datree icon indicating copy to clipboard operation
datree copied to clipboard
verified publisher icon datreeio

Ensure Argo CD repo-server have enough replicas to handle “spikes”

Open noaabarki opened this issue 3 years ago • 0 comments

Describe the solution you'd like

We want to add a new default rule for the Argo policy; the rule will ensure there are enough repo-server instances in order to handle spikes and avoid downtimes. For instance, the following resource ensure repo-server has 2 replicas:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: argocd-repo-server
  namespace: argocd
  labels:
    app: argocd-repo-server
spec:
  selector:
    matchLabels:
      app: argocd-repo-server

  template:
    replicas: 4

Requirements

  • The rule should be OFF be default.

  • The rule identifier should be ARGO_DEPLOYMENT_INCORRECT_REPO_SERVER_REPLICAS.

  • Rule logic:

    If Kind == Deployment AND metadata.name == "argocd-repo-server"
THEN spec.replicas > 2 AND spec.replicas <= 4

How to create new default rule?

  1. Write the rule logic in JSON schema (but in yaml format). For you convenience you can use our online yaml schema validator tool.
  2. Add the new rule as default rule:
    1. Add new entry in the pkg/defaultRules/defaultRules.yaml.
    2. Increase the minItems++, maxItems++, maximum++ properties of rules in pkg/defaultRules/defaultRulesSchema.json
  3. Hooray! Submit a PR 🙂

Guidelines

  • The issue require Golang basic level and JSON schema familiarity.
  • All default rules are written in JSON schema and located in defaultRules package.
  • The validation itself is happening in the JsonSchemaValidator package function ValidateYamlSchema.The validation process happens in bl/evaluation/evaluator.go -> evaluateRule(..)for every configuration that exists in every file that exists in a given path.
  • Checkout rules CONTAINERS_MISSING_CPU_REQUEST_KEY and ARGO_APP_PROJECT_INCORRECT_NAMESPACE_VALUE as references.

📖 The reason behind the rule

In many cases, the repositories Argo CD watched on don’t contain plain YAML files. Instead, users prefer to use config management tools such as Kustomize, Helm, or Jsonnet. In order for Argo CD to support these tools its repo-server exec/fork the tool and returns the generated manifests. This often requires memory and CPU usage. In order to ensure a fast manifest generation process, it is recommended to increase the number of repo-server replicas. Mono-repos or organizations over hundreds of repos/applications should set it to 4. resource

noaabarki avatar Aug 07 '22 15:08 noaabarki