zhongwei/gh-hermeticormus-floreserlife-plugins-kubernetes-operations
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c45246605e3dba0d9a0a40d2ce88a6fb699ec521
gh-hermeticormus-floreserli…/skills/gitops-workflow/references/sync-policies.md
Zhongwei Li c45246605e Initial commit
2025-11-29 18:40:04 +08:00

2.7 KiB
Raw Blame History

GitOps Sync Policies

ArgoCD Sync Policies

Automated Sync

syncPolicy:
  automated:
    prune: true       # Delete resources removed from Git
    selfHeal: true    # Reconcile manual changes
    allowEmpty: false # Prevent empty sync

Manual Sync

syncPolicy:
  syncOptions:
  - PrunePropagationPolicy=foreground
  - CreateNamespace=true

Sync Windows

syncWindows:
- kind: allow
  schedule: "0 8 * * *"
  duration: 1h
  applications:
  - my-app
- kind: deny
  schedule: "0 22 * * *"
  duration: 8h
  applications:
  - '*'

Retry Policy

syncPolicy:
  retry:
    limit: 5
    backoff:
      duration: 5s
      factor: 2
      maxDuration: 3m

Flux Sync Policies

Kustomization Sync

apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: my-app
spec:
  interval: 5m
  prune: true
  wait: true
  timeout: 5m
  retryInterval: 1m
  force: false

Source Sync Interval

apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
  name: my-app
spec:
  interval: 1m
  timeout: 60s

Health Assessment

Custom Health Checks

# ArgoCD
apiVersion: v1
kind: ConfigMap
metadata:
  name: argocd-cm
  namespace: argocd
data:
  resource.customizations.health.MyCustomResource: |
    hs = {}
    if obj.status ~= nil then
      if obj.status.conditions ~= nil then
        for i, condition in ipairs(obj.status.conditions) do
          if condition.type == "Ready" and condition.status == "False" then
            hs.status = "Degraded"
            hs.message = condition.message
            return hs
          end
          if condition.type == "Ready" and condition.status == "True" then
            hs.status = "Healthy"
            hs.message = condition.message
            return hs
          end
        end
      end
    end
    hs.status = "Progressing"
    hs.message = "Waiting for status"
    return hs

Sync Options

Common Sync Options

  • PrunePropagationPolicy=foreground - Wait for pruned resources to be deleted
  • CreateNamespace=true - Auto-create namespace
  • Validate=false - Skip kubectl validation
  • PruneLast=true - Prune resources after sync
  • RespectIgnoreDifferences=true - Honor ignore differences
  • ApplyOutOfSyncOnly=true - Only apply out-of-sync resources

Best Practices

  1. Use automated sync for non-production
  2. Require manual approval for production
  3. Configure sync windows for maintenance
  4. Implement health checks for custom resources
  5. Use selective sync for large applications
  6. Configure appropriate retry policies
  7. Monitor sync failures with alerts
  8. Use prune with caution in production
  9. Test sync policies in staging
  10. Document sync behavior for teams
Reference in New Issue View Git Blame Copy Permalink