Merge pull request #647 from fluxcd/allow-drift-diff-only

Allow opt-out of drift correction
fluxcd · Mar 20, 2023 · 6d58896 · 6d58896
2 parents ad9a3f9 + 46add22
commit 6d58896
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 2 deletions.
diff --git a/controllers/helmrelease_controller.go b/controllers/helmrelease_controller.go
@@ -352,8 +352,8 @@ func (r *HelmReleaseReconciler) reconcileRelease(ctx context.Context,
 
 			msg := "no diff in cluster resources compared to release"
 			if drift {
-				hasNewState = true
 				msg = "diff in cluster resources compared to release"
+				hasNewState, _ = features.Enabled(features.CorrectDrift)
 			}
 			if changeSet != nil {
 				msg = fmt.Sprintf("%s:\n\n%s", msg, changeSet.String())

diff --git a/docs/spec/v2beta1/helmreleases.md b/docs/spec/v2beta1/helmreleases.md
@@ -1280,6 +1280,13 @@ compare the manifests from the Helm storage with the current state of the cluste
 If this comparison detects a drift (either due resource being created or modified during the
 dry-run), the controller will perform an upgrade for the release, restoring the desired state.
 
+To help aid transition to this new feature, it is possible to enable drift detection without it
+correcting drift. This can be done by adding `CorrectDrift=false` to the `--feature-gates` flag,
+i.e. `--feature-gates=DetectDrift=true,CorrectDrift=false`. This will allow you to see what drift
+is detected in the controller logs (with `--log-level=debug`), to potentially add the appropriate
+[exclusions annotations or labels](#excluding-resources-from-drift-detection), before enabling the
+feature full.
+
 ### Excluding resources from drift detection
 
 The drift detection feature can be configured to exclude certain resources from the comparison

diff --git a/internal/features/features.go b/internal/features/features.go
@@ -33,6 +33,11 @@ const (
 	// storage object.
 	DetectDrift = "DetectDrift"
 
+	// CorrectDrift configures the correction of cluster state drift compared to
+	// the desired state as described in the manifest of the Helm release. It
+	// is only effective when DetectDrift is enabled.
+	CorrectDrift = "CorrectDrift"
+
 	// AllowDNSLookups allows the controller to perform DNS lookups when rendering Helm
 	// templates. This is disabled by default, as it can be a security risk.
 	//
@@ -48,9 +53,12 @@ var features = map[string]bool{
 	// CacheSecretsAndConfigMaps
 	// opt-in from v0.28
 	CacheSecretsAndConfigMaps: false,
-	// DetectClusterStateDrift
+	// DetectDrift
 	// opt-in from v0.31
 	DetectDrift: false,
+	// CorrectDrift,
+	// opt-out from v0.31.2
+	CorrectDrift: true,
 	// AllowDNSLookups
 	// opt-in from v0.31
 	AllowDNSLookups: false,