feat(deploy): Implement Seed Jobs with ArgoCD Hooks and Finalizer Workaround #3
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This Pull Request introduces the seed functionality for the preview environment and implements a strategic workaround for the previously diagnosed ArgoCD finalizer deadlock issue.
Key Features & Enhancements
Upgraded the safezone-seed chart from 0.1.0 to 0.2.1 to formally introduce initialization and data seeding capabilities.
ArgoCD Sync Hook Integration: The Kubernetes Job within the chart is now configured as an ArgoCD Sync Hook with a HookSucceeded deletion policy. This ensures the job runs once per sync and is automatically cleaned up upon successful completion, adhering to GitOps best practices for one-off tasks.
Development Workflow Improvements:
Set imagePullPolicy to Always to allow for rapid iteration on the underlying seed scripts during development without requiring image tag changes. This will be reverted to IfNotPresent for stable releases.
The chart now supports environment-specific script paths (e.g., /scripts/preview/init.sh) and value files (e.g., values-preview-init.yaml), making the configuration more modular and explicit.
Renamed Seed Applications: For better clarity, the ArgoCD Applications for seeding have been renamed:
safezone-infra-seed -> safezone-seed-init
safezone-core-seed -> safezone-seed-data
Architectural Changes & Finalizer Workaround
Based on the in-depth investigation of the ArgoCD Application deletion deadlock, this PR implements a pragmatic workaround for the preview environment.
The argocd.argoproj.io/resources-finalizer has been removed from the metadata of all ArgoCD Application manifests under deploy/preview/apps/.
Reason: This is a deliberate architectural decision to bypass the platform-level issue causing the controller's deletion logic to hang. It makes the lifecycle of preview environment applications predictable, albeit manually managed on deletion.
To compensate for the removal of automated cascade deletion, a new delete_resources.sh script has been added to deploy/preview/scripts/.
This script provides a standardized and reliable way to clean up the preview environment. It surgically deletes resources by leveraging the standard app.kubernetes.io/instance label that ArgoCD automatically injects into all managed resources.
Other Changes
Fixed incorrect secret values in the deploy/preview/secrets directory.