Disable garbage collection for specific resource #2841
Comments
phillebaba
added
blocked-needs-validation
squaremo
removed
the
blocked-needs-validation
|
I can see the use case for this -- well explained. There's an annotation |
|
I had a look at the ingore annotation also but it has the downside that any changes would not be synced. Using the ignore annotation would be a two step process. You would first have to commit your manifests without the annotations, and wait for flux to sync them to the cluster. Then add the annotation and commit once again. That would disable any changes in the future, while I just want to stop the GC from removing the resource, but still allowing it to be updated. Seems like it would be feasible to implement here where the sync checks if dry run is enabled or not, so it would also skip resources with the annotation. What I am not sure about though is that long term effects of this logic. For example if a resource is removed from git, not GCd and then the git is reverted. Would Flux "recover" the resource or would it conflict when trying to create a new resource with the same name. |
Good question! What do you reckon would happen, going through it step by step? (you already found the relevant code :-) ) |
|
I did some quick tests and it turns out that the ignore annotation will not stop the GC from deleting ignored resources. The ignore check will only stop the resource from being staged in the changeSet. But the garbage collector is given the whole SyncSet, and will remove any resource that has a checksum but is not in the SyncSet. Thinking about it a bit more there should not be any issues. Flux would just update the resource if it was added to the cluster again just like it behaves with GC turned off. I will implement the annotation and see how well it works. |
|
Just add the ignore annotation to the resource in the cluster (not to the manifest you delete) |
|
@alexmt I guess this isn't currently supported by the GitOps Engine? |
|
So I tried out what you suggested and the resource is still being deleted. I might be doing something wrong, but looking at the code it seems like the apply and the GC resources are fetched in different manners. I tried implementing my idea with an additional annotation if you want to have a look. |
Well we are both being misdirected, since I just tried it and had the same result. Method:
There's a test that claims to verify that it works: https://github.com/fluxcd/flux/blob/master/pkg/cluster/kubernetes/sync_test.go#L706 So the first thing would be to figure out why that test does not in fact verify the intended behaviour. What do you reckon @phillebaba ? (There is still room for the suggested feature; but, we need to get the house in order!) |
|
I had a quick look at the test and the problem isn't the test, it is actually testing what it claims to be testing. The important part of the test description is "pre-existing", meaning resources not created by flux. If you do the following you would get the same result as the test:
The result will be that flux will never touch the resource, no updates will be applied and neither will it be deleted. The reason is that it is never tracked by flux as being synced so it will no be included in the resources that are garbage collected. If the ignore annotation is removed and then added back flux will modify the resource and track it, allowing the resource to be garbage collected. Either we accept this behavior as expected as it is already tested. Or we change the behavior so that it also applies to ignored resources that have been created by flux. |
|
Looking back at the original garbage collection PR #1442, I see that some idiot (oh it's me) argued for "ignore" meaning "don't garbage collect", then failed to make that actually how it works. I must have a blind spot on this particular thing. OK so there are two things at stake:
@phillebaba I reckon put your work to date in a PR, and we can transfer discussion to there. |
|
Fixed by #2858 |
Describe the feature
Garbage collection works great but there are sometimes scenarios where it could be very inconvenient if a resource was accidentally deleted. This is especially for resources that map to external dependencies such as LBs or other cloud resources create by for example aws-servicebroker. In a perfect world this would not happen but the reality is that mistakes happen. Especially as the amount of manifests grows and large amounts of resources can be removed from being generated by small line changes. So it would be nice to be able to selectively disable garbage collection for certain resources.
What would the new user story look like?
fluxcd.io/garbage-collection=falseorfluxcd.io/gc=falseindicating that the resource should not be garbage collected.--sync-garbage-collectionflagExpected behavior
When the resource is removed from git and is marked as an orphaned resource by flux during the sync process it should be skipped by the garbage collector.
The text was updated successfully, but these errors were encountered: