[Feature] Overlays for manifests / resources

Question

[Feature] Overlays for manifests / resources

SimonBaeumer opened this issue a year ago · 0 comments

Problem
As a user I want to be able to adjust resources installed by an operator with the same flexibility as Helm or manifests provide.
The problem faced is that Operators reconcile user made customizations to deployed resources automatically on the next reconcile.
This mechanism will be used as a break-glass mechanism for support/dev teams.

Before this situation
We relied on a "pause-reconcile" annotation which paused the reconciler. This fix had a big disadvantage that customizations needed to be documented separately because the effective state was not seen from the operator's CR.

Solution
Overlays are applied before resources are applied to the cluster. These overlays are defined as a JSON merge patch and allow fine-grained fixes.

Example

// ## Adding a container to a deployment
overlays:
-  apiVersion: apps/v1
    kind: Deployment
    name: patches
    patches:
      - path: spec.template.spec.containers[-1]
         value: |
            name: nginx
              image: nginx
              ports:
                - containerPort: 8000
                   name: http
                   protocol: TCP

Code: https://github.com/stackrox/stackrox/blob/master/operator/apis/platform/v1alpha1/central_types.go#L60-L62
Lib: https://github.com/stackrox/k8s-overlay-patch
Imported from istio
cc @ludydoo @ncdc