Add IfNotPresent and Ignore SSA policies#943
Conversation
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
stefanprodan
added
area/docs
stefanprodan
force-pushed
the
ssa-policies
branch
2 times, most recently
from
561c780 to
642cc7c
Compare
hiddeco
left a comment
hiddeco
left a comment
There was a problem hiding this comment.
Awesome to have the annotations documented in one place now 💯 🥇
stefanprodan
force-pushed
the
ssa-policies
branch
from
642cc7c to
f652d7d
Compare
|
You may want to link from https://fluxcd.io/flux/faq/#how-to-patch-coredns-and-other-pre-installed-addons to the new documentation once this is available on the website. |
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
stefanprodan
force-pushed
the
ssa-policies
branch
from
f652d7d to
743cb79
Compare
|
I am struggling to get this to work for a configmap. We are using helm and it includes a configmap to which I have added this annotation. Then my master pod overwrites this configmap. This version also has the annotation. But flux still reconciles the configmap back the helm chart version. Does the annotation need to be in version 0 of this resource or can it be introduced in an upgrade? I hope this is an appropriate place to ask .... |
|
SSA has nothing to do with Helm, these annotations are only for resources managed by Flux Kustomizations https://fluxcd.io/flux/components/kustomize/kustomizations/#controlling-the-apply-behavior-of-resources |
3 participants
This PR extends the apply behaviour with two policies
IfNotPresentandIgnore.Fix: #936
Implementation and tests: fluxcd/pkg#625
Controlling the apply behavior of resources
To change the apply behaviour for specific Kubernetes resources, you can annotate them with:
kustomize.toolkit.fluxcd.io/ssaOverrideOverride-
Merge-
IfNotPresent-
Ignorekustomize.toolkit.fluxcd.io/forceDisabledEnabled-
Disabledkustomize.toolkit.fluxcd.io/pruneEnabledEnabled-
Disabledkustomize.toolkit.fluxcd.io/ssaOverride
The
Overridepolicy instructs the controller to reconcile the Kubernetes resources with the desired state (YAML manifests) defined in the Flux source (Git, OCI, Bucket).Merge
The
Mergepolicy instructs the controller to preserve the fields added by other tools to the Kubernetes resources managed by Flux.The fields defined in the manifests applied by the controller will always be overridden, the
Mergepolicy works only for adding new fields that don’t overlap with the desired state.IfNotPresent
The
IfNotPresentpolicy instructs the controller to only apply the Kubernetes resources if they are not present on the cluster.This policy can be used for Kubernetes Secrets and ValidatingWebhookConfigurations managed by cert-manager, where Flux creates the resources with fields that are later on mutated by other controllers.
Ignore
The
Ignorepolicy instructs the controller to skip applying Kubernetes resources even if they present in a Flux source (Git, OCI, Bucket).