Merge pull request #656 from gianlucam76/drift-ignore-paths

(feat) field exclusion for configuration drift

Author: gianlucam76

api/v1alpha1/zz_generated.conversion.go

@@ -495,6 +495,16 @@ type PolicyRef struct {
 	DeploymentType DeploymentType `json:"deploymentType,omitempty"`
 }
 
+type DriftExclusion struct {
+	// Paths is a slice of JSON6902 paths to exclude from configuration drift evaluation.
+	// +required
+	Paths []string `json:"paths"`
+
+	// Target points to the resources that the paths refers to.
+	// +optional
+	Target *libsveltosv1beta1.PatchSelector `json:"target,omitempty"`
+}
+
 type Clusters struct {
 	// Hash represents of a unique value for ClusterProfile Spec at
 	// a fixed point in time
@@ -626,6 +636,12 @@ type Spec struct {
 	// +optional
 	Patches []libsveltosv1beta1.Patch `json:"patches,omitempty"`
 
+	// DriftExclusions is a list of configuration drift exclusions to be applied when syncMode is
+	// set to ContinuousWithDriftDetection. Each exclusion specifies JSON6902 paths to ignore
+	// when evaluating drift, optionally targeting specific resources and features.
+	// +optional
+	DriftExclusions []DriftExclusion `json:"driftExclusions,omitempty"`
+
 	// ExtraLabels: These labels will be added by Sveltos to all Kubernetes resources deployed in
 	// a managed cluster based on this ClusterProfile/Profile instance.
 	// **Important:** If a resource deployed by Sveltos already has a label with a key present in

api/v1beta1/spec.go

@@ -1153,6 +1153,65 @@ spec:
                 items:
                   type: string
                 type: array
+              driftExclusions:
+                description: |-
+                  DriftExclusions is a list of configuration drift exclusions to be applied when syncMode is
+                  set to ContinuousWithDriftDetection. Each exclusion specifies JSON6902 paths to ignore
+                  when evaluating drift, optionally targeting specific resources and features.
+                items:
+                  properties:
+                    paths:
+                      description: Paths is a slice of JSON6902 paths to exclude from
+                        configuration drift evaluation.
+                      items:
+                        type: string
+                      type: array
+                    target:
+                      description: Target points to the resources that the paths refers
+                        to.
+                      properties:
+                        annotationSelector:
+                          description: |-
+                            AnnotationSelector is a string that follows the label selection expression
+                            https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+                            It matches with the resource annotations.
+                          type: string
+                        group:
+                          description: |-
+                            Group is the API group to select resources from.
+                            Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources.
+                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+                          type: string
+                        kind:
+                          description: |-
+                            Kind of the API Group to select resources from.
+                            Together with Group and Version it is capable of unambiguously
+                            identifying and/or selecting resources.
+                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+                          type: string
+                        labelSelector:
+                          description: |-
+                            LabelSelector is a string that follows the label selection expression
+                            https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+                            It matches with the resource labels.
+                          type: string
+                        name:
+                          description: Name to match resources with.
+                          type: string
+                        namespace:
+                          description: Namespace to select resources from.
+                          type: string
+                        version:
+                          description: |-
+                            Version of the API Group to select resources from.
+                            Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources.
+                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+                          type: string
+                      type: object
+                  required:
+                  - paths
+                  type: object
+                type: array
               extraAnnotations:
                 additionalProperties:
                   type: string

api/v1beta1/zz_generated.deepcopy.go

@@ -1124,6 +1124,65 @@ spec:
                     items:
                       type: string
                     type: array
+                  driftExclusions:
+                    description: |-
+                      DriftExclusions is a list of configuration drift exclusions to be applied when syncMode is
+                      set to ContinuousWithDriftDetection. Each exclusion specifies JSON6902 paths to ignore
+                      when evaluating drift, optionally targeting specific resources and features.
+                    items:
+                      properties:
+                        paths:
+                          description: Paths is a slice of JSON6902 paths to exclude
+                            from configuration drift evaluation.
+                          items:
+                            type: string
+                          type: array
+                        target:
+                          description: Target points to the resources that the paths
+                            refers to.
+                          properties:
+                            annotationSelector:
+                              description: |-
+                                AnnotationSelector is a string that follows the label selection expression
+                                https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+                                It matches with the resource annotations.
+                              type: string
+                            group:
+                              description: |-
+                                Group is the API group to select resources from.
+                                Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources.
+                                https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+                              type: string
+                            kind:
+                              description: |-
+                                Kind of the API Group to select resources from.
+                                Together with Group and Version it is capable of unambiguously
+                                identifying and/or selecting resources.
+                                https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+                              type: string
+                            labelSelector:
+                              description: |-
+                                LabelSelector is a string that follows the label selection expression
+                                https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+                                It matches with the resource labels.
+                              type: string
+                            name:
+                              description: Name to match resources with.
+                              type: string
+                            namespace:
+                              description: Namespace to select resources from.
+                              type: string
+                            version:
+                              description: |-
+                                Version of the API Group to select resources from.
+                                Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources.
+                                https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+                              type: string
+                          type: object
+                      required:
+                      - paths
+                      type: object
+                    type: array
                   extraAnnotations:
                     additionalProperties:
                       type: string

config/crd/bases/config.projectsveltos.io_clusterprofiles.yaml

@@ -1153,6 +1153,65 @@ spec:
                 items:
                   type: string
                 type: array
+              driftExclusions:
+                description: |-
+                  DriftExclusions is a list of configuration drift exclusions to be applied when syncMode is
+                  set to ContinuousWithDriftDetection. Each exclusion specifies JSON6902 paths to ignore
+                  when evaluating drift, optionally targeting specific resources and features.
+                items:
+                  properties:
+                    paths:
+                      description: Paths is a slice of JSON6902 paths to exclude from
+                        configuration drift evaluation.
+                      items:
+                        type: string
+                      type: array
+                    target:
+                      description: Target points to the resources that the paths refers
+                        to.
+                      properties:
+                        annotationSelector:
+                          description: |-
+                            AnnotationSelector is a string that follows the label selection expression
+                            https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+                            It matches with the resource annotations.
+                          type: string
+                        group:
+                          description: |-
+                            Group is the API group to select resources from.
+                            Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources.
+                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+                          type: string
+                        kind:
+                          description: |-
+                            Kind of the API Group to select resources from.
+                            Together with Group and Version it is capable of unambiguously
+                            identifying and/or selecting resources.
+                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+                          type: string
+                        labelSelector:
+                          description: |-
+                            LabelSelector is a string that follows the label selection expression
+                            https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+                            It matches with the resource labels.
+                          type: string
+                        name:
+                          description: Name to match resources with.
+                          type: string
+                        namespace:
+                          description: Namespace to select resources from.
+                          type: string
+                        version:
+                          description: |-
+                            Version of the API Group to select resources from.
+                            Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources.
+                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+                          type: string
+                      type: object
+                  required:
+                  - paths
+                  type: object
+                type: array
               extraAnnotations:
                 additionalProperties:
                   type: string

config/crd/bases/config.projectsveltos.io_clustersummaries.yaml

@@ -77,6 +77,7 @@ var (
 
 	GetClusterSummary            = getClusterSummary
 	AddLabel                     = addLabel
+	UpdateResource               = updateResource
 	CreateNamespace              = createNamespace
 	GetEntryKey                  = getEntryKey
 	DeployContentOfConfigMap     = deployContentOfConfigMap
@@ -155,6 +156,7 @@ var (
 	GetDriftDetectionManagerLabels                   = getDriftDetectionManagerLabels
 	RemoveDriftDetectionManagerFromManagementCluster = removeDriftDetectionManagerFromManagementCluster
 	GetDriftDetectionNamespaceInMgmtCluster          = getDriftDetectionNamespaceInMgmtCluster
+	TransformDriftExclusionsToPatches                = transformDriftExclusionsToPatches
 
 	GetResourceSummaryNamespace = getResourceSummaryNamespace
 	GetResourceSummaryName      = getResourceSummaryName

config/crd/bases/config.projectsveltos.io_profiles.yaml

@@ -115,8 +115,8 @@ func deployHelmCharts(ctx context.Context, c client.Client,
 		// Since we are updating resources to watch for drift, remove helm section in ResourceSummary to eliminate
 		// un-needed reconciliation (Sveltos is updating those resources so we don't want drift-detection to think
 		// a configuration drift is happening)
-		err = deployResourceSummaryInCluster(ctx, c, clusterNamespace, clusterName, clusterSummary.Name,
-			clusterType, nil, nil, []libsveltosv1beta1.HelmResources{}, logger)
+		err = deployResourceSummaryInCluster(ctx, c, clusterNamespace, clusterName, clusterSummary.Name, clusterType, nil, nil,
+			[]libsveltosv1beta1.HelmResources{}, clusterSummary.Spec.ClusterProfileSpec.DriftExclusions, logger)
 		if err != nil {
 			logger.V(logs.LogInfo).Error(err, "failed to remove ResourceSummary.")
 			return err
@@ -159,7 +159,7 @@ func deployHelmCharts(ctx context.Context, c client.Client,
 	if clusterSummary.Spec.ClusterProfileSpec.SyncMode == configv1beta1.SyncModeContinuousWithDriftDetection {
 		// Deploy resourceSummary
 		err = deployResourceSummaryInCluster(ctx, c, clusterNamespace, clusterName, clusterSummary.Name,
-			clusterType, nil, nil, helmResources, logger)
+			clusterType, nil, nil, helmResources, clusterSummary.Spec.ClusterProfileSpec.DriftExclusions, logger)
 		if err != nil {
 			return err
 		}
@@ -997,11 +997,15 @@ func upgradeRelease(ctx context.Context, clusterSummary *configv1beta1.ClusterSu
 		return err
 	}
 
+	driftExclusionPatches := transformDriftExclusionsToPatches(clusterSummary.Spec.ClusterProfileSpec.DriftExclusions)
+
 	patches, err := initiatePatches(ctx, clusterSummary, requestedChart.ChartName, mgmtResources, logger)
 	if err != nil {
 		return err
 	}
 
+	patches = append(patches, driftExclusionPatches...)
+
 	upgradeClient, err := getHelmUpgradeClient(requestedChart, actionConfig, patches)
 	if err != nil {
 		logger.V(logs.LogInfo).Info(fmt.Sprintf("failed to get helm upgrade client: %v", err))

controllers/export_test.go

@@ -783,7 +783,7 @@ func handleKustomizeResourceSummaryDeployment(ctx context.Context, clusterSummar
 	if clusterSummary.Spec.ClusterProfileSpec.SyncMode == configv1beta1.SyncModeContinuousWithDriftDetection {
 		// deploy ResourceSummary
 		err := deployResourceSummaryWithKustomizeResources(ctx, getManagementClusterClient(),
-			clusterNamespace, clusterName, clusterSummary.Name, clusterType, remoteDeployed, logger)
+			clusterNamespace, clusterName, clusterSummary, clusterType, remoteDeployed, logger)
 		if err != nil {
 			return err
 		}
@@ -793,7 +793,7 @@ func handleKustomizeResourceSummaryDeployment(ctx context.Context, clusterSummar
 }
 
 func deployResourceSummaryWithKustomizeResources(ctx context.Context, c client.Client,
-	clusterNamespace, clusterName, applicant string,
+	clusterNamespace, clusterName string, clusterSummary *configv1beta1.ClusterSummary,
 	clusterType libsveltosv1beta1.ClusterType,
 	deployed []configv1beta1.Resource, logger logr.Logger) error {
 
@@ -809,8 +809,8 @@ func deployResourceSummaryWithKustomizeResources(ctx context.Context, c client.C
 		}
 	}
 
-	return deployResourceSummaryInCluster(ctx, c, clusterNamespace, clusterName, applicant,
-		clusterType, nil, resources, nil, logger)
+	return deployResourceSummaryInCluster(ctx, c, clusterNamespace, clusterName, clusterSummary.Name,
+		clusterType, nil, resources, nil, clusterSummary.Spec.ClusterProfileSpec.DriftExclusions, logger)
 }
 
 // deployEachKustomizeRefs walks KustomizationRefs and deploys resources