Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE] - Drift Detection #131

Merged
merged 12 commits into from
Jun 8, 2022
Merged

[FEATURE] - Drift Detection #131

merged 12 commits into from
Jun 8, 2022

Conversation

gambol99
Copy link
Member

@gambol99 gambol99 commented Jun 8, 2022
edited
Loading

Drift detection when enabled by spec.enableDriftDetection periodicallyruns the terraform plan. It checks for drift from the expected state and if found, changes the status and raises an event against the resource. Effectively this is running another terraform plan and using the result to determine a change.

You can enable drift detection via

---
apiVersion: terraform.appvia.io/v1alpha1
kind: Configuration
metadata:
  name: bucket
spec:
  # ssh git::ssh://git@example.com/foo/bar
  module: https://github.com/terraform-aws-modules/terraform-aws-s3-bucket.git?ref=v3.1.0

  providerRef:
    namespace: terraform-system
    name: aws

  enableDriftDetection: true

The controller has two new settings

  • Drift Interval - which is the minimum amount of time it will wait before kicking a drift check
  • Drift Threshold - which is the max percentage of configuratoins which can be running a drift at once. This ensure you don't overwhelm the cloud provider.

Note a new status field has been added to the resource which provides an overall status to the resources

[jest@starfury terraform-controller]$ k -n apps get configurations.terraform.appvia.io
NAME     MODULE                                                                            SECRET   ESTIMATED     SYNCHRONIZED   AGE
bucket   https://github.com/terraform-aws-modules/terraform-aws-s3-bucket.git?ref=v3.1.0   test     Not Enabled   InSync         3m5s

On detecting a resource has drifted the status will move to OutOfSync and a kubernetes event will be raised.

@gambol99
[FEATURE] - Drift Detection
79a67ea 
Drift detection when enabled by spec.enableDriftDetection periodically
runs the terraform plan. It checks for drift from the expected state and
if found, changes the status and raises an event against the resource.

- Updating the API types to support dirft detection
@gambol99
- adding the drifting controller, the purpose of which is to tag conf…
a010d29 
…igurations to kick off a drift
@gambol99
- updating the filters to take into account additional labels
7094032
@gambol99
- adding some utility methods around maps and additional unit tests f…
82feb02 
…or yaml
@gambol99
- adding a common utility method to detected changes in the terraform…
a2d2595 
… output
@gambol99
- updating the condition logging to only creates a log for success wh…
27ed868 
…en the condition is corev1alphav1.ConditionReady
@gambol99
- updating the configuration controller to handle drift detection
5e31a62
@gambol99
- updated the chart crds
9e12c0a 
- updated the chart deployment and values to include the drift options
@gambol99
- adding the vendored fake client
cd34292
@gambol99
- fixed up the unit tests for the controller
d423897
@gambol99
- fixing up the spelling mistake
f5fe7ef
This was linked to issues Jun 8, 2022
Drift Detection #41
Closed
Overall Status on Kubectl Output #105
Closed
@gambol99 gambol99 merged commit 262e835 into develop Jun 8, 2022
@gambol99 gambol99 deleted the drift_detection branch June 8, 2022 18:07
gambol99 added a commit that referenced this pull request Jun 8, 2022
@gambol99
[FEATURE] - Drift Detection (#131)
2808386 
[FEATURE] - Drift Detection

Drift detection when enabled by spec.enableDriftDetection periodically
runs the terraform plan. It checks for drift from the expected state and
if found, changes the status and raises an event against the resource.

- updated the API types to support dirft detection
- added the drifting controller, the purpose of which is to tag configurations to kick off a drift
- updated the filters to take into account additional labels
- added some utility methods around maps and additional unit tests for yaml
- added a common utility method to detected changes in the terraform output
- updated the condition logging to only creates a log for success when the condition is corev1alphav1.ConditionReady
- updated the configuration controller to handle drift detection
- updated the chart crds
- updated the chart deployment and values to include the drift options
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Overall Status on Kubectl Output Drift Detection
1 participant
@gambol99