RC2 draft 🎈 #22
RC2 draft 🎈 #22
Conversation
todaywasawesome
requested review from
chrispat,
scottrigby,
murillodigital and
jlbutler
todaywasawesome
force-pushed
the
rc2-draft
branch
from
69f7b30 to
162d720
Compare
|
Not now in this RC2 draft, but eventually, I would like us — this GitOps Working Group for CNCF: Application Delivery TAG — to start focusing more on Continuous Operations (CO) when our time permits. I just alluded to CO at #8 (comment). |
GLOSSARY.md
Outdated
| - ## Reconciliation | ||
|
|
||
| The process of ensuring the actual state of a system matches its [desired state](#desired-state) declarations. | ||
| Contrary to "CIops", any divergence between the two will trigger reconciliation, regardless of where changes occurred. |
There was a problem hiding this comment.
Practical systems needn't use triggers in this way -- it's an implementation detail. It is enough to say that reconciliation works continually to make progress towards the desired state.
There was a problem hiding this comment.
@squaremo this note is here to make clear that doing CD tasks from CI systems in itself is not GitOps, because it is event-based only, not continuous. I think you're right that saying software agents work on this "continuously" implies that, but since Continuous Integration is so widely known compared to GitOps CD, I think the word "continuous" in itself needs some further clarification like this to drive home the distinction. WDYT? Is that already very clear without an additional sentence like this? Or do you think this sentence could be adjusted to make that point in a different and better way?
There was a problem hiding this comment.
| Contrary to "CIops", any divergence between the two will trigger reconciliation, regardless of where changes occurred. | |
| GitOps reconciliation works continually to make progress towards the desired state. GitOps CD & CO differ from event-based operations driven by CI. |
There was a problem hiding this comment.
this note is here to make clear that doing CD tasks from CI systems in itself is not GitOps, because it is event-based only, not continuous.
I like @lloydchang 's suggested phrasing. I would elaborate on it a little, by saying that the reasons typical uses of CI fall short of gitops are:
- action is only taken when a change is made to the source, so it's not continually trying to make progress;
- events can be processed out of order; e.g., a pipeline fails, then is run again later and succeeds
There was a problem hiding this comment.
I am not sure progress is the right word here - It will most commonly be associated with progressive delivery which is outside the scope of GitOps either via each progression being a new declaration or through the abstraction of the delivery to another controller - A gitops controller shouldn't be progressively incrementing for example replicas and leaving "attempted" state in between desired and actual.
There was a problem hiding this comment.
Closing this conversation as it's now out of date with the PR.
There was a problem hiding this comment.
Reopening conversation so that if desired this can be moved to an issue for feedback between RC 2 and planned v1.0.0. Good points are made here.
PRINCIPLES.md
Outdated
| This state store should provide access control and auditing on the changes to the Desired State. | ||
| Git is the canonical example used as this State Store, and where GitOps derived its name, but but any other system that meets this criteria may be used. | ||
| In all cases these must be properly configured, and special precautions must be taken to comply with requirements set out in the GitOps Principles. | ||
| Software agents [continuously](./GLOSSARY.md#continuous) observe actual system state and [attempt to apply](./GLOSSARY.md#reconciliation) the desired state. |
There was a problem hiding this comment.
It's not really a case of applying the desired state. Typically, the desired state is abstract (e.g., a Kubernetes Deployment) and the observed state is concrete (these pods are running). Reconciliation takes actions to move the concrete state so that it fulfils the abstract model.
You might ask "but isn't that something Kubernetes does, rather than the GitOps system?" Kubernetes is part of the GitOps system -- you need something (e.g., Flux) to convey the abstract, desired state to Kubernetes, and Kubernetes to interpret it into a running system. Without Kubernetes doing its job, you're just pasting files into a database; and without e.g., Flux doing its job, you don't get the benefit of working via Git.
There was a problem hiding this comment.
@squaremo I think we've closed changes to the principles themselves in #21 unless it's a major issue.
For this particular case, we used the language "attempt to apply" because it's both broader and doesn't require success. For example, if the desired state requires more nodes than the physical system has available then an attempt to apply could simply mean the software agent makes the request of Kubernetes but could include emailing and alerting an admin that they're out of nodes.
Of course, if we weren't using Kubernetes, then attempt to apply could mean a whole different set of procedures in order to attempt to apply the desired state.
There was a problem hiding this comment.
@squaremo I think we've closed changes to the principles themselves in #21 unless it's a major issue.
@todaywasawesome quick note on this, I don't believe we agreed to close changes to the principles. But instead agreed to a RC/feedback approach, to give folks a chance to give feedback on RC 1, leading up to the planned RC 2 this Friday, and planned full release by Oct 11. Right?
@squaremo do you have a concrete suggestion for another non-kubernetes-specific way to phrase this other than attempting to "apply" the desired state to the actual state?
There was a problem hiding this comment.
do you have a concrete suggestion for another non-kubernetes-specific way to phrase this other than attempting to "apply" the desired state to the actual state?
"Taking action to make progress towards the desired state"
There was a problem hiding this comment.
OK, for now changing "attempt to apply" to "attempt to reach the desired state" (simpler wording. Alternatively "attempt to make progress toward the desired state" is longer but also fine). Doing this now so that we can stay on target for publishing RC 2 today.
Because this is important, @todaywasawesome will open a discussion just on this point today, CC @squaremo, and link to this comment thread for context #22 (comment).
I believe the full "Taking action to make progress towards the desired state" is relevant to the possible 5th principle that was temporarily excluded from the RC:
- Operated in a closed loop
Software agents observe desired state and meta-state to take actions based on policy when the desired state cannot be reached. This may include things like notifications, rollbacks, etc.
We did not include this because it's not clear whether a closed (feedback) loop is required for GitOps. If not, it should not be a foundational principle. If so, it should. If we're on the fence about that as a group, this could all perhaps be addressed in the glossary.
So let's follow-up in that forthcoming discussion? If we can resolve that question in time, it could make it into the first full release (v1.0.0) scheduled to be ready by KubeCon NA. If not, it could be added to future releases.
… something we may add back later as we add things. Signed-off-by: Dan Garfield <[email protected]>
…tra components under software system. Signed-off-by: Dan Garfield <[email protected]>
scottrigby
force-pushed
the
rc2-draft
branch
from
42f02d6 to
10b34aa
Compare
|
To everyone who may have checked out this PR locally. I have rebased this PR branch onto I did this because this PR branch was out of date, so the file diff contained changes that are already in RC 1 and Thanks everyone for the feedback so far. Please keep it coming, our goal is to release RC 2 this Friday Oct 1st, so we are looking for feedback ideally with concrete suggestions. |
|
re: #22 (comment) from @scottrigby I just realized that I'm unable to comment via the link above, because it's from an "Outdated" commit. I don't know if "Outdated" is an unintended side effect of the force push. Within this PR's files, the only file that I can in-line comment on is I want to support @squaremo's explanation, and suggest using the phrase |
GLOSSARY.md
Outdated
| - ## Reconciliation | ||
|
|
||
| The process of ensuring the actual state of a system matches its [desired state](#desired-state) declarations. | ||
| Contrary to "CIops", any divergence between the two will trigger reconciliation, regardless of where changes occurred. |
There was a problem hiding this comment.
| Contrary to "CIops", any divergence between the two will trigger reconciliation, regardless of where changes occurred. | |
| GitOps reconciliation works continually to make progress towards the desired state. GitOps CD & CO differ from event-based operations driven by CI. |
todaywasawesome
force-pushed
the
rc2-draft
branch
from
0a65a70 to
9fd5740
Compare
|
just a note for future reference: re: Examples in which Git is the interface to operations:
I feel the real power of GitOps happens with CO 24/7/365 round-the-clock, converging declared state with actual state, and beyond. |
scottrigby
force-pushed
the
rc2-draft
branch
2 times, most recently
from
ebdc34b to
4b28997
Compare
3 small typos were fixed in the document. Co-authored-by: Lloyd Chang <[email protected]> Co-authored-by: Cansu Kavılı Örnek <[email protected]> Signed-off-by: Piotr <[email protected]>
Signed-off-by: Dan Garfield <[email protected]>
Co-authored-by: Brian Fox <[email protected]> Signed-off-by: Dan Garfield <[email protected]>
Co-authored-by: Brian Fox <[email protected]> Signed-off-by: Scott Rigby <[email protected]>
Co-authored-by: Lloyd Chang <[email protected]> Co-authored-by: Michael Bridgen <[email protected]> Co-authored-by: Dan Garfield <[email protected]> Signed-off-by: Scott Rigby <[email protected]>
Good note Michael, important to be precise here. Co-authored-by: Michael Bridgen <[email protected]> Co-authored-by: Dan Garfield <[email protected]> Co-authored-by: Lloyd Chang <[email protected]> Signed-off-by: Scott Rigby <[email protected]>
|
Thanks everyone for feedback on RC 1 and discussion on this PR for RC 2. After merge, we will create an RC 2 release branch and tag the release. RC 2 is the last planned release candidate before the v1.0.0 milestone, scheduled to release before Kubecon NA, 2021. Any open discussions from feedback will be moved to issues and attached to the appropriate milestone. These may be addressed either before the v1.0.0 milestone or after depending on how motivated its proponents are, and how consensus from the GitOps Working Group unfolds. |
|
RC 2 tag created for another round of feedback! 🚀 🔍 https://github.com/open-gitops/documents/releases/tag/v1.0.0-rc.2 REMINDER: RC 2 is the last planned release candidate before the v1.0.0 milestone, scheduled to release by Kubecon NA, 2021. So we have 10 days now before the initial full release 🙌 Let's:
|
To-do
Details
For RC2 we focused on the glossary. This is actually a fairly large change to the glossary. Included in these changes are
Two of the larger items were to remove "Break glass" and its definition.
And the removal of these lines from the Software System:
In the case of break glass, this is a term that was in a previous version of the principles. The discussion of when it's ok to break glass is a large one and something that is likely better addressed in a whitepaper or a blog post. It's such an important topic that having it backended into the glossary felt like too big of an item and viewpoint to be added there.
For the software system, these lines imply that a software system includes the repo where artifacts or configurations are stored. It almost implies that if you're using Github you would need to ensure Github was operating with GitOps principles because the implication is that your repos are part of your software system. Because of this, we felt it was better to remove them.