If you know a short way

Question

If you know a short way

estahn opened this issue 3 years ago · comments

@yogeshkk We're using a combination of ArgoCD and kube-janitor to achieve this.

The ArgoCD application resource gets a timestamp through CI/CD:

---
apiVersion: argoproj.io/v1alpha1
metadata:
  name: 'foobar-{{ getenv "GIT_BRANCH" | strings.Slug }}'
  annotations:
    janitor/expires: '{{ ((time.Now).Add (time.Hour 24)).UTC.Format "2006-01-02" }}T12:00:00Z'
  finalizers:
    - resources-finalizer.argocd.argoproj.io
spec:

Janitor will then clean up resources after 24h.

Yogesh Kunjir · Answer 1 · Wed Aug 04 2021 12:42:33 GMT+0800 (China Standard Time)

Hello @estahn

Thanks for letting know. I am using Argocd heavily. Just come to know about kube-janitor nice project indeed.

One question though how you assign TTL? For us when we deploy we assume it will remain in cluster forever as there is no reason for it not be. Required removal only if request to from developer or stakeholder.

No doubt if you know how long a object will be in cluster your solution is perfect but if you don't know that or there are other cases where this project make some sense which I have highlighted under "Why you need this?" in Readme. (example you just inherited a cluster)

P.S. It also won't work if you deploy using kustomize's configMapGenerator secretGenerator. where old CM or secret is obsolete after new deployment.

Enrico Stahn · Answer 2 · Wed Aug 04 2021 13:07:45 GMT+0800 (China Standard Time)

We created something internally called "branch deployments". If a developer creates a branch, we will deploy an application with the code of that branch (all CI/CD). The TTL is always 24h from the point of deployment. If a change it committed to the branch, it's deployed again and the clock starts from the beginning.

re configMapGenerator, this is managed by ArgoCDs purge feature. We use ArgoCD with helm, kustomize and custom plugins.

Yogesh Kunjir · Answer 3 · Wed Aug 04 2021 13:58:21 GMT+0800 (China Standard Time)

I have heard about such strategy earlier. look like you have good developer who can understand and work with it ;-)

Also this will be for Development env and only for micro-services which you deploy. What about other apps and ton of k8s-addon? We have few environment where we don't have single MS just application such as kafka, supeset, nifi, dotcms and list goes on.. Where application come and go for POC or better alternative.

In short you have a unique env where this combination suit you and I don't disagree. This utility is more general purpose where I try to find out if resources is used or not based on some fixed assumption.

Yes we are using Argo to purge kustomize object ;-) but not everyone using ArgoCD (even we had kustamize apply in older CICD).

Enrico Stahn · Answer 4 · Wed Aug 04 2021 14:05:23 GMT+0800 (China Standard Time)

Just to be clear, I'm not advocating against the tool you have created. I thought it was interesting and you mentioned you wanted to hear about other ideas.

As for POCs, we have a playground namespace for people to do their evaluations and whatnot. That is being cleared out on a regular basis. But really almost everyone is using ArgoCD through CI/CD including for POCs. GitOps all the things :) ... We've built up governance around this by providing tools and locking down the cluster etc. Tools such as Open Policy Agent bring this even further.

Feel free to close this issue any time :)

Yogesh Kunjir · Answer 5 · Wed Aug 04 2021 14:18:41 GMT+0800 (China Standard Time)

@estahn Yes I understand that. I am happy that you mention this tool which I never know and indeed it is interesting.

I am just making out differences so if some have such requirement they can opt for it. I have no issue whatsoever (more the merrier)

I could have discard it earlier but frankly but I am having a good discussion after a while which I like. If you want we can take to other platform which are not public.