search

pulumi / pulumi-kubernetes-operator

A Kubernetes Operator that automates the deployment of Pulumi Stacks
Apache License 2.0
223 stars 54 forks source link

Better Defaults #283

Open rawkode opened 2 years ago

rawkode commented 2 years ago

Hello!

Issue details

As we've seen with #281, there's certain expectations of a GitOps operator for Kubernetes that the Pulumi operator doesn't deliver by default, but can be configured as such.

I'd like to propose that we bring our default behaviour more inline with what people expect.

Proposed changes are:

Expected

Needs More Discussion

Affected area/feature

Defaults

stack72 commented 2 years ago

Thanks for the suggestions here @rawkode, we will get these added :)

elsesiy commented 2 years ago

@rawkode Why do you suggest these to be "better defaults"? All of the proposed values seem very specific to your expectation but might not work for others. Resync every 4min, why not 5 or 10? Refresh does not work for all users due to short-lived credentials used in providers and continue resync is something that only makes sense if your pulumi program relies on an external data source that's not tracked in git i.e. a dynamic API call and such. It seems like a documentation issue to me or maybe we can expose overrides on the controller level vs having to configure it per-stack if this is desired. I personally don't think changing the defaults retroactively is a good idea, it's a pretty big behavior change for existing users.

rawkode commented 2 years ago

All of the proposed values seem very specific to your expectation but might not work for others

The Kubernetes Operator is here to provide a framework for the GitOps pattern. This brings our operator inline with similar tools, such as FluxCD and ArgoCD.

Resync every 4min, why not 5 or 10?

This is 3m with ArgoCD and 4m with FluxCD

Refresh does not work for all users due to short-lived credentials used in providers and continue resync is something that only makes sense if your pulumi program relies on an external data source that's not tracked in git i.e. a dynamic API call and such.

If you don't enable refresh, there's no drift detection and this is very much counter intuitive to the GitOps philosophy and all other GitOps tools.

It seems like a documentation issue to me or maybe we can expose overrides on the controller level vs having to configure it per-stack if this is desired.

This is a conversation that can be had, but I'd assume people that don't want this behaviour aren't using the operator. If you're using the operator and don't expect this behaviour, it definitely helps to understand and I thank you for raising your concerns.

christianh814 commented 2 years ago

👍🏽 This is great!

Also, I needed to add this to my Pulumi.yaml file.

config:
  kubernetes:enableDryRun: "true"

Not sure if this is still needed still.

kostis-codefresh commented 2 years ago

but I'd assume people that don't want this behaviour aren't using the operator. If you're using the operator and don't expect this behaviour, it definitely helps to understand and I thank you for raising your concerns.

Agreed. The whole point of using the operator is to get GitOps functionality. Otherwise I could simply do the traditional "pulumi up"