Support reconciliation windows

[jgogstad]

Checklist

• [X] I did not find a related open enhancement request.
• [X] I understand that enhancement requests filed in the GitHub repository are by default low priority.
• [X] If this request is time-sensitive, I have submitted a corresponding issue with GCP support.

Describe the feature or resource

This is issue is in the same ballpark as https://github.com/GoogleCloudPlatform/k8s-config-connector/issues/509

As as a user I would like to specify a window for when reconciliations are allowed or disallowed.

Ideally it would be possible to configure a "reconcilitation window" (like ArgoCD's Sync Windows). A sync window allows users to specify a time period for when synchronization is happening.

The use case for this is that the state of a component is not as desired (could be a malfunction, could be bug, could be whatever reason to apply iterative changes to a component managed by CC). It would be useful to pause config connector's reconciliation loop for a given time period for a given resource, manually mutate and iterate the resource in question, and then optionally make a commit with the desired changes.

Crossplane has Pausing Reconciliations, which would be a special case of a more generic sync window.

Additional information

No response

Importance

This is a pain point. The only way to pause config connector is to scale it 0, effectively disabling config connector everywhere.

[diviner524]

@jgogstad Thank you for filing the enhancement!

I took a quick look at the Sync Windows feature, syntactically it looks similar to cron based scheduling. We may need some careful considerations on how to achieve similar goals through a more lightweight approach, as some Config Connector users can have 100K+ resources in one single cluster, and per resource scheduling could easily become expensive.

On a related note, we are very close to releasing a new feature (likely our next release) which will enable users to configure the reconciliation interval per Config Connector resource. It may be able to address some of the asks in this enhancement. Please give it a try when it is available and provide your feedbacks.

[jgogstad]

@diviner524 Thank you for the feedback. I see configuring reconciliation intervals as a special case of reconciliation windows. Argo "projects" maps-ish to kubernetes namespaces, so taking the same approach, reconciliation windows could be applied to a resource itself or a namespace.

Showing some argocd examples below, you could easily map this to a declarative yaml of course

# "default" in these examples refers to the argocd project or equivalently k8s namespace

# allow windows restrict reconciliation to a cron schedule
# In the default namespace, allow reconciliation every 15th minute for all resources
argocd proj windows add default --kind allow --schedule '0/15 * * * *'

# for some resource we want it every half hour
argocd proj windows add default --kind allow --schedule '0/30 * * * *' --applications app1

# deny windows deny reconciliation, it can be applied per namespace or per application/resource 
# example: on march 1st I want to do manually work on a resource under management, deny reconciliation for 5 hours
argocd proj windows add default --kind deny --schedule '0 13 1 3 *' --duration 5h --applications app1

If all we got is a schedule directive for reconciliation, then the best I can do to solve my use case is to ask CC to schedule every midnight, and then remember to revert that to every n-th minute once I'm done. You're right that it solves the use case, but it's not ideal.