-
Feature
-
Resolution: Unresolved
-
Critical
-
None
-
None
-
False
-
None
-
False
-
Yellow
-
100% To Do, 0% In Progress, 0% Done
Epic Goal
Support a rollout strategy in the Placement API to allow for consumers to progressively apply their content to managed clusters
we’d need careful integration on the policy side with this too
It may require some UX work to find a way to visualize progress of the rollout of an updated policy…
Why is this important?
- Increasingly in scenarios there is a need to control the rollout of workloads and manifests from the hub across clusters
- In
ACM-1717, there is a requirement to support a progressive rolling upgrade of the ACM management add-ons - In other scenarios, there are requirements from end-users to support a "canary" rollout of changes from Configuration Policies
- In
Scenarios
- Do not impact all managed clusters immediately with an enforced policy update
- Support the ability to roll out a policy into dev -> uat -> production environments. An initial canary group could be included in that roll out too. This requires GRC Policy to support the ProgressivePerGroup rollout strategy added by the placement API.
- The rollout must be driven from gitops and not require additional managed cluster labeling beyond what most customers likely would already have setup
Acceptance Criteria
- The rollout can be driven from gitops
- All managed clusters do not have the new policy enforced at once
- existing managed cluster labeling can be used (this doesn't mean ACM default labeling – but customer added labels around how there clusters are organized in addition to the default labels)
- Enough data is provided to be able to determine progress, success and failure
Dependencies (internal and external)
- Heavy dependency on placement rollout strategy linked above
Previous Work (Optional):
- There is a selective policy enforcement feature which provides very similar functionality. It does not meet the acceptance criteria above around the gitops friendliness and the managed cluster labeling points. It is more suited to a controller driven approach to selective rollout as opposed to a user driven experience: https://github.com/open-cluster-management-io/enhancements/tree/main/enhancements/sig-policy/28-selective-policy-enforcment
Open questions:
- See the progression of the ocm enhancement and the open questions is lists. https://github.com/open-cluster-management-io/enhancements/pull/99 Be aware when the PR merges there will be a different link to see the enhancement
Done Checklist
- CI - CI is running, tests are automated and merged.
- Release Enablement <link to Feature Enablement Presentation>
- DEV - Upstream code and tests merged: <link to meaningful PR or GitHub
Issue> - DEV - Upstream documentation merged: <link to meaningful PR or GitHub
Issue> - DEV - Downstream build attached to advisory: <link to errata>
- QE - Test plans in Polarion: <link or reference to Polarion>
- QE - Automated tests merged: <link or reference to automated tests>
- DOC - Downstream documentation merged: <link to meaningful PR>
