-
Notifications
You must be signed in to change notification settings - Fork 14
[Feature] Diff & Pre Flight Checks
The pre-flight feature will enable users to asses the impact of applying a profile to an existing cluster. This is most useful for objects such as RBAC, Network Polices, PSPs.
Just like Notifications, pre-flight is designed to help user get stared in their journey to declarative management and using Git as the source of truth. Pre-flight is useful for two main reasons,
- It can display the impact of a change.
- Users who are new to gitOps can understand "what" will change, discuss this in their organization and then implement a change.
Pre-Flight: Many users that have existing clusters need to understand the potential impact of applying a profile/bundle to an their clusters. This can be achieved by comparing the current state of the cluster to the future state stored in Git.
The pre-flight check is similar to the existing Impact Analysis in Platform9, today, where the current state of a cluster is compared to the a Profile stored in the SaaS Management Plane. The Impact analysis collects all RBAC policies that match the RBAC policies in the profile and then compares them to expose the impact of what will change when the Profile is applied to the cluster, the Diff between the Profile and the Cluster is granular down to the verb level.
The Arlon Pre-flight Check will be a text based diff that works similar to kubediff.
Users should be able to select a cluster, select a bundle or profile and then run the pre-flight check. This process will collect all the related objects from the cluster, and then compare them to the bundle or profile, creating a text diff between all objects on an object by object basis.
The Diff MVP could leverage the existing ArgoCD Diff engine that https://github.com/argoproj/gitops-engine/blob/master/pkg/diff/diff.go, however, the ArgoCD DIff relies on the object being under management already (Its comparing an ArgoCD App to the source in Git),
The Argo integrated Diff compares apps, https://argo-cd.readthedocs.io/en/stable/user-guide/commands/argocd_app_diff/
As the cluster may not be running an existing ArgoCD App the Diff will need to work outside of the argocd platform.
Diff is a feature that works once a Profile is applied to a cluster and enhances ArgoCDs built-in Diff capabilities in one significant way; it allows a diff to be executed between any objects. Not just the App and it's Source.
For example, a users could ask "how is Redis on Cluster A different from Cluster C" OR "how is Kafka on Cluster B different to the bundle thats being using on Cluster D"
By expanding diff to work outside of the App to Source relationship users are better positioned to understand disparate environments at scale.