-
Notifications
You must be signed in to change notification settings - Fork 56
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Manifests drift detection #94
Comments
Related: #89 |
pst
added a commit
that referenced
this issue
Nov 6, 2021
Currently, the provider relies on the lastAppliedConfig annotation. The read method reads the annotation and stores its value as the manifest in the Terraform state. This means, Terraform only detects drift for Kubernetes resources managed by the Kustomization provider, if there is a diff between what's in the lastAppliedConfig annotation and what's in the Terraform files. Not all `kubectl` commands however update the annotation, e.g. scale doesn't, so such drift is never corrected, even if replicas was specified in the Terraform files. Additionally, there are a number of issues (e.g. #136) that although I have a hard time reproducing them reliably, I strongly suspect to be a result of the current implementation here too. This change, stop relying on the annotation and instead uses similar but reverse patching logic to the diff and upate method to determine which attributes of the configuration in the Terraform files / from YAML are different on the API server. This is then stored in the state. And now drift is determined between the values of all attributes set in TF/YAML and what the API last returned for them.
pst
added a commit
that referenced
this issue
Nov 7, 2021
Currently, the provider relies on the lastAppliedConfig annotation. The read method reads the annotation and stores its value as the manifest in the Terraform state. This means, Terraform only detects drift for Kubernetes resources managed by the Kustomization provider, if there is a diff between what's in the lastAppliedConfig annotation and what's in the Terraform files. Not all `kubectl` commands however update the annotation, e.g. scale doesn't, so such drift is never corrected, even if replicas was specified in the Terraform files. Additionally, there are a number of issues (e.g. #136) that although I have a hard time reproducing them reliably, I strongly suspect to be a result of the current implementation here too. This change, stop relying on the annotation and instead uses similar but reverse patching logic to the diff and upate method to determine which attributes of the configuration in the Terraform files / from YAML are different on the API server. This is then stored in the state. And now drift is determined between the values of all attributes set in TF/YAML and what the API last returned for them.
pst
added a commit
that referenced
this issue
Nov 7, 2021
Currently, the provider relies on the lastAppliedConfig annotation. The read method reads the annotation and stores its value as the manifest in the Terraform state. This means, Terraform only detects drift for Kubernetes resources managed by the Kustomization provider, if there is a diff between what's in the lastAppliedConfig annotation and what's in the Terraform files. Not all `kubectl` commands however update the annotation, e.g. scale doesn't, so such drift is never corrected, even if replicas was specified in the Terraform files. Additionally, there are a number of issues (e.g. #136) that although I have a hard time reproducing them reliably, I strongly suspect to be a result of the current implementation here too. This change, stop relying on the annotation and instead uses similar but reverse patching logic to the diff and upate method to determine which attributes of the configuration in the Terraform files / from YAML are different on the API server. This is then stored in the state. And now drift is determined between the values of all attributes set in TF/YAML and what the API last returned for them.
Is it a sensible approach to change |
Nevermind, the |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It seems that kustomization_resource just uses kubectl.kubernetes.io/last-applied-configuration annotation and didn't check real manifests at all
Probably it documented somewhere but it was a big surprise for me
I updated argocd application via argocd web interface and kustomization_resource says there is no difference
But if I check with
kustomize build | kubectl diff
- I see the difference:The text was updated successfully, but these errors were encountered: