Uploaded image for project: 'OpenShift GitOps'
  1. OpenShift GitOps
  2. GITOPS-1967

Add argocd appset create Algorithm

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Major Major
    • 1.7.0
    • None
    • ArgoCD
    • None
    • GITOPS Sprint 220

      1. User issues argocd appset create/update/delete(or Web UI equivalent) command from CLI, into an Argo CD server on which they are logged-in. The command converts the command request into GRPC and sends it off to Argo CD API Server.

       

      Argo CD API Server:

       

      1. The API Server receives Create/Update/Delete request via GRPC and verifies that ApplicationSet controller is installed within the namespace (if not, return an error response back to user).
      2. The API Server sends the GRPC request to the ApplicationSet controller via GRPC including authentication information from the user in the request.

       

      ApplicationSet controller:

       

      1. ApplicationSet controller receives Create/Update/Delete GRPC. (These next steps will be a create example, but update and delete are similar.)
      1. Pre-generate check: Application controller will perform various checks before creating ApplicationSet:
        • Ensure user has appropriate RBAC to run the generator:
          • Verify that the user can access the Git repository (for Git generators)
          • Verify that user has cluster access (to see the clusters, for Cluster generator)
          • Verify that the user has permission to create/update/delete (depending on the request type) at least one Application within the RBAC policy. We want to prevent the generators being invoked by users that don't have permissions to create any Applications (since generators or templates might be exploited to DoS the ApplicationSet controller, using a malicious ApplicationSet)
      1. Once the pre-checks have been confirmed, the controller will run the generator, and render the parameters into the template. Upon generating the template, the controller will need to perform some checks before creating the Applications.
      1. Post-generate check: Look at the generated Applications (but don't apply them yet!), and verify that user has the required RBAC permissions to perform the required actions. This is a dynamic (or runtime) check, as it works on the dynamically generated applications; eg. it is not possible to predict the result of these checks without first running the generator, unlike the static checks.
      1. Once all the checks have passed, apply the ApplicationSet and the Applications, to the namespace.

       

      Acceptance Criteria:

      • `argocd appset create` command works successfully
      • ApplicationSet and respective Applications are created successfully

              isequeir@redhat.com Ishita Sequeira
              isequeir@redhat.com Ishita Sequeira
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: