pulumi-kubernetes-operator icon indicating copy to clipboard operation
pulumi-kubernetes-operator copied to clipboard
verified publisher icon pulumi

Better Defaults

Open rawkode opened this issue 3 years ago • 5 comments

Hello!

  • Vote on this issue by adding a 👍 reaction
  • If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

As we've seen with #281, there's certain expectations of a GitOps operator for Kubernetes that the Pulumi operator doesn't deliver by default, but can be configured as such.

I'd like to propose that we bring our default behaviour more inline with what people expect.

Proposed changes are:

Expected

  • [ ] continueResyncOnCommitMatch: true
  • [ ] refresh: true
  • [ ] resyncFrequencySeconds: 240

Needs More Discussion

  • [ ] destroyOnFinalize: true

Affected area/feature

Defaults

rawkode avatar Jun 02 '22 10:06 rawkode

Thanks for the suggestions here @rawkode, we will get these added :)

stack72 avatar Jun 04 '22 13:06 stack72

@rawkode Why do you suggest these to be "better defaults"? All of the proposed values seem very specific to your expectation but might not work for others. Resync every 4min, why not 5 or 10? Refresh does not work for all users due to short-lived credentials used in providers and continue resync is something that only makes sense if your pulumi program relies on an external data source that's not tracked in git i.e. a dynamic API call and such. It seems like a documentation issue to me or maybe we can expose overrides on the controller level vs having to configure it per-stack if this is desired. I personally don't think changing the defaults retroactively is a good idea, it's a pretty big behavior change for existing users.

elsesiy avatar Jun 19 '22 21:06 elsesiy

All of the proposed values seem very specific to your expectation but might not work for others

The Kubernetes Operator is here to provide a framework for the GitOps pattern. This brings our operator inline with similar tools, such as FluxCD and ArgoCD.

Resync every 4min, why not 5 or 10?

This is 3m with ArgoCD and 4m with FluxCD

Refresh does not work for all users due to short-lived credentials used in providers and continue resync is something that only makes sense if your pulumi program relies on an external data source that's not tracked in git i.e. a dynamic API call and such.

If you don't enable refresh, there's no drift detection and this is very much counter intuitive to the GitOps philosophy and all other GitOps tools.

It seems like a documentation issue to me or maybe we can expose overrides on the controller level vs having to configure it per-stack if this is desired.

This is a conversation that can be had, but I'd assume people that don't want this behaviour aren't using the operator. If you're using the operator and don't expect this behaviour, it definitely helps to understand and I thank you for raising your concerns.

rawkode avatar Jun 20 '22 10:06 rawkode

👍🏽 This is great!

Also, I needed to add this to my Pulumi.yaml file.

config:
  kubernetes:enableDryRun: "true"

Not sure if this is still needed still.

christianh814 avatar Jun 23 '22 13:06 christianh814

but I'd assume people that don't want this behaviour aren't using the operator. If you're using the operator and don't expect this behaviour, it definitely helps to understand and I thank you for raising your concerns.

Agreed. The whole point of using the operator is to get GitOps functionality. Otherwise I could simply do the traditional "pulumi up"

kostis-codefresh avatar Jun 23 '22 14:06 kostis-codefresh