feat: add ability to entirely opt-out of argo cd and rollouts integrations

[krancour]

Fixes #1379

Highlights:

• Allows Argo CD integration to be explicitly disabled for the controller. In which case:
  • Application reconciler does not start
  • Argo CD-based promotion mechanisms will error
  • Argo CD Application state cannot be factored into Stage health
• Allows Argo Rollouts integration to be explicitly disabled for the controller. In which case:
  • AnalysisRun reconciler does not start
  • Verifications will fail with an error since they're defined using AnalysisTemplates and executed as AnalysisRuns
  • VerificationInfo has been expanded with new fields for better surfacing such errors
• Allows Argo Rollouts integration to be explicitly disable for the API server, in which case:
  • API server cannot apply manifests for AnalysisTemplate resources

WIP because I am still addressing some of @jessesuen feedback.

[netlify]

✅ Deploy Preview for docs-kargo-akuity-io ready!

Name	Link
🔨 Latest commit	12bfb28
🔍 Latest deploy log	https://app.netlify.com/sites/docs-kargo-akuity-io/deploys/659f314d61a8990008adb6d0
😎 Deploy Preview	https://deploy-preview-1382.kargo.akuity.io
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[codecov]

Codecov Report

Attention: 29 lines in your changes are missing coverage. Please review.

Comparison is base (8b5a91f) 45.31% compared to head (12bfb28) 45.52%.

Files	Patch %	Lines
internal/controller/stages/stages.go	69.56%	7 Missing ⚠️
api/v1alpha1/stage_types.go	0.00%	6 Missing ⚠️
api/v1alpha1/zz_generated.deepcopy.go	0.00%	6 Missing ⚠️
internal/controller/promotions/promotions.go	16.66%	5 Missing ⚠️
internal/credentials/credentials.go	50.00%	3 Missing ⚠️
internal/controller/applications/applications.go	0.00%	1 Missing ⚠️
internal/controller/promotion/argocd.go	93.75%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1382      +/-   ##
==========================================
+ Coverage   45.31%   45.52%   +0.21%     
==========================================
  Files         136      136              
  Lines       11761    11823      +62     
==========================================
+ Hits         5329     5382      +53     
- Misses       6240     6250      +10     
+ Partials      192      191       -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[jessesuen]

Instead of (or in addition to) the ROLLOUTS_INTEGRATION_ENABLED variable to indicate if integration should explicitly be enabled, could we make this inferred by ability to list analysisruns/analysistemplates CRs (even if none are found) during startup?

The reason I think this is desired is because coordinating ROLLOUTS_INTEGRATION_ENABLED across many shards will be hard to maintain and it would be better to infer this with less required upfront configuration.

I'm okay with having the option of ROLLOUTS_INTEGRATION_ENABLED be explicit (to allow things to break when things aren't expected), but in the case where it is omitted, I feel we can rely on inference for a better UX.

[jessesuen]

This is an example of how we avoid a configuration knob for Istio in Argo Rollouts by trying to detect if an Istio VirtualService is even present. If not, we don't attempt to start the informer.

https://github.com/argoproj/argo-rollouts/blob/master/utils/istio/istio.go#L16-L22

func DoesIstioExist(dynamicClient dynamic.Interface, namespace string) bool {
	_, err := dynamicClient.Resource(GetIstioVirtualServiceGVR()).Namespace(namespace).List(context.TODO(), metav1.ListOptions{Limit: 1})
	if err != nil {
		return false
	}
	return true
}

[krancour]

These are the main changes to the resources types.

It's always been possible that something could go wrong with a verification other than an AnalysisRun failing or erroring, so really, this is the way things should have been done from the start. Added Phase and Message fields for reporting such problems.

The specific problem that is more likely to occur, starting with this PR, is that verification is requested, but the controller doesn't have Rollouts integration enabled. This means an AnalysisRun cannot even be launched.

[krancour]

This fixes #1379

[krancour]

It isn't just the Application reconciler that we cannot start when Argo CD is disabled. We also cannot carry out Argo CD-based promotion mechanisms.

[krancour]

Cannot factor Application state into Stage health if Argo CD integration is disabled.

[krancour]

Function signature changed...

If something goes wrong, we report it through the VerificationInfo's Phase and Message fields. What we don't want is for a verification problem to present as a Stage problem.

[krancour]

Once again, if something goes wrong, we now report it through the VerificationInfo's Phase and Message fields. What we don't want is for a verification problem to look like a Stage problem.

[krancour]

You see changes like this throughout. "argoClient" was too ambiguous, because Rollouts is also and Argo project. argocdClient is more specific.

[krancour]

This was an oops to begin with.

[krancour]

Instead of (or in addition to) the ROLLOUTS_INTEGRATION_ENABLED variable to indicate if integration should explicitly be enabled, could we make this inferred by ability to list analysisruns/analysistemplates CRs (even if none are found) during startup?

The reason I think this is desired is because coordinating ROLLOUTS_INTEGRATION_ENABLED across many shards will be hard to maintain and it would be better to infer this with less required upfront configuration.

I'm okay with having the option of ROLLOUTS_INTEGRATION_ENABLED be explicit (to allow things to break when things aren't expected), but in the case where it is omitted, I feel we can rely on inference for a better UX.

@jessesuen, I addressed this in new commit 12bfb28

I think there is a benefit to explicitly disabling Argo CD and/or Rollouts integrations if they are undesired because the controller is granted slightly fewer permissions that way.

But your point about configuration for many shards being difficult is a good one. And we've also seen instances of our own colleagues being surprised at the controller going into a crash loop when they forgot to install one of the dependencies.

So where I landed was:

• If you explicitly disable an integration, it is truly disabled without further condition. If you, for instance, had Argo CD or Argo Rollouts on a cluster and really wanted not to enable those integrations, this is what you'd have to do.

• If you don't explicitly opt-out, there's a sanity check in case you rolled with the default by accident. So if you start up with Rollouts integration (for example) enabled, but Rollouts CRDs not installed, then you'll see a warning, but the controller will function without error, just as if that feature had been explicitly disabled.

Does all that seem ok?

Willing to tweak this further if you think I've missed the mark.

[jessesuen]

but Rollouts CRDs not installed, then you'll see a warning, but the controller will function without error, just as if that feature had been explicitly disabled.

Yep! That is effectively the same as what I was asking for.