Conversation
Ensure the 'openstack' namespace is created after the 'openstack-operators' namespace by setting its sync-wave to -29 (vs -30 for all other namespaces). This provides more fine-grained ordering in ArgoCD synchronization, ensuring proper namespace dependencies are respected during deployment.
Set MetalLB sync-wave to '1' to ensure it is deployed after NMState (which uses the default sync-wave '0'). This provides proper ordering for the network infrastructure components during ArgoCD synchronization. Deployment order: - Wave 0: NMState, OpenStack operator - Wave 1: MetalLB, NodeNetworkConfigurationPolicy, VaultConnection
Add permissions for the project.openshift.io API group to allow ArgoCD to manage OpenShift Projects. This fixes DeletionError when removing applications that manage namespaces/projects. This allows the ArgoCD application controller service account to create, update, and delete OpenShift Projects, which is necessary for full lifecycle management of applications via GitOps.
This commit reorganizes the ArgoCD sync-wave annotations to ensure proper resource ordering that aligns with the official RHOSO deployment removal process documented at: https://docs.redhat.com/en/documentation/red_hat_openstack_services_on_openshift/18.0/html/maintaining_the_red_hat_openstack_services_on_openshift_deployment/assembly_removing-rhoso-deployment-from-rhocp-environment Key changes: - Isolate openstack-operators namespace at wave -31 (created first, deleted last) - Add sync-wave annotations for DataPlane resources: * OpenStackDataPlaneNodeSet: wave 15 * OpenStackDataPlaneDeployment: wave 20 (deleted first) - Set NMState to wave 0 (before MetalLB at wave 1) to respect dependencies - Reorganize patches in sync-wave order for better readability The ordering now ensures: 1. DataPlane resources are removed first (highest waves) 2. ControlPlane follows (wave 10) 3. Vault/secrets cleanup (waves 1-3) 4. openstack namespace removal (wave -29) 5. Infrastructure operators (MetalLB, NMState) removal (waves 0-1) 6. Operator subscriptions removal (wave -10) 7. OperatorGroups removal (wave -20) 8. General namespaces removal (wave -30) 9. openstack-operators namespace removal last (wave -31) This guarantees a clean removal process following RHOSO documentation, preventing resource conflicts and ensuring proper cleanup order when using ArgoCD's automated sync-wave deletion.
Extend the gitops-openstack ClusterRole to support ArgoCD-driven cleanup operations that align with the RHOSO removal process. Added permissions for: - PersistentVolumeClaims: Required for cleaning up storage resources - Pods: Required for listing and monitoring pod cleanup in namespaces - VaultConnection and VaultAuth: Required for managing Vault resources (in addition to existing VaultStaticSecret permissions) These permissions enable ArgoCD to properly handle cascade deletion of applications with sync-wave ordering, ensuring resources are removed in the correct sequence as defined by the sync-wave annotations. Note: OpenStackDataPlaneServices permissions were already present.
Set the OpenStack operator initialization (kind: OpenStack) to sync-wave -5 to ensure proper deletion order. Current issue: - OpenStack operator init was at wave 0 (default) - Infrastructure (MetalLB, etc.) at wave 1 - This caused operator init to be deleted AFTER infrastructure Correct deletion order (highest to lowest): - DataPlane/ControlPlane resources (waves 20-10) - Infrastructure components (waves 5-1) - NMState (wave 0) - OpenStack operator init (wave -5) ← Fixed position - Subscriptions (wave -10) - OperatorGroups/Namespaces (waves -20 to -31) This aligns with the RHOSO removal documentation where the operator is deleted after infrastructure but before operator subscriptions.
cjeanner
requested review from
abays,
aharivel,
holser,
odyssey4me and
pinikomarov
cjeanner
force-pushed
the
fix-namespace-sync-waves
branch
from
1e12de6 to
af418f1
Compare
Contributor
|
/LGTM |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.