tofu-controller icon indicating copy to clipboard operation
tofu-controller copied to clipboard
verified publisher icon flux-iac

Support break-glass scenario that disable reconcile and drift detection

Open bivas opened this issue 3 years ago • 1 comments

In case of break-glass scenario (being required to operate directly on managed resources outside of GitOps flow) we need an option to mark an object as disabled. Disabled object will not be reconciled (even when a change in GitRepository is detected) and will output an error if tfctl reconcile command will attempt to force reconcile it. If a drift detection flow is operations, it will skip checking this object as a drift is created by the scenario itself. This can probably be achieved in

  1. Via annotations: e.g. terraform/disabled: true
  2. Via spec.disabled property

When marking a deployment as disabled, it will be possible to write MutatingWebhooks that will enforce company policies for break glass (e.g. no longer than 72 hours)

bivas avatar Sep 10 '22 17:09 bivas

We have a feature to suspend and resume reconciliation similar to other Flux objects. https://github.com/weaveworks/tf-controller/blob/main/controllers/terraform_controller.go#L137

chanwit avatar Sep 11 '22 05:09 chanwit