Approvals based on version levels.

keel-hq / keel

Kubernetes Operator to automate Helm, DaemonSet, StatefulSet & Deployment updates

https://keel.sh

Mozilla Public License 2.0

2.45k stars 282 forks source link

Approvals based on version levels. #354

Open jeff-french opened 5 years ago

jeff-french commented 5 years ago

I would like to be able to set approvals and number of approvers required base on the version level being deployed. For example, I'd like to be able to configure approvals to support the following:

PATCH versions are deployed automatically with no approval required
MINOR versions are deployed after a single approval
MAJOR versions are deployed after 3 approvals

rusenask commented 5 years ago

Hi, do you have any suggestions on configuring such behavior? I wonder whether we could still fit this into label/annotation.

jeff-french commented 5 years ago

Yeah, I can see where configuring that many options in labels or annotations might be overly verbose and confusing. Let's start with a simpler version:

PATCH versions are deployed automatically with no approval required
MAJOR and MINOR versions require approval

This could be handled by adding a new label like keel.sh/approval-policy which could take a subset of the values that keel.sh/policy takes. It might look like this:

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: wd-ds
  namespace: default
  labels: 
      name: "wd"
      keel.sh/policy: major          # We want Keel to process major, minor and patch updates
      keel.sh/approval-policy: minor # We require approvals for major and minor updates, but not for patches
      keel.sh/approvals: "1"         # required approvals to update for major and minor versions
  annotations:
      keel.sh/pollSchedule: "@every 1m"
      keel.sh/notify: chan1,chan2  # chat channels to sent notification to
spec:
  ...

What do you think?

mavimo commented 5 years ago

@jeff-french I'm not sure to understand how you can define the three policy used as example in the issue using this approach, maybe we need more specific labels for that?

metadata:
  labels: 
      # ---
      keel.sh/approvals-patch: "0"
      keel.sh/approvals-minor: "1"
      keel.sh/approvals-major: "3"
      # ---
  ...

or duplicate the config for each type:

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: wd-ds
  namespace: default
  labels: 
      name: "wd"
      keel.sh/policy: major
      keel.sh/major/approvals: "3"
      keel.sh/minor/approvals: "1"
      keel.sh/patch/approvals: "0"
      keel.sh/pollSchedule: "@every 1m"
      keel.sh/notify: chan1,chan2  # chat channels to sent notification to
spec:
  ...

jeff-french commented 5 years ago

I like that idea. That way each sem ver level can have a different amount of approvals.

neverexists commented 2 years ago

This could be a very nice feature and it would fit our case perfectly. If approvals are specified per-policy it would be great to have also one for "all" eg:

  keel.sh/policy: major
  keel.sh/all/approvals: "1"

In this way releases following x.y.z patterns would be automatically installed while everything else (x.y.z-rc1 x.y.z-donotinstall etc ) would require an approval.