Uploaded image for project: 'OpenShift GitOps'
  1. OpenShift GitOps
  2. GITOPS-1561

Support Resource Customizations as per Argo CD 2.1

XMLWordPrintable

    • Support Resource Customizations as per Argo CD 2.1
    • False
    • False
    • To Do
    • 0% To Do, 0% In Progress, 100% Done
    • Hide
      In this release, we added a new way to customize resource behavior through the use of additional subkeys. These subkeys are `resourceHealthChecks`, `resourceIgnoreDifferences` and ` resourceActions`. Each of the subkeys maps directly to their own field in the `argocd-cm` so `resourceHealthChecks` will map to `resource.customizations.health`, `resourceIgnoreDifferences` to `resource.customizations.ignoreDifferences`, and `resourceActions` to `resource.customizations.actions`.

      Eventually, the old method of customizing resource behavior through `resourceCustomization` (without subkeys) will be deprecated, so users are encouraged to switch to using subkeys. It is the user's responsibility to not provide conflicting resources if they choose to use both methods of resource customizations.

      Keys for `resourceHealthChecks`, `resourceIgnoreDifferences`, and `resourceActions` are in the form (respectively): `resource.customizations.health.<group_kind>`, `resource.customizations.ignoreDifferences.<group_kind>`, and `resource.customizations.actions.<group_kind>`. The following example defines a custom health check, custom action, and an ignoreDifferences config in the `argocd-cm` ConfigMap. Additionally, `.spec.resourceIgnoreDifferences.all` allows you to apply these specified settings to all resources managed by this Argo CD instance.

      ``` yaml
      apiVersion: argoproj.io/v1alpha1
      kind: ArgoCD
      metadata:
        name: argocd
      spec:
        resourceIgnoreDifferences:
          all:
            jsonPointers:
              - /spec/replicas
            managedFieldsManagers:
              - kube-controller-manager
          resourceIdentifiers:
            - group: admissionregistration.k8s.io
              kind: MutatingWebhookConfiguration
              customization:
                jqPathExpressions:
                  - '.webhooks[]?.clientConfig.caBundle'
            - group: apps
              kind: Deployment
              customization:
                managedFieldsManagers:
                  - kube-controller-manager
                jsonPointers:
                  - /spec/replicas
        resourceHealthChecks:
          - group: certmanager.k8s.io
            kind: Certificate
            check: |
              hs = {}
              if obj.status ~= nil then
                if obj.status.conditions ~= nil then
                  for i, condition in ipairs(obj.status.conditions) do
                    if condition.type == "Ready" and condition.status == "False" then
                      hs.status = "Degraded"
                      hs.message = condition.message
                      return hs
                    end
                    if condition.type == "Ready" and condition.status == "True" then
                      hs.status = "Healthy"
                      hs.message = condition.message
                      return hs
                    end
                  end
                end
              end
              hs.status = "Progressing"
              hs.message = "Waiting for certificate"
              return hs
        resourceActions:
          - group: apps
            kind: Deployment
            action: |
              discovery.lua: |
              actions = {}
              actions["restart"] = {}
              return actions
              definitions:
              - name: restart
                # Lua Script to modify the obj
                action.lua: |
                  local os = require("os")
                  if obj.spec.template.metadata == nil then
                      obj.spec.template.metadata = {}
                  end
                  if obj.spec.template.metadata.annotations == nil then
                      obj.spec.template.metadata.annotations = {}
                  end
                  obj.spec.template.metadata.annotations["kubectl.kubernetes.io/restartedAt"] = os.date("!%Y-%m-%dT%XZ")
                  return obj
      ```
       After applying these changes your `argocd-cm` Configmap should contain the following fields:

      ```
      resource.customizations.ignoreDifferences.all: |
        jsonPointers:
        - /spec/replicas
        managedFieldsManagers:
        - kube-controller-manager

      resource.customizations.ignoreDifferences.admissionregistration.k8s.io_MutatingWebhookConfiguration: |
        jqpathexpressions:
        - '.webhooks[]?.clientConfig.caBundle'

      resource.customizations.ignoreDifferences.apps_deployments: |
        managedFieldsManagers:
        - kube-controller-manager
        jsonPointers:
        - /spec/replicas

      resource.customizations.health.certmanager.k8s.io_Certificate: |
        hs = {}
        if obj.status ~= nil then
          if obj.status.conditions ~= nil then
            for i, condition in ipairs(obj.status.conditions) do
              if condition.type == "Ready" and condition.status == "False" then
                hs.status = "Degraded"
                hs.message = condition.message
                return hs
              end
              if condition.type == "Ready" and condition.status == "True" then
                hs.status = "Healthy"
                hs.message = condition.message
                return hs
              end
            end
          end
        end
        hs.status = "Progressing"
        hs.message = "Waiting for certificate"
        return hs

      resource.customizations.actions.apps_Deployment: |
        discovery.lua: |
        actions = {}
        actions["restart"] = {}
        return actions
        definitions:
        - name: restart
          # Lua Script to modify the obj
          action.lua: |
            local os = require("os")
            if obj.spec.template.metadata == nil then
                obj.spec.template.metadata = {}
            end
            if obj.spec.template.metadata.annotations == nil then
                obj.spec.template.metadata.annotations = {}
            end
            obj.spec.template.metadata.annotations["kubectl.kubernetes.io/restartedAt"] = os.date("!%Y-%m-%dT%XZ")
            return obj
      ```
      Show
      In this release, we added a new way to customize resource behavior through the use of additional subkeys. These subkeys are `resourceHealthChecks`, `resourceIgnoreDifferences` and ` resourceActions`. Each of the subkeys maps directly to their own field in the `argocd-cm` so `resourceHealthChecks` will map to `resource.customizations.health`, `resourceIgnoreDifferences` to `resource.customizations.ignoreDifferences`, and `resourceActions` to `resource.customizations.actions`. Eventually, the old method of customizing resource behavior through `resourceCustomization` (without subkeys) will be deprecated, so users are encouraged to switch to using subkeys. It is the user's responsibility to not provide conflicting resources if they choose to use both methods of resource customizations. Keys for `resourceHealthChecks`, `resourceIgnoreDifferences`, and `resourceActions` are in the form (respectively): `resource.customizations.health.<group_kind>`, `resource.customizations.ignoreDifferences.<group_kind>`, and `resource.customizations.actions.<group_kind>`. The following example defines a custom health check, custom action, and an ignoreDifferences config in the `argocd-cm` ConfigMap. Additionally, `.spec.resourceIgnoreDifferences.all` allows you to apply these specified settings to all resources managed by this Argo CD instance. ``` yaml apiVersion: argoproj.io/v1alpha1 kind: ArgoCD metadata:   name: argocd spec:   resourceIgnoreDifferences:     all:       jsonPointers:         - /spec/replicas       managedFieldsManagers:         - kube-controller-manager     resourceIdentifiers:       - group: admissionregistration.k8s.io         kind: MutatingWebhookConfiguration         customization:           jqPathExpressions:             - '.webhooks[]?.clientConfig.caBundle'       - group: apps         kind: Deployment         customization:           managedFieldsManagers:             - kube-controller-manager           jsonPointers:             - /spec/replicas   resourceHealthChecks:     - group: certmanager.k8s.io       kind: Certificate       check: |         hs = {}         if obj.status ~= nil then           if obj.status.conditions ~= nil then             for i, condition in ipairs(obj.status.conditions) do               if condition.type == "Ready" and condition.status == "False" then                 hs.status = "Degraded"                 hs.message = condition.message                 return hs               end               if condition.type == "Ready" and condition.status == "True" then                 hs.status = "Healthy"                 hs.message = condition.message                 return hs               end             end           end         end         hs.status = "Progressing"         hs.message = "Waiting for certificate"         return hs   resourceActions:     - group: apps       kind: Deployment       action: |         discovery.lua: |         actions = {}         actions["restart"] = {}         return actions         definitions:         - name: restart           # Lua Script to modify the obj           action.lua: |             local os = require("os")             if obj.spec.template.metadata == nil then                 obj.spec.template.metadata = {}             end             if obj.spec.template.metadata.annotations == nil then                 obj.spec.template.metadata.annotations = {}             end             obj.spec.template.metadata.annotations["kubectl.kubernetes.io/restartedAt"] = os.date("!%Y-%m-%dT%XZ")             return obj ```  After applying these changes your `argocd-cm` Configmap should contain the following fields: ``` resource.customizations.ignoreDifferences.all: |   jsonPointers:   - /spec/replicas   managedFieldsManagers:   - kube-controller-manager resource.customizations.ignoreDifferences.admissionregistration.k8s.io_MutatingWebhookConfiguration: |   jqpathexpressions:   - '.webhooks[]?.clientConfig.caBundle' resource.customizations.ignoreDifferences.apps_deployments: |   managedFieldsManagers:   - kube-controller-manager   jsonPointers:   - /spec/replicas resource.customizations.health.certmanager.k8s.io_Certificate: |   hs = {}   if obj.status ~= nil then     if obj.status.conditions ~= nil then       for i, condition in ipairs(obj.status.conditions) do         if condition.type == "Ready" and condition.status == "False" then           hs.status = "Degraded"           hs.message = condition.message           return hs         end         if condition.type == "Ready" and condition.status == "True" then           hs.status = "Healthy"           hs.message = condition.message           return hs         end       end     end   end   hs.status = "Progressing"   hs.message = "Waiting for certificate"   return hs resource.customizations.actions.apps_Deployment: |   discovery.lua: |   actions = {}   actions["restart"] = {}   return actions   definitions:   - name: restart     # Lua Script to modify the obj     action.lua: |       local os = require("os")       if obj.spec.template.metadata == nil then           obj.spec.template.metadata = {}       end       if obj.spec.template.metadata.annotations == nil then           obj.spec.template.metadata.annotations = {}       end       obj.spec.template.metadata.annotations["kubectl.kubernetes.io/restartedAt"] = os.date("!%Y-%m-%dT%XZ")       return obj ```

      As a user of Argo CD Operator, I want to have my configurations in resourceCustomizations mapped to the argocd-cm without having to use the now deprecated resource.customizations key. 

      Context/value

      Users of Argo CD Operator can specify resourceCustomizations to define resource customization in ArgoCD CRD define resource customization.  However, the generated key/value in argocd-cm ConfigMap has been depreciated in Argo CD v2.1.  In v2.1 the ConfigMap should use resource.customizations key, please see this post.

      In the upcoming release, the resource.customizations key has been deprecated in favor of a separate ConfigMap key per resource. This allows to decompose the Argo CD configuration and makes it more convenient to use with config management tools such as Kustomize.

      We should update Argocd Operator to generate the new resource customization key/value in argocd-cm as documented above.  The resourceCustomizations key in ArgoCD CRD should also be changed to accept the new configuration format. The old format is to be depreciated but it should still be supported.

       Upstream issue: https://github.com/redhat-developer/gitops-operator/issues/248

      Acceptance Criteria:

      • Update Argocd Operator to generate the new resource customization key/value in argocd-cm config map. 
      • Update Argocd Operator to accept the new resource customization key/value in the CR.
      • Generate event log to alert users that the configuration is depreciated when the old configuration format is used in the CR.
      • Make sure upgrading argocd operator with existing resource customizations happen seamlessly and without problems
      • Add unit tests and e2e tests
      • Update documentations.

      Notes:

      • The change to the resourceCustomizations attribute needs to follow the GA attribute lifecycle and first get deprecated and then removed >9 months later in an upcoming release
      • these changes should also take into consideration `extraConfigs` in ArgoCD CR.  `extraConfigs` should be able to map to the new key/value pairs for resource.customizations. 

            rescott1 Regina Scott
            aveerama@redhat.com Abhishek Veeramalla
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: