to be in version 0 of this resource or can it be introduced in an upgrade?
Could the issue be that the master pod is re-creating the configmap (as opposed to editing it ... I'm not sure about this part...just guessing that's what we do.

I hope this is an appropriate place to ask ....

@stefanprodan
Copy link
Member Author

SSA has nothing to do with Helm, these annotations are only for resources managed by Flux Kustomizations https://fluxcd.io/flux/components/kustomize/kustomizations/#controlling-the-apply-behavior-of-resources

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hiddeco hiddeco hiddeco approved these changes

Assignees
No one assigned
Labels
area/docs Documentation related issues and pull requests area/server-side-apply SSA related issues and pull requests enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Ignore resources from apply if it already exists
3 participants
@stefanprodan @hiddeco @JeremyMordkoff