feat: Application dependencies #15280
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #15280 +/- ##
==========================================
+ Coverage 49.73% 50.07% +0.34%
==========================================
Files 274 267 -7
Lines 48948 46256 -2692
==========================================
- Hits 24343 23165 -1178
+ Misses 22230 20825 -1405
+ Partials 2375 2266 -109 ☔ View full report in Codecov by Sentry. |
jannfis
force-pushed
the
feat/app-deps
branch
2 times, most recently
from
eba17a8
to
9686dbf
Compare
|
Thanks for working on this! Is there a public test image I can use to try it out? |
I'm afraid there's not, sorry. We usually don't build images for PRs at this stage. But you can easily build your own, by checking out this PR and running |
jannfis
force-pushed
the
feat/app-deps
branch
from
9686dbf
to
7513255
Compare
|
|
||
| ### Configure a wait timeout | ||
|
|
||
| You can configure the maximum time that Argo CD should wait for dependencies to be resolved and the sync to start. The timeout also applies to the wait spent in blocking for empty dependencies. |
There was a problem hiding this comment.
would this change the behavior of argocd app sync (mentioned above)?
There was a problem hiding this comment.
Good question actually, I haven't tested behaviour with the CLI yet. I'll follow up on this.
|
I've tried this and the functionality works great and as advertised, i did however noticed the following: After i switched to the image and CRDs i built from this branch the CPU usage went up quite a bit for the application controller:
There are no errors in the log for the controller or anything else that seems useful. |
|
Thanks, that's some valuable feedback @ellakk! I gotta dig into this, it's probably the dependency graph being build too often. |
|
Thank you for working on this! @jannfis is this supposed to be working with applicationSets? |
|
@jannfis Would this work with apps of application-sets, the gitops-bridge and other end users use this pattern to bootstrap a new cluster with addons/plugins/operators in a specific order. |
|
@ellakk it would be helpful if there is some way to minimally reproduce your issue. Is there a way for you to supply us with an App of Apps or similar which reproduces the issue (suitably redacted if required)? I'm really looking forward to this PR and would love to see this pushed over the finish line! |
Hi, sorry for the late reply. As I wrote in my initial post, I had nothing deployed (and no gitrepos added either). All i did was build the containers from what is currently the HEAD of this branch, applied the CRDs and deployed the containers with the manifests from this branch. The CPU usage for the controller was about 40x of what i normally get from an empty ArgoCD deployment. The CPU usage then went up even further when i added two applications where one depended on the other, but the problem with the CPU was already apparent. I can try to recreate the problem if the developer or other people cant. I no longer have the exact manifests I used but if I have to redeploy this build I will also post the manifests. What i think would be more helpful is if someone who is also interested in this feature built and deployed ArgoCD from the head of this branch and shared their experience. |
Signed-off-by: jannfis <jann@mistrust.net>
Signed-off-by: jannfis <jann@mistrust.net>
Signed-off-by: jannfis <jann@mistrust.net>
Signed-off-by: jannfis <jann@mistrust.net>
Signed-off-by: jannfis <jann@mistrust.net>
|
Sorry for being so late to the recent comments. @riuvshyn I haven't tested it with ApplicationSet, but ff you define one or more dependency selectors in an ApplicationSet's Application template, I do not see a reason why it would not work. @csantanapr The code uses an Application's sync and health state to determine whether to proceed in the dependency chain. So it all depends on that information being exposed by your Application. |
|
Just built and deployed with the latest commit from this branch and the performance issues i had are gone (both on OpenShift and K3S). Thanks a lot for the work you are putting into this @jannfis! |
|
Thank you so much for testing again, @ellakk. Actually, I have not changed anything I thought was performance related, so potentially the iteration of the PR you tested was against a state of the master branch that had this problem. Anyhow, thanks for confirming that you don't see that performance issue anymore. Please let me know if there's something else you notice during testing. |
Signed-off-by: jannfis <jann@mistrust.net>
Signed-off-by: jannfis <jann@mistrust.net>
|
Just wanted to say I’m so excited to see this merged soon. Should reduce my deployment for a new cluster from 10-15 steps to 3 or so! Thanks for all this awesome work @jannfis |
|
I think this is good to go for the first iteration. The only remaining question imho would be: Should this feature be behind a feature-flag or not? |
|
It's certainly non-trivial. But I'd want to play with it, and my default playground is https://cd.apps.argoproj.io/applications so if the feature flag wasn't enabled there, I wouldn't play with it ... |
|
@jsoref Thanks for that thought. But I was wondering, how would you play with that feature on a read-only public instance? |
|
I'd expect to be able to see all the screens and configs w/o making changes--Ideally it's enough to get a sense of the actual layouts and interactions... |
IMO it should not, but that's just me 🙏 |
|
@CodiumAI-Agent /review |
PR Review
Code feedback:
✨ Review tool usage guide:Overview: The tool can be triggered automatically every time a new PR is opened, or can be invoked manually by commenting on any PR.
See the review usage page for a comprehensive guide on using this tool. |
|
Hi all curious if there is a general timeline on this being merged as it looks like its passing all the tests? |
|
This is an absolutely essential feature for my business as well. Without this spinning up new environments with ArgoCD is nearly impossible as it requires knowledge of which apps are dependent on which apps to apply Application(s) in that order and let them sync as you apply them. |
Signed-off-by: jannfis <jann@mistrust.net>
Signed-off-by: jannfis <jann@mistrust.net>
There was a problem hiding this comment.
Added some thoughts.
I'm generally uncomfortable adding another ordering mechanism to Argo CD. I think that we risk moving folks away from "eventual consistency" models of deployment in k8s back to an imperative CI-type model, just built in Argo CD instead of in Jenkins. I think if we push forward with this feature, we should write documentation outlining use cases where this tool makes sense as well as a list of alternatives which could provide a better experience (controllers that enforce ordering, validating webhooks that block deployment until prerequisites are met, readiness checks which prevent apps from spinning up too soon, etc.).
I think we also need to ship the MVP with strong UI/CLI tools to allow users to answer the question "why isn't my app syncing yet?" That probably means the UI needs to display what the app is blocked on. It might even mean building a UI/CLI experience to visualize the DAG or at least list apps that are in the blocking path. Otherwise I think Argo CD support will be filled with questions about apps not syncing, and we won't be in a good position to help the reporters diagnose the issue. At the very least there should be a section in the docs titled "how to find out why my app is blocked."
I worry that the feature will mostly be used for bootstrapping clusters and that the sync-in-order feature will actually not be that useful once the initial setup is in place and might actually be more problematic than helpful. I worry that those bootstrapping use cases represent >50% of use cases. This is part of why I think the docs need to clearly outline valid use cases.
I think the docs also need a section describing the downsides of "intentional drift" and how you lose some of the benefits of GitOps when you use a tool that introduces intentional drift.
tl;dr: I'm alright with the feature as a PoC marked alpha behind a feature flag, if the docs are really really solid and if the UX is good. I still have major concerns about encouraging anti-patterns. But maybe once the feature is available, people can help us understand which use cases make sense and which should be avoided.
docs/user-guide/app_dependencies.md
Outdated
| @@ -0,0 +1,121 @@ | |||
| # Application dependencies | |||
|
|
|||
| Starting from Argo CD v2.9, you can natively model dependencies between Applications. This new mechanism is intended to replace the prior way of modeling dependencies when using the app-of-apps pattern with sync waves on the Application custom resources. | |||
There was a problem hiding this comment.
intended to replace the prior way of modeling dependencies when using the app-of-apps pattern with sync waves
Maybe "as an alternative to"? Neither apps-of-apps nor sync waves are going anywhere, so I think that approach would still be valid.
|
|
||
| Using the new dependency mechanism, users are not bound to the app-of-apps pattern anymore and can define dependencies between applications using application selectors to define a directed, acyclic graph for dependency modeling. This means that an Application which defines one or more dependencies do not only depend on its direct dependencies, but to the dependencies of its dependencies as well. | ||
|
|
||
| Application dependencies support both, manual and automatic sync policies. |
There was a problem hiding this comment.
| Application dependencies support both, manual and automatic sync policies. | |
| Application dependencies support both manual and automatic sync policies. |
| selectors: | ||
| - labelSelector: | ||
| matchLabels: | ||
| name: some-app |
There was a problem hiding this comment.
| name: some-app | |
| name: some-app |
|
|
||
| ## Dependency selectors | ||
|
|
||
| Currently, the available properties to match against are `labels` and the `name` of the Application. Each selector can yield zero or more applications. |
There was a problem hiding this comment.
What is the behavior if my selectors match zero applications? Am I considered blocked because the dependency isn't satisfied, or unblocked because there are no dependencies?
There was a problem hiding this comment.
I see it defaults to "don't block". Should probably mention blockOnEmpty` here and maybe link to that section of the doc.
| name: some-app | ||
| ``` | ||
|
|
||
| The above YAML will have the Application depend on any other Application that matches the given label selector. In this case, any application carrying a label `name` with the value of `some-app`. |
There was a problem hiding this comment.
I think using name for a label example is a bit confusing.
|
|
||
| The above YAML will have the Application depend on the Applications `some-app` and `other-app`. | ||
|
|
||
| The `namePattern` matcher supports shell-style glob matching, so the following example would match all Applications whose name is starting with `stage1-`: |
There was a problem hiding this comment.
Can we specify the glob engine used to evaluate these and link to its docs? We use multiple glob engines for different purposes, so being specific should be quite helpful to the user.
| ```yaml | ||
| spec: | ||
| dependsOn: | ||
| syncDelay: 5 |
There was a problem hiding this comment.
Maybe rename the field syncDelaySeconds?
| ```yaml | ||
| spec: | ||
| dependsOn: | ||
| timeout: 10 |
There was a problem hiding this comment.
Maybe timeoutSeconds?
It looks like you never have head a complex apps with dynamic previews. For now we have a previews via appsets and they includes a DB, redis, etc setup. Setting of different |
I generally agree that eventual consistency should be the default way to go (and I'm sure @vfarcic would approve). I see this PR as a stepping stone to be able to enforce a specific order of deletion, which IMO is something necessary - perhaps we can get some inspiration from crossplane/crossplane#3393. Otherwise I'm 💯 with what you're saying. |
Closes #7437
There's some docs within this PR which describe the functionality and configuration.
Checklist: