Closed juv closed 3 years ago
@juv thanks for creating this issue! I assume the problem is that kiosk currently does not support watch
on spaces and accounts (you can see that via kubectl get spaces --watch
which will produce an error), but ArgoCD requires that to check resource status. As a workaround you can create namespaces that use a label kiosk.sh/account: account-name
for now, but we'll implement the watch endpoint soon which should fix this issue
@juv we just released v0.2.8-beta.0 which adds support for watching spaces and accounts. Would be great if you could verify if your problem is fixed with that version
@FabianKramm thanks for the quick response! I will give an update asap.
Two more questions for general clarification on how to create accounts and spaces in a GitOps fashion:
If I want ArgoCD to create Kiosk accounts, would I rather create a tenancy.kiosk.sh/Account
or config.kiosk.sh/Account
resource?
If tenancy.kiosk.sh
is not persisted in etcd, how will a tenancy.kiosk.sh/Account
or tenancy.kiosk.sh/Space
"survive"/be available after Kiosk pod was rescheduled, crashed, etc.?
@juv for accounts it does not really matter, you can use either tenancy.kiosk.sh/Account
or config.kiosk.sh/Account
as the tenancy one just maps 1:1 to the config one. However, if kiosk for some reason is unavailable, you can still use the config one while you cannot use the tenancy one anymore, so this would be a slight advantage.
The way it works is basically that kiosk rewrites an existing and persisted Namespace or config Account into a Space or tenancy Account. This "conversion" is completely stateless and required information for conversion is stored on the persisted object itself (like the account label on a namespace for example), so it doesn't matter if you have multiple replicas of kiosk running, a pod was restarted or rescheduled. In general, these virtual resources have the advantage that kiosk can inject custom logic like creating resources on space creation or filtering spaces you are not allowed to see in a list operation etc.
@FabianKramm it looks like the version v0.2.8-beta.0
fixes this problem!
Logs and ArgoCD events look good.
@juv great, thanks for your confirmation!
Hello,
I try to create acccounts and spaces in a GitOps way with ArgoCD (version 2.0.0). To me it looks like the
Space
and also implicitly the namespace for thatSpace
is created successfully by ArgoCD:The problem is that ArgoCD can not recognize the live manifest of the
Space
resource and shows that the resource isOutOfSync
and disappears from the ArgoCD web ui occasionally:The same problem occured when I tried to add an Account from resource
tenancy.kiosk.sh/Account
. When using theconfig.kiosk.sh/Account
resource, ArgoCD can sync the resources and ends up inSync ok
state.The documentation outlines that
tenancy.kiosk.sh
is some kind of virtual api extension and is not persisted to etcd.Any idea on how to fix this problem?