(feat) field exclusion for configuration drift

When creating a Profile/ClusterProfile with syncMode set to
`ContinuosWithDriftDetection`, adds ability to specify a set
of fields, for certain resources, to be ignored when evaluation
configuration drift.

For example, consider a Deployment managed by an autoscaler.
The autoscaler dynamically adjusts replica count based on workload.
In this scenario, it's crucial to distinguish between intentional deployment
changes (e.g., deletion) and expected replica fluctuations.
By ignoring replica count changes, Sveltos can accurately detect meaningful
configuration drifts.

This PR allows user to set new field `DriftExclusions`. This PR also
adds necessary code for addon-controller to transform each DriftExclusion
to a Patch (op always set to remove) and pass it down to drift-detection-manager
as part of ResourceSummary.

Drift-detection-manager will finally consume those Patches before evaluating
configuration drift.

Author: mgianluc

api/v1alpha1/zz_generated.conversion.go

@@ -495,6 +495,16 @@ type PolicyRef struct {
 	DeploymentType DeploymentType `json:"deploymentType,omitempty"`
 }
 
+type DriftExclusion struct {
+	// Paths is a slice of JSON6902 paths to exclude from configuration drift evaluation.
+	// +required
+	Paths []string `json:"paths"`
+
+	// Target points to the resources that the paths refers to.
+	// +optional
+	Target *libsveltosv1beta1.PatchSelector `json:"target,omitempty"`
+}
+
 type Clusters struct {
 	// Hash represents of a unique value for ClusterProfile Spec at
 	// a fixed point in time
@@ -626,6 +636,12 @@ type Spec struct {
 	// +optional
 	Patches []libsveltosv1beta1.Patch `json:"patches,omitempty"`
 
+	// DriftExclusions is a list of configuration drift exclusions to be applied when syncMode is
+	// set to ContinuousWithDriftDetection. Each exclusion specifies JSON6902 paths to ignore
+	// when evaluating drift, optionally targeting specific resources and features.
+	// +optional
+	DriftExclusions []DriftExclusion `json:"driftExclusions,omitempty"`
+
 	// ExtraLabels: These labels will be added by Sveltos to all Kubernetes resources deployed in
 	// a managed cluster based on this ClusterProfile/Profile instance.
 	// **Important:** If a resource deployed by Sveltos already has a label with a key present in

api/v1beta1/spec.go

@@ -1153,6 +1153,65 @@ spec:
                 items:
                   type: string
                 type: array
+              driftExclusions:
+                description: |-
+                  DriftExclusions is a list of configuration drift exclusions to be applied when syncMode is
+                  set to ContinuousWithDriftDetection. Each exclusion specifies JSON6902 paths to ignore
+                  when evaluating drift, optionally targeting specific resources and features.
+                items:
+                  properties:
+                    paths:
+                      description: Paths is a slice of JSON6902 paths to exclude from
+                        configuration drift evaluation.
+                      items:
+                        type: string
+                      type: array
+                    target:
+                      description: Target points to the resources that the paths refers
+                        to.
+                      properties:
+                        annotationSelector:
+                          description: |-
+                            AnnotationSelector is a string that follows the label selection expression
+                            https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+                            It matches with the resource annotations.
+                          type: string
+                        group:
+                          description: |-
+                            Group is the API group to select resources from.
+                            Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources.
+                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+                          type: string
+                        kind:
+                          description: |-
+                            Kind of the API Group to select resources from.
+                            Together with Group and Version it is capable of unambiguously
+                            identifying and/or selecting resources.
+                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+                          type: string
+                        labelSelector:
+                          description: |-
+                            LabelSelector is a string that follows the label selection expression
+                            https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+                            It matches with the resource labels.
+                          type: string
+                        name:
+                          description: Name to match resources with.
+                          type: string
+                        namespace:
+                          description: Namespace to select resources from.
+                          type: string
+                        version:
+                          description: |-
+                            Version of the API Group to select resources from.
+                            Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources.
+                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+                          type: string
+                      type: object
+                  required:
+                  - paths
+                  type: object
+                type: array
               extraAnnotations:
                 additionalProperties:
                   type: string

api/v1beta1/zz_generated.deepcopy.go

@@ -1124,6 +1124,65 @@ spec:
                     items:
                       type: string
                     type: array
+                  driftExclusions:
+                    description: |-
+                      DriftExclusions is a list of configuration drift exclusions to be applied when syncMode is
+                      set to ContinuousWithDriftDetection. Each exclusion specifies JSON6902 paths to ignore
+                      when evaluating drift, optionally targeting specific resources and features.
+                    items:
+                      properties:
+                        paths:
+                          description: Paths is a slice of JSON6902 paths to exclude
+                            from configuration drift evaluation.
+                          items:
+                            type: string
+                          type: array
+                        target:
+                          description: Target points to the resources that the paths
+                            refers to.
+                          properties:
+                            annotationSelector:
+                              description: |-
+                                AnnotationSelector is a string that follows the label selection expression
+                                https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+                                It matches with the resource annotations.
+                              type: string
+                            group:
+                              description: |-
+                                Group is the API group to select resources from.
+                                Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources.
+                                https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+                              type: string
+                            kind:
+                              description: |-
+                                Kind of the API Group to select resources from.
+                                Together with Group and Version it is capable of unambiguously
+                                identifying and/or selecting resources.
+                                https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+                              type: string
+                            labelSelector:
+                              description: |-
+                                LabelSelector is a string that follows the label selection expression
+                                https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+                                It matches with the resource labels.
+                              type: string
+                            name:
+                              description: Name to match resources with.
+                              type: string
+                            namespace:
+                              description: Namespace to select resources from.
+                              type: string
+                            version:
+                              description: |-
+                                Version of the API Group to select resources from.
+                                Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources.
+                                https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+                              type: string
+                          type: object
+                      required:
+                      - paths
+                      type: object
+                    type: array
                   extraAnnotations:
                     additionalProperties:
                       type: string

config/crd/bases/config.projectsveltos.io_clusterprofiles.yaml

@@ -1153,6 +1153,65 @@ spec:
                 items:
                   type: string
                 type: array
+              driftExclusions:
+                description: |-
+                  DriftExclusions is a list of configuration drift exclusions to be applied when syncMode is
+                  set to ContinuousWithDriftDetection. Each exclusion specifies JSON6902 paths to ignore
+                  when evaluating drift, optionally targeting specific resources and features.
+                items:
+                  properties:
+                    paths:
+                      description: Paths is a slice of JSON6902 paths to exclude from
+                        configuration drift evaluation.
+                      items:
+                        type: string
+                      type: array
+                    target:
+                      description: Target points to the resources that the paths refers
+                        to.
+                      properties:
+                        annotationSelector:
+                          description: |-
+                            AnnotationSelector is a string that follows the label selection expression
+                            https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+                            It matches with the resource annotations.
+                          type: string
+                        group:
+                          description: |-
+                            Group is the API group to select resources from.
+                            Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources.
+                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+                          type: string
+                        kind:
+                          description: |-
+                            Kind of the API Group to select resources from.
+                            Together with Group and Version it is capable of unambiguously
+                            identifying and/or selecting resources.
+                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+                          type: string
+                        labelSelector:
+                          description: |-
+                            LabelSelector is a string that follows the label selection expression
+                            https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+                            It matches with the resource labels.
+                          type: string
+                        name:
+                          description: Name to match resources with.
+                          type: string
+                        namespace:
+                          description: Namespace to select resources from.
+                          type: string
+                        version:
+                          description: |-
+                            Version of the API Group to select resources from.
+                            Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources.
+                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+                          type: string
+                      type: object
+                  required:
+                  - paths
+                  type: object
+                type: array
               extraAnnotations:
                 additionalProperties:
                   type: string

config/crd/bases/config.projectsveltos.io_clustersummaries.yaml

@@ -77,6 +77,7 @@ var (
 
 	GetClusterSummary            = getClusterSummary
 	AddLabel                     = addLabel
+	UpdateResource               = updateResource
 	CreateNamespace              = createNamespace
 	GetEntryKey                  = getEntryKey
 	DeployContentOfConfigMap     = deployContentOfConfigMap
@@ -155,6 +156,7 @@ var (
 	GetDriftDetectionManagerLabels                   = getDriftDetectionManagerLabels
 	RemoveDriftDetectionManagerFromManagementCluster = removeDriftDetectionManagerFromManagementCluster
 	GetDriftDetectionNamespaceInMgmtCluster          = getDriftDetectionNamespaceInMgmtCluster
+	TransformDriftExclusionsToPatches                = transformDriftExclusionsToPatches
 
 	GetResourceSummaryNamespace = getResourceSummaryNamespace
 	GetResourceSummaryName      = getResourceSummaryName

config/crd/bases/config.projectsveltos.io_profiles.yaml

@@ -115,8 +115,8 @@ func deployHelmCharts(ctx context.Context, c client.Client,
 		// Since we are updating resources to watch for drift, remove helm section in ResourceSummary to eliminate
 		// un-needed reconciliation (Sveltos is updating those resources so we don't want drift-detection to think
 		// a configuration drift is happening)
-		err = deployResourceSummaryInCluster(ctx, c, clusterNamespace, clusterName, clusterSummary.Name,
-			clusterType, nil, nil, []libsveltosv1beta1.HelmResources{}, logger)
+		err = deployResourceSummaryInCluster(ctx, c, clusterNamespace, clusterName, clusterSummary.Name, clusterType, nil, nil,
+			[]libsveltosv1beta1.HelmResources{}, clusterSummary.Spec.ClusterProfileSpec.DriftExclusions, logger)
 		if err != nil {
 			logger.V(logs.LogInfo).Error(err, "failed to remove ResourceSummary.")
 			return err
@@ -159,7 +159,7 @@ func deployHelmCharts(ctx context.Context, c client.Client,
 	if clusterSummary.Spec.ClusterProfileSpec.SyncMode == configv1beta1.SyncModeContinuousWithDriftDetection {
 		// Deploy resourceSummary
 		err = deployResourceSummaryInCluster(ctx, c, clusterNamespace, clusterName, clusterSummary.Name,
-			clusterType, nil, nil, helmResources, logger)
+			clusterType, nil, nil, helmResources, clusterSummary.Spec.ClusterProfileSpec.DriftExclusions, logger)
 		if err != nil {
 			return err
 		}
@@ -997,11 +997,15 @@ func upgradeRelease(ctx context.Context, clusterSummary *configv1beta1.ClusterSu
 		return err
 	}
 
+	driftExclusionPatches := transformDriftExclusionsToPatches(clusterSummary.Spec.ClusterProfileSpec.DriftExclusions)
+
 	patches, err := initiatePatches(ctx, clusterSummary, requestedChart.ChartName, mgmtResources, logger)
 	if err != nil {
 		return err
 	}
 
+	patches = append(patches, driftExclusionPatches...)
+
 	upgradeClient, err := getHelmUpgradeClient(requestedChart, actionConfig, patches)
 	if err != nil {
 		logger.V(logs.LogInfo).Info(fmt.Sprintf("failed to get helm upgrade client: %v", err))

controllers/export_test.go

@@ -783,7 +783,7 @@ func handleKustomizeResourceSummaryDeployment(ctx context.Context, clusterSummar
 	if clusterSummary.Spec.ClusterProfileSpec.SyncMode == configv1beta1.SyncModeContinuousWithDriftDetection {
 		// deploy ResourceSummary
 		err := deployResourceSummaryWithKustomizeResources(ctx, getManagementClusterClient(),
-			clusterNamespace, clusterName, clusterSummary.Name, clusterType, remoteDeployed, logger)
+			clusterNamespace, clusterName, clusterSummary, clusterType, remoteDeployed, logger)
 		if err != nil {
 			return err
 		}
@@ -793,7 +793,7 @@ func handleKustomizeResourceSummaryDeployment(ctx context.Context, clusterSummar
 }
 
 func deployResourceSummaryWithKustomizeResources(ctx context.Context, c client.Client,
-	clusterNamespace, clusterName, applicant string,
+	clusterNamespace, clusterName string, clusterSummary *configv1beta1.ClusterSummary,
 	clusterType libsveltosv1beta1.ClusterType,
 	deployed []configv1beta1.Resource, logger logr.Logger) error {
 
@@ -809,8 +809,8 @@ func deployResourceSummaryWithKustomizeResources(ctx context.Context, c client.C
 		}
 	}
 
-	return deployResourceSummaryInCluster(ctx, c, clusterNamespace, clusterName, applicant,
-		clusterType, nil, resources, nil, logger)
+	return deployResourceSummaryInCluster(ctx, c, clusterNamespace, clusterName, clusterSummary.Name,
+		clusterType, nil, resources, nil, clusterSummary.Spec.ClusterProfileSpec.DriftExclusions, logger)
 }
 
 // deployEachKustomizeRefs walks KustomizationRefs and deploys resources