azure / gitops-connector Goto Github PK

A GitOps Connector integrates a GitOps operator with CI/CD orchestrator

License: MIT License

Dockerfile 0.75% Python 99.25%

gitops-connector's Introduction

GitOps Connector

GitOps Connector is a custom component with the goal of enriching the integration of a GitOps operator and a CI/CD orchestrator so the user experience in the entire CI/CD process is smoother and more observable. The whole process can be handled and monitored from a CI/CD orchestrator.

During the reconciliation process a GitOps operator notifies on every phase change and every health check the GitOps connector. This component serves as an adapter, it "knows" how to communicate to a Git repository and it updates the Git commit status so the synchronization progress is visible in the Manifests repository. When the reconciliation including health check has successfully finished or failed the connector notifies a CI/CD orchestrator, so the CD pipelines/workflows may perform corresponding actions such as testing, post-deployment activities and moving on to the next stage in the deployment chain.

Refer to the following implementations to understand the role the GitOps Connector plays in various GitOps flows:

Motivation

One of the biggest challenges in GitOps is observability. When a CI/CD pipeline orchestrates the deployment process by manipulating manifests in the repository, the real deployment is handled by a GitOps operator. When it happens, how it goes and when it finishes, successfully or not, we don't know. Neither does the CI/CD pipeline. To build a multistage CD pipeline there must be a backward connection from a GitOps operator to CI/CD orchestrator that reports the deployment state/result so the CD pipeline can proceed with testing, notifying, deploying to next environment.

Partly this challenge can be addressed by leveraging notifications components of GitOps operators such as FluxCD Notification Controller and ArgoCD Notifications. It's possible to configure basic notifications from Flux/ArgoCD to Azure DevOps/GitHub so the deployment phases are reflected with the Git Commit status in the repo.

So why can't we "just" use the existing notification functionality of Argo/Flux events?

The thing is that "basic" is not enough.

What we need:

A CD pipeline (e.g. Azure Pipeline) creates a PR to the manifests repo (e.g. GitHub) and waits until it's merged and deployment is finished. When the deployment is finished we need to find out which PR caused this deployment and invoke an Azure Pipelines API to notify a corresponding pipeline run to resume or fail.
In Git Commit status we want to see more details on what resources have been applied and what resources didn't pass the health check.

We simply can't do what we need just by configuring notifications in FluxCD/ArgoCD. To implement the logic of what we need we want to write some code and run it somewhere. We need some freedom in getting out of the boundaries of what is "out-of-the-box" in FluxCD/ArgoCD and extending it with custom logic to build a comprehensive CD flow with Azure Pipelines and/or GitHub actions. At the same time we want to keep pipelines simple and not dependent on underlying GitOps operator. Hence, the GitOps connector.

Why can't we enhance ArgoCD/FluxCD notification functionality to achieve the same?

Actually we can. The only thing that we'd have to do that twice. And again, when we support another GitOps operator. And separately for GitHub and Azure DevOps. And again when we support another CI/CD orchestrator. So should we? The GitOps connector decouples ArgoCD/FluxCD from GitHub/Azure DevOps. It reduces dependencies serving as a glue between them. Think of the GitOps connector as of an extension of FluxCD/ArgoCD (one for both) or, in terms of FluxCD notifications, a custom provider for GitHub, Azure DevOps, various observability dashboards (e.g. Spektate). A custom provider extracted as a separate microservice with an independent lifecycle. When we want to build same CI/CD flow with another GitOps operator, we will update the connector keeping the same pipelines setup. When we want to enrich look-n-feel of Git Commit status or use a new feature in Azure DevOps / GitHub or start supporting another CI/CD orchestrator we will update the connector without touching FluxCD/ArgoCD at all. Hence, the GitOps connector.

GitOps operators

The GitOps Connector supports the following Git Ops operators:

Git Commit Status Update

The GitOps Connector supports the following Git repositories:

The connector reports the deployment process updates to the Git repositories with the Git commit status:

Commit Status in GitHub	Commit Status in Azure Repos

In addition to updating the Git commit status in Git repositories, the GitOps connector may optionally notify a list of custom subscribers with a json payload:

Attribute	Description	Sample
commit_id	Commit Id in Manifests repo	42e2e5af9d49de268cd1fda3587788da4ace418a
status_name	Event context	Sync; Health
state	Event state	Progressing; Failed
message	Full event message	Pending - Fetched revision 42e2e5af9d49de268cd1fda3587788da4ace418a
callback_url	Callback URL with the details	https://github.com/kaizentm/gitops-manifests/commit/42e2e5af9d49de268cd1fda3587788da4ace418a
gitops_operator	GitOps operator (Flux or ArgoCD)	Flux
genre	Message category	GitRepository

Refer to installation guide for the details on configuring a list of custom subscribers.

Notification on Deployment Completion

The GitOps connector analyzes the incoming messages from the GitOps operator and figures out when the deployment is finished, successfully or not. It notifies on this event the CI/CD orchestrator, so the orchestrator can proceed with the CD process.

The notification mechanism on deployment completion varies for different CI/CD orchestrators.

Azure Pipelines

An Azure CD pipeline is supposed to create a PR to the manifests repo and wait in agentless mode until the PR is merged and the GitOps operator finishes the deployment. It may use PR properties as a storage for the agentless task callback parameters. When the deployment is finished, the GitOps connector seeks the PR to the manifest repo that caused the deployment and looks for the PR's properties under the /callback-task-id path. It expects to find a json object with the following data:

{"taskid":"$(System.TaskInstanceId)",
 "jobid:"$(System.JobId)",
 "planurl":"$(System.CollectionUri)",
 "planid":"$(System.PlanId)",
 "projectid":"$(System.TeamProjectId)",
 "pr_num":"$(pr_num)"}

The GitOps connector uses this data to provide a callback to the agentless task with the following API:

POST {planurl}{projectid}/_apis/distributedtask/hubs/build/plans/{planid}/events?api-version=2.0-preview.1
payload = {
    'name': "TaskCompleted",
    'taskId': {taskid},
    'jobid': {jobid},
    'result': "succeeded"/"failed"
}

Refer to a sample of such agentless task for the implementation details.

GitHub Actions

If the CI/CD orchestrator is GitHub Actions, the GitOps connector sends a dispatch event on the successful deployment completion:

POST /repos/{owner}/{repo}/dispatches
payload = {
    'event_type': "sync-success",
    'client_payload': {'sha': {commit_id},                //Commit Id in source repo that started the CI/CD process 
                      'runid': {github_workflow_run_id}    //GitHub Actions Workflow RunId that produced artifacts (e.g. Docker Image Tags)
                      'commitmessage': {commit_message}    //Full commit message from the commit that updated the manifests. Used to pass metadata for tying back to the source repo commits if there are multiple. 
    }

If the deployment fails, the connector doesn't send a dispatch event to GitHub Actions.

For the implementation details refer to the CD workflow in this repo that consumes CI artifacts, generates manifests and issues a PR to the manifests repo. Also, look at the publish workflow which is triggered on the deployment completion by the dispatch event from the GitOps connector.

Installation

Install GitOps Connector with Helm

Add GitOps Connector repository to Helm repos:

helm repo add gitops-connector https://azure.github.io/gitops-connector/

Prepare values.yaml file with the following attributes:

Attribute	Description	Sample
gitRepositoryType	Git Repository Type (AZDO or GITHUB)	GITHUB
ciCdOrchestratorType	CI/CD Orchestrator Type (AZDO or GITHUB)	GITHUB
gitOpsOperatorType	GitOps Operator Type (FLUX or ARGOCD)	FLUX
gitOpsAppURL	Call back URL from the Commit Status Window	https://github.com/kaizentm/gitops-manifests/commit; https://github.com/microsoft/spektate
orchestratorPAT	GitHub or Azure DevOps personal access token

If Git Repository Type is AZDO, add the following attributes:

Attribute	Description	Sample
azdoGitOpsRepoName	Azure DevOps Mainifests repository name	gen3-manifest
azdoOrgUrl	Azure DevOps Organization URL	https://dev.azure.com/DataCommons/ProjectDataCommons

If CI/CD Orchestrator Type is AZDO, add the following attributes:

Attribute	Description	Sample
azdoPrRepoName	Optional. When PRs are not issued to the manifests repo, but to a separate HLD repo	gen3-hld
azdoOrgUrl	Azure DevOps Organization URL	https://dev.azure.com/DataCommons/ProjectDataCommons

If Git Repository Type is GITHUB, add the following attributes:

Attribute	Description	Sample
gitHubGitOpsManifestsRepoName	GitHub Mainifests repository name	gitops-manifests
gitHubOrgUrl	API url for the GitHub org	https://api.github.com/repos/kaizentm

If CI/CD Orchestrator Type is GITHUB, add the following attributes:

Attribute	Description	Sample
gitHubGitOpsRepoName	GitHub Actions repository name	gitops-connector
gitHubOrgUrl	API url for the GitHub org	https://api.github.com/repos/kaizentm

Optional. If there are custom Git Commit status subscribers:

Attribute	Description	Sample
subscribers	List of key:value pairs defining subscriber name and endpoint	subscribers: spektate: 'http://spektate-server:5000/api/flux'

A sample values.yaml file for Flux and GitHub might look like this one:

gitRepositoryType: GITHUB          
ciCdOrchestratorType: GITHUB
gitOpsOperatorType: FLUX
gitHubGitOpsRepoName: gitops-connector
gitHubGitOpsManifestsRepoName: gitops-manifests
gitHubOrgUrl: https://api.github.com/repos/kaizentm
gitOpsAppURL: https://github.com/kaizentm/gitops-manifests/commit
orchestratorPAT: <PAT>
subscribers:
    spektate: 'http://spektate-server:5000/api/flux'

A sample values.yaml file for Flux and Azure DevOps might look like this one:

gitRepositoryType: AZDO          
ciCdOrchestratorType: AZDO
gitOpsOperatorType: FLUX
azdoGitOpsRepoName: manifest-repo
azdoOrgUrl: https://dev.azure.com/MyOrg/MyProject
azdoPrRepoName: hld-repo
gitOpsAppURL: https://github.com/microsoft/spektate
orchestratorPAT: <PAT>
subscribers:
    spektate: 'http://spektate-server:5000/api/flux'

Install GitOps connector with the following command:

helm upgrade -i gitops-connector gitops-connector/gitops-connector \
--namespace <NAMESPACE> \
--values values.yaml

#  Check GitOps connector is up and running:
kubectl get pods -l=app=gitops-connector -n <NAMESPACE>

#  Check the connector logs:
kubectl logs -l=app=gitops-connector -n <NAMESPACE> -f
#  DEBUG:root:0 subscribers added.
#  INFO:timeloop:Starting Timeloop..
#  [2021-05-25 00:19:23,595] [timeloop] [INFO] Starting Timeloop..
#  [2021-05-25 00:19:23,595] [timeloop] [INFO] Registered job <function pr_polling_thread_worker at 0x7f3df4f30550>
#  [2021-05-25 00:19:23,596] [timeloop] [INFO] Timeloop now started. Jobs will run based on the interval set
#  INFO:timeloop:Registered job <function pr_polling_thread_worker at 0x7f3df4f30550>
#  INFO:timeloop:Timeloop now started. Jobs will run based on the interval set
#  INFO:root:Starting commit status thread
#  INFO:root:Starting periodic PR cleanup
#  INFO:root:Finished PR cleanup, sleeping for 30 seconds...

Configure FluxCD to send notifications to GitOps connector

FluxCD Notification Controller sends notifications to GitOps connector on events related to GitRepository and Kustomization Flux resources. Apply the following yaml to the cluster to subscribe GitOps connector instance on Flux notifications:

apiVersion: notification.toolkit.fluxcd.io/v1beta1
kind: Alert
metadata:
  name: gitops-connector
  namespace: <NAMESPACE>
spec:
  eventSeverity: info
  eventSources:
  - kind: GitRepository
    name: <Flux GitRepository to watch>
  - kind: Kustomization
    name: <Flux Kustomization to watch>
  providerRef:
    name: gitops-connector
---
apiVersion: notification.toolkit.fluxcd.io/v1beta1
kind: Provider
metadata:
  name: gitops-connector
  namespace: <NAMESPACE>
spec:
  type: generic
  address: http://gitops-connector:8080/gitopsphase

Configure ArgoCD to send notifications to GitOps connector

ArgoCD Notifications sends updates on every deployment phase. Apply the following yaml to the cluster to subscribe GitOps connector instance on ArgoCD notifications:

apiVersion: v1
kind: ConfigMap
metadata:
  name: argocd-notifications-cm
  namespace: <ARGOCD-NAMESPACE>
data:
  trigger.sync-operation-status: |
    - when: app.status.operationState.phase in ['Error', 'Failed']
      send: [sync-operation-status-change]
    - when: app.status.operationState.phase in ['Succeeded']
      send: [sync-operation-status-change]
    - when: app.status.operationState.phase in ['Running']
      send: [sync-operation-status-change]
    - when: app.status.health.status in ['Progressing']
      send: [sync-operation-status-change]
    - when: app.status.health.status in ['Healthy'] && app.status.operationState.phase in ['Succeeded']
      send: [sync-operation-status-change]
    - when: app.status.health.status in ['Unknown', 'Suspended', 'Degraded', 'Missing', 'Healthy']
      send: [sync-operation-status-change]
  service.webhook.gitops-connector: |
    url: http://gitops-connector.<GITOPS-CONNECTOR-NAMESPACE>:8080/gitopsphase
    headers:
    - name: Content-Type
      value: application/json
  template.sync-operation-status-change: |
    webhook:
      test-receiver:
        method: POST
        body: |
          {
            "commitid": "{{.app.status.operationState.operation.sync.revision}}",
            "phase": "{{.app.status.operationState.phase}}",
            "sync_status": "{{.app.status.sync.status}}",
            "health": "{{.app.status.health.status}}",
            "message": "{{.app.status.operationState.message}}",
            "resources": {{toJson .app.status.resources}}
          }
  subscriptions: |
    - recipients:
        - test-receiver:""
      triggers:
        - sync-operation-status

OR if you want to trigger for specific argo app, instead of subscriptions in argocd-notifications-cm add annotation in argo Application manifest

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  annotations:
    notifications.argoproj.io/subscribe.<trigger-name>.<webhook-name>: ""

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.

gitops-connector's People

Contributors

Stargazers

Watchers

gitops-connector's Issues

This repo is missing important files

There are important files that Microsoft projects should all have that are not present in this repository. A pull request has been opened to add the missing file(s). When the pr is merged this issue will be closed automatically.

Microsoft teams can learn more about this effort and share feedback within the open source guidance available internally.

Merge this pull request

gitops-connector - CrashLoopBackOff

The GitOps-Connector pod fails to initiate, likely stemming from an issue related to Werkzeug/Flask version compatibility or dependencies.

k logs gitops-connector-696d8cdd-hvvsv -n flux-system
[2024-03-18 16:15:39 +0000] [7] [INFO] Starting gunicorn 20.0.4
[2024-03-18 16:15:39 +0000] [7] [INFO] Listening at: http://0.0.0.0:8080 (7)
[2024-03-18 16:15:39 +0000] [7] [INFO] Using worker: sync
[2024-03-18 16:15:39 +0000] [8] [INFO] Booting worker with pid: 8
[2024-03-18 16:15:39 +0000] [8] [ERROR] Exception in worker process
Traceback (most recent call last):
  File "/usr/local/lib/python3.9/site-packages/gunicorn/arbiter.py", line 583, in spawn_worker
    worker.init_process()
  File "/usr/local/lib/python3.9/site-packages/gunicorn/workers/base.py", line 119, in init_process
    self.load_wsgi()
  File "/usr/local/lib/python3.9/site-packages/gunicorn/workers/base.py", line 144, in load_wsgi
    self.wsgi = self.app.wsgi()
  File "/usr/local/lib/python3.9/site-packages/gunicorn/app/base.py", line 67, in wsgi
    self.callable = self.load()
  File "/usr/local/lib/python3.9/site-packages/gunicorn/app/wsgiapp.py", line 49, in load
    return self.load_wsgiapp()
  File "/usr/local/lib/python3.9/site-packages/gunicorn/app/wsgiapp.py", line 39, in load_wsgiapp
    return util.import_app(self.app_uri)
  File "/usr/local/lib/python3.9/site-packages/gunicorn/util.py", line 358, in import_app
    mod = importlib.import_module(module)
  File "/usr/local/lib/python3.9/importlib/__init__.py", line 127, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 1030, in _gcd_import
  File "<frozen importlib._bootstrap>", line 1007, in _find_and_load
  File "<frozen importlib._bootstrap>", line 986, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 680, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 850, in exec_module
  File "<frozen importlib._bootstrap>", line 228, in _call_with_frames_removed
  File "/app/gitops_event_handler.py", line 4, in <module>
    from flask import Flask, request
  File "/usr/local/lib/python3.9/site-packages/flask/__init__.py", line 7, in <module>
    from .app import Flask as Flask
  File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 27, in <module>
    from . import cli
  File "/usr/local/lib/python3.9/site-packages/flask/cli.py", line 17, in <module>
    from .helpers import get_debug_flag
  File "/usr/local/lib/python3.9/site-packages/flask/helpers.py", line 14, in <module>
    from werkzeug.urls import url_quote
ImportError: cannot import name 'url_quote' from 'werkzeug.urls' (/usr/local/lib/python3.9/site-packages/werkzeug/urls.py)
[2024-03-18 16:15:39 +0000] [8] [INFO] Worker exiting (pid: 8)
[2024-03-18 16:15:39 +0000] [7] [INFO] Shutting down: Master
[2024-03-18 16:15:39 +0000] [7] [INFO] Reason: Worker failed to boot.

Azure devops pipeline not working

Below are the steps to reproduce the issue:

Perform more than one commit within 1 minute (spec.interval for the flux customization)
Reconciliation happens with both the commits, and we can see the latest deployment
But only latest commit shows reconciliation status in azure repo against the commit but older one did not.
Also, only one CD pipeline completes successfully, and older commit pipeline fails after 60 minutes.

Issue seems to be with gitops connector which should send the notification to the respective commit when there are multiple commits within the interval.

Azure DevOps personal access token - Permissions

Hello!

We're in the initial phase of setting up the GitOps Connector in our Kubernetes Cluster.

We're using FluxCD and Azure Repos, which leads me to the question.

What kind of permissions should we grant the Personal Access Token required for the GitOps Connector.

We would love to go with only the minimal amount of permissions instead of everything, but we can't find anything in the documentation related to what kind of permissions the Personal Access Token needs.

Can you extend the documentation with the required permissions for the Azure DevOps PAT?

Notes:
I scanned the repository and compiled a list of the Azure DevOps REST APIs you're using. Based on this list, I found the following scopes are needed.

API list I found:

I wasn't able to find the endpoints in these files in Azures Rest API documentation

https://github.com/Azure/gitops-connector/blob/main/src/orchestrators/azdo_cicd_orchestrator.py (My best guess would be the permission called vso.build)

Scopes needed to use the APIs:

vso.code_write
vso.code_status
vso.code

Update:
I managed to get the status on commits and callback to Azure DevOps pipelines to work with the following permissions:
vso.build_execute vso.code_write vso.code_status

Argo operator code missing kind argument for GitCommitStatus dataclass

Operator constructs GitCommitStatus below:

    def _new_git_commit_status(self, commit_id, status_name, state, message: str):
        return GitCommitStatus(commit_id=commit_id,
            status_name=status_name,
            state=state,
            message=message,
            callback_url=self.callback_url,
            gitops_operator='ArgoCD')

Errors with follow when event notification is received:

  File "/app/operators/argo_gitops_operator.py", line 60, in _new_git_commit_status
    return GitCommitStatus(commit_id=commit_id,
TypeError: __init__() missing 1 required positional argument: 'genre'

The flux operator does not have this issue.

Does this work with FluxV2?

I went through the AKS GitOps GitHub tutorial for integrating GitOps Connector with a GitHub repo to perform CI/CD and it doesn't quite work.
After a repo sync an event is triggered but an error is shown in the gitops connector logs:

{"level":"info","ts":"2022-07-11T00:45:28.307Z","logger":"event-server","msg":"Dispatching event: Reconciliation finished in 6.529154806s, next run in 10m0s","reconciler kind":"Kustomization","name":"cluster-config-cluster-config","namespace":"cluster-config"}

{"level":"error","ts":"2022-07-11T00:45:51.796Z","logger":"event-server","msg":"failed to send notification","reconciler kind":"GitRepository","name":"cluster-config","namespace":"cluster-config","error":"postMessage failed: failed to execute request: POST http://gitops-connector.cluster-config.svc.cluster.local:8080/gitopsphase giving up after 5 attempt(s)"}

Setup steps:

GitOps extension is installed in AKS.
Cluster level configuration is created:

az k8s-configuration flux create \
   --name cluster-config \
   --cluster-name aksworkshop-27749 \
   --namespace cluster-config \
   --resource-group aksworkshop \
   -u  https://github.com/clarenceb/arc-cicd-demo-gitops.git \
   --https-user clarenceb \
   --https-key <pat-redacted> \
   --scope cluster \
   --cluster-type managedClusters \
   --branch master \
   --kustomization name=cluster-config prune=true path=arc-cicd-cluster/manifests

GitOps connector installed in same namespace as the gitops config (seems to be required due to flux v2 multi-tenancy):

helm upgrade -i gitops-connector gitops-connector/gitops-connector \
      --namespace cluster-config \
      --set gitRepositoryType=GITHUB \
      --set ciCdOrchestratorType=GITHUB \
      --set gitOpsOperatorType=FLUX \
      --set gitHubGitOpsRepoName=arc-cicd-demo-src \
      --set gitHubGitOpsManifestsRepoName=arc-cicd-demo-gitops \
      --set gitHubOrgUrl=https://api.github.com/repos/clarenceb \
      --set gitOpsAppURL=https://github.com/clarenceb/arc-cicd-demo-gitops/commit \
      --set orchestratorPAT=<pat-redacted>

Create Alert and Provider:

cat <<EOF | kubectl apply -f -
apiVersion: notification.toolkit.fluxcd.io/v1beta1
kind: Alert
metadata:
  name: gitops-connector
  namespace: cluster-config
spec:
  eventSeverity: info
  eventSources:
  - kind: GitRepository
    name: cluster-config
  - kind: Kustomization
    name: cluster-config-cluster-config
  providerRef:
    name: gitops-connector
---
apiVersion: notification.toolkit.fluxcd.io/v1beta1
kind: Provider
metadata:
  name: gitops-connector
  namespace: cluster-config
spec:
  type: generic
  address: http://gitops-connector.cluster-config.svc.cluster.local:8080/gitopsphase
EOF

When a change in made to the gitops repo, the notification controller is sending an event to the gitops-operator and the error shown above seen in the logs.

Notification loop does not stop with GitHub Actions

Hi, I’m testing the new GitOps feature in AKS, and I may have misconfigured something in the connector, because it has entered in an infinite loop of notifications.

I’m following the tutorial for CI/CD with flux in AKS: Tutorial: Implement CI/CD with GitOps (Flux v2) in Azure Arc-enabled Kubernetes clusters - Azure Arc | Microsoft Docs. I’ve configured a short time of reconciliation (2 minutes) to do some demos, so I can show how the system automagically recovers from almost-any manual change in the cluster. All worked well, but when I configured the gitops-connectorI realized that it had created hundreds of PRs for the stage environment, one every two minutes, because the CD_stage workflow starts also every two minutes:

It looks like the gitops-connector it is continuously sending a dispatch event to GitHub for every kustomize reconciliation, because the notification-controller sends a message for every kustomize run, even if it didn’t apply anything. In my understanding, as it is still the same commit revision and nothing changed in the repo nor in the cluster, the kustomize didn’t apply anything new, it should not do anything. But it does, so I may have something misconfigured that is causing this error.

Once I merge one of the PRs for the stage deployment, it correctly deploys the changes and then the github action starts to fail because there are no artifacts anymore:

I paste below some configurations and logs output for reference:

Gitops-connector.yaml values

apiVersion: notification.toolkit.fluxcd.io/v1beta1
kind: Alert
metadata:
  name: gitops-connector
  namespace: cluster-config
spec:
  eventSeverity: info
  eventSources:
  - kind: GitRepository
    name: cluster-config
  - kind: Kustomization
    name: cluster-config-cluster-config
  providerRef:
    name: gitops-connector
---
apiVersion: notification.toolkit.fluxcd.io/v1beta1
kind: Provider
metadata:
  name: gitops-connector
  namespace: cluster-config
spec:
  type: generic
  address: http://gitops-connector:8080/gitopsphase

gitops-connector-cm

apiVersion: v1
data:
  CICD_ORCHESTRATOR_TYPE: GITHUB
  GIT_REPOSITORY_TYPE: GITHUB
  GITHUB_GITOPS_MANIFEST_REPO_NAME: arc-cicd-demo-gitops
  GITHUB_GITOPS_REPO_NAME: arc-cicd-demo-src
  GITHUB_ORG_URL: https://api.github.com/repos/jmenterprisedemo
  GITOPS_APP_URL: https://github.com/jmenterprisedemo/arc-cicd-demo-gitops/commit
  GITOPS_OPERATOR_TYPE: FLUX
kind: ConfigMap
metadata:
  annotations:
    meta.helm.sh/release-name: gitops-connector
    meta.helm.sh/release-namespace: flux-system
  creationTimestamp: "2022-02-09T21:44:32Z"
  labels:
    app.kubernetes.io/managed-by: Helm
  name: gitops-connector-cm
  namespace: flux-system
  resourceVersion: "148426"
  uid: f8aa9588-52e5-4076-b75a-88472f27531b

gitrepositories yaml output

apiVersion: v1
items:
- apiVersion: source.toolkit.fluxcd.io/v1beta1
  kind: GitRepository
  metadata:
    annotations:
      reconcile.fluxcd.io/requestedAt: "2022-02-09T13:55:50.683325194Z"
    creationTimestamp: "2022-02-09T13:55:50Z"
    finalizers:
    - finalizers.fluxcd.io
    generation: 1
    labels:
      clusterconfig.azure.com/is-managed: "true"
      clusterconfig.azure.com/name: cluster-config
      clusterconfig.azure.com/namespace: cluster-config
      clusterconfig.azure.com/operation-id: 3367b7b5-6c09-4d1e-9097-04f154d02bd2
    name: cluster-config
    namespace: cluster-config
    ownerReferences:
    - apiVersion: clusterconfig.azure.com/v1alpha1
      blockOwnerDeletion: true
      controller: true
      kind: FluxConfig
      name: cluster-config
      uid: 4aa3cdcd-e6d1-4b9d-b4b8-c1f542cd0d75
    resourceVersion: "610928"
    uid: 2806483d-e818-4a27-a1ad-cbe7a90e9baf
  spec:
    gitImplementation: go-git
    interval: 2m0s
    ref:
      branch: master
    secretRef:
      name: cluster-config-auth
    timeout: 10m0s
    url: https://github.com/jmenterprisedemo/arc-cicd-demo-gitops

Gitops-connector logs

DEBUG:root:GitOps phase: {'involvedObject': {'kind': 'Kustomization', 'namespace': 'cluster-config', 'name': 'cluster-config-cluster-config', 'uid': 'bd3b061b-c480-4588-a4b1-b6aed6479a37', 'apiVersion': 'kustomize.toolkit.fluxcd.io/v1beta2', 'resourceVersion': '606325'}, 'severity': 'info', 'timestamp': '2022-02-10T22:47:00Z', 'message': 'Reconciliation finished in 1.56626684s, next run in 2m0s', 'reason': 'ReconciliationSucceeded', 'metadata': {'commit_status': 'update', 'revision': 'master/2b73b2fc54020e415e25c1fc1c351f65e205fbe0'}, 'reportingController': 'kustomize-controller', 'reportingInstance': 'kustomize-controller-7fcd68df9b-kxp2n'}
DEBUG:root:Kind: Kustomization
INFO:root:Url [https://api.github.com/repos/jmenterprisedemo/arc-cicd-demo-gitops/statuses/2b73b2fc54020e415e25c1fc1c351f65e205fbe0](https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapi.github.com%2Frepos%2Fjmenterprisedemo%2Farc-cicd-demo-gitops%2Fstatuses%2F2b73b2fc54020e415e25c1fc1c351f65e205fbe0&data=04%7C01%7Cjuanmanuel.serverabondroit%40microsoft.com%7Cba13a277e893487600ad08d9ecee2d11%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637801330309800815%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=g%2BNpbDJzy4HS3x7lA88c88afVtHraWMHHuTL8s%2FO%2FRg%3D&reserved=0): Headers {'Authorization': 'token [redacted]'}: Data {'state': 'success', 'description': 'Reconciliation finished in 1.56626684s, next run in 2m0s', 'context': 'Status'}
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.github.com:443
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.github.com:443
DEBUG:urllib3.connectionpool:https://api.github.com:443 "GET /repos/jmenterprisedemo/arc-cicd-demo-gitops/commits/2b73b2fc54020e415e25c1fc1c351f65e205fbe0 HTTP/1.1" 200 None
INFO:root:CommitId 16996351e30612f6a5c8b1bbfd986eae54188685
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.github.com:443
DEBUG:urllib3.connectionpool:https://api.github.com:443 "POST /repos/jmenterprisedemo/arc-cicd-demo-gitops/statuses/2b73b2fc54020e415e25c1fc1c351f65e205fbe0 HTTP/1.1" 201 1376
DEBUG:urllib3.connectionpool:https://api.github.com:443 "POST /repos/jmenterprisedemo/arc-cicd-demo-src/dispatches HTTP/1.1" 204 0
INFO:root:Starting periodic PR cleanup
INFO:root:Finished PR cleanup, sleeping for 30 seconds...
INFO:root:Starting periodic PR cleanup
INFO:root:Finished PR cleanup, sleeping for 30 seconds...
INFO:root:Starting periodic PR cleanup
INFO:root:Finished PR cleanup, sleeping for 30 seconds...
INFO:root:Starting periodic PR cleanup
INFO:root:Finished PR cleanup, sleeping for 30 seconds...
DEBUG:root:GitOps phase: {'involvedObject': {'kind': 'Kustomization', 'namespace': 'cluster-config', 'name': 'cluster-config-cluster-config', 'uid': 'bd3b061b-c480-4588-a4b1-b6aed6479a37', 'apiVersion': 'kustomize.toolkit.fluxcd.io/v1beta2', 'resourceVersion': '606968'}, 'severity': 'info', 'timestamp': '2022-02-10T22:49:02Z', 'message': 'Reconciliation finished in 1.556804789s, next run in 2m0s', 'reason': 'ReconciliationSucceeded', 'metadata': {'commit_status': 'update', 'revision': 'master/2b73b2fc54020e415e25c1fc1c351f65e205fbe0'}, 'reportingController': 'kustomize-controller', 'reportingInstance': 'kustomize-controller-7fcd68df9b-kxp2n'}
DEBUG:root:Kind: Kustomization
INFO:root:Url [https://api.github.com/repos/jmenterprisedemo/arc-cicd-demo-gitops/statuses/2b73b2fc54020e415e25c1fc1c351f65e205fbe0](https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapi.github.com%2Frepos%2Fjmenterprisedemo%2Farc-cicd-demo-gitops%2Fstatuses%2F2b73b2fc54020e415e25c1fc1c351f65e205fbe0&data=04%7C01%7Cjuanmanuel.serverabondroit%40microsoft.com%7Cba13a277e893487600ad08d9ecee2d11%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637801330309800815%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=g%2BNpbDJzy4HS3x7lA88c88afVtHraWMHHuTL8s%2FO%2FRg%3D&reserved=0): Headers {'Authorization': 'token [redacted]'}: Data {'state': 'success', 'description': 'Reconciliation finished in 1.556804789s, next run in 2m0s', 'context': 'Status'}
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.github.com:443
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.github.com:443
DEBUG:urllib3.connectionpool:https://api.github.com:443 "GET /repos/jmenterprisedemo/arc-cicd-demo-gitops/commits/2b73b2fc54020e415e25c1fc1c351f65e205fbe0 HTTP/1.1" 200 None
INFO:root:CommitId 16996351e30612f6a5c8b1bbfd986eae54188685
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.github.com:443
DEBUG:urllib3.connectionpool:https://api.github.com:443 "POST /repos/jmenterprisedemo/arc-cicd-demo-gitops/statuses/2b73b2fc54020e415e25c1fc1c351f65e205fbe0 HTTP/1.1" 201 1377
DEBUG:urllib3.connectionpool:https://api.github.com:443 "POST /repos/jmenterprisedemo/arc-cicd-demo-src/dispatches HTTP/1.1" 204 0
INFO:root:Starting periodic PR cleanup
INFO:root:Finished PR cleanup, sleeping for 30 seconds...
INFO:root:Starting periodic PR cleanup
INFO:root:Finished PR cleanup, sleeping for 30 seconds...
INFO:root:Starting periodic PR cleanup
INFO:root:Finished PR cleanup, sleeping for 30 seconds...
INFO:root:Starting periodic PR cleanup
INFO:root:Finished PR cleanup, sleeping for 30 seconds...
DEBUG:root:GitOps phase: {'involvedObject': {'kind': 'Kustomization', 'namespace': 'cluster-config', 'name': 'cluster-config-cluster-config', 'uid': 'bd3b061b-c480-4588-a4b1-b6aed6479a37', 'apiVersion': 'kustomize.toolkit.fluxcd.io/v1beta2', 'resourceVersion': '607584'}, 'severity': 'info', 'timestamp': '2022-02-10T22:51:03Z', 'message': 'Reconciliation finished in 1.5964757s, next run in 2m0s', 'reason': 'ReconciliationSucceeded', 'metadata': {'commit_status': 'update', 'revision': 'master/2b73b2fc54020e415e25c1fc1c351f65e205fbe0'}, 'reportingController': 'kustomize-controller', 'reportingInstance': 'kustomize-controller-7fcd68df9b-kxp2n'}
DEBUG:root:Kind: Kustomization
INFO:root:Url [https://api.github.com/repos/jmenterprisedemo/arc-cicd-demo-gitops/statuses/2b73b2fc54020e415e25c1fc1c351f65e205fbe0](https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapi.github.com%2Frepos%2Fjmenterprisedemo%2Farc-cicd-demo-gitops%2Fstatuses%2F2b73b2fc54020e415e25c1fc1c351f65e205fbe0&data=04%7C01%7Cjuanmanuel.serverabondroit%40microsoft.com%7Cba13a277e893487600ad08d9ecee2d11%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637801330309800815%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=g%2BNpbDJzy4HS3x7lA88c88afVtHraWMHHuTL8s%2FO%2FRg%3D&reserved=0): Headers {'Authorization': 'token [redacted]'}: Data {'state': 'success', 'description': 'Reconciliation finished in 1.5964757s, next run in 2m0s', 'context': 'Status'}
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.github.com:443
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.github.com:443
DEBUG:urllib3.connectionpool:https://api.github.com:443 "GET /repos/jmenterprisedemo/arc-cicd-demo-gitops/commits/2b73b2fc54020e415e25c1fc1c351f65e205fbe0 HTTP/1.1" 200 None
INFO:root:CommitId 16996351e30612f6a5c8b1bbfd986eae54188685
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.github.com:443
DEBUG:urllib3.connectionpool:https://api.github.com:443 "POST /repos/jmenterprisedemo/arc-cicd-demo-gitops/statuses/2b73b2fc54020e415e25c1fc1c351f65e205fbe0 HTTP/1.1" 201 1375
DEBUG:urllib3.connectionpool:https://api.github.com:443 "POST /repos/jmenterprisedemo/arc-cicd-demo-src/dispatches HTTP/1.1" 204 0

Notification controller logs

{"level":"info","ts":"2022-02-10T22:49:02.102Z","logger":"event-server","msg":"Dispatching event: Reconciliation finished in 1.556804789s, next run in 2m0s","reconciler kind":"Kustomization","name":"cluster-config-cluster-config","namespace":"cluster-config"}
{"level":"info","ts":"2022-02-10T22:51:03.712Z","logger":"event-server","msg":"Dispatching event: Reconciliation finished in 1.5964757s, next run in 2m0s","reconciler kind":"Kustomization","name":"cluster-config-cluster-config","namespace":"cluster-config"}
{"level":"info","ts":"2022-02-10T22:53:05.290Z","logger":"event-server","msg":"Dispatching event: Reconciliation finished in 1.54985846s, next run in 2m0s","reconciler kind":"Kustomization","name":"cluster-config-cluster-config","namespace":"cluster-config"}
{"level":"info","ts":"2022-02-10T22:55:06.902Z","logger":"event-server","msg":"Dispatching event: Reconciliation finished in 1.57785959s, next run in 2m0s","reconciler kind":"Kustomization","name":"cluster-config-cluster-config","namespace":"cluster-config"}
{"level":"info","ts":"2022-02-10T22:57:08.458Z","logger":"event-server","msg":"Dispatching event: Reconciliation finished in 1.545596821s, next run in 2m0s","reconciler kind":"Kustomization","name":"cluster-config-cluster-config","namespace":"cluster-config"}
{"level":"info","ts":"2022-02-10T22:57:46.005Z","logger":"event-server","msg":"Dispatching event: Fetched revision: master/444ee463530ca540cf52368fa3c79a94c91ba42d","reconciler kind":"GitRepository","name":"cluster-config","namespace":"cluster-config"}
{"level":"info","ts":"2022-02-10T22:57:47.509Z","logger":"event-server","msg":"Dispatching event: Deployment/stage/azure-vote-back configured\nDeployment/stage/azure-vote-front configured","reconciler kind":"Kustomization","name":"cluster-config-cluster-config","namespace":"cluster-config"}
{"level":"info","ts":"2022-02-10T22:57:47.526Z","logger":"event-server","msg":"Dispatching event: Reconciliation finished in 1.526845864s, next run in 2m0s","reconciler kind":"Kustomization","name":"cluster-config-cluster-config","namespace":"cluster-config"}
{"level":"info","ts":"2022-02-10T22:59:09.985Z","logger":"event-server","msg":"Dispatching event: Reconciliation finished in 1.52466977s, next run in 2m0s","reconciler kind":"Kustomization","name":"cluster-config-cluster-config","namespace":"cluster-config"}
{"level":"info","ts":"2022-02-10T22:59:46.436Z","logger":"event-server","msg":"Dispatching event: Fetched revision: master/59703674c7f3526e1de3999c73f84d13c6941214","reconciler kind":"GitRepository","name":"cluster-config","namespace":"cluster-config"}
{"level":"info","ts":"2022-02-10T22:59:47.966Z","logger":"event-server","msg":"Dispatching event: Reconciliation finished in 1.536128865s, next run in 2m0s","reconciler kind":"Kustomization","name":"cluster-config-cluster-config","namespace":"cluster-config"}
{"level":"info","ts":"2022-02-10T23:01:11.539Z","logger":"event-server","msg":"Dispatching event: Reconciliation finished in 1.55205511s, next run in 2m0s","reconciler kind":"Kustomization","name":"cluster-config-cluster-config","namespace":"cluster-config"}
{"level":"info","ts":"2022-02-10T23:03:13.130Z","logger":"event-server","msg":"Dispatching event: Reconciliation finished in 1.57047581s, next run in 2m0s","reconciler kind":"Kustomization","name":"cluster-config-cluster-config","namespace":"cluster-config"}

Kustomization controller logs

kind":"Kustomization","name":"cluster-config-cluster-config","namespace":"cluster-config","revision":"master/2b73b2fc54020e415e25c1fc1c351f65e205fbe0"}
I0210 22:55:06.376002       7 request.go:665] Waited for 1.045274513s due to client-side throttling, not priority and fairness, request: GET:https://10.0.0.1:443/apis/snapshot.storage.k8s.io/v1beta1?timeout=32s
{"level":"info","ts":"2022-02-10T22:55:06.579Z","logger":"controller.kustomization","msg":"server-side apply completed","reconciler group":"kustomize.toolkit.fluxcd.io","reconciler kind":"Kustomization","name":"cluster-config-cluster-config","namespace":"cluster-config","output":{"Namespace/dev":"unchanged","Namespace/ingress-basic":"unchanged","Namespace/stage":"unchanged"}}
{"level":"info","ts":"2022-02-10T22:55:06.862Z","logger":"controller.kustomization","msg":"server-side apply completed","reconciler group":"kustomize.toolkit.fluxcd.io","reconciler kind":"Kustomization","name":"cluster-config-cluster-config","namespace":"cluster-config","output":{"Deployment/dev/azure-vote-back":"unchanged","Deployment/dev/azure-vote-front":"unchanged","Deployment/stage/azure-vote-back":"unchanged","Deployment/stage/azure-vote-front":"unchanged","HelmRelease/ingress-basic/ingress-nginx":"unchanged","HelmRepository/ingress-basic/ingress-nginx":"unchanged","Ingress/dev/az-vote-front-ingress":"unchanged","Ingress/stage/az-vote-front-ingress":"unchanged","Service/dev/azure-vote-back":"unchanged","Service/dev/azure-vote-front":"unchanged","Service/stage/azure-vote-back":"unchanged","Service/stage/azure-vote-front":"unchanged"}}
{"level":"info","ts":"2022-02-10T22:55:06.875Z","logger":"controller.kustomization","msg":"Reconciliation finished in 1.57785959s, next run in 2m0s","reconciler group":"kustomize.toolkit.fluxcd.io","reconciler kind":"Kustomization","name":"cluster-config-cluster-config","namespace":"cluster-config","revision":"master/2b73b2fc54020e415e25c1fc1c351f65e205fbe0"}
I0210 22:57:07.980448       7 request.go:665] Waited for 1.04500041s due to client-side throttling, not priority and fairness, request: GET:https://10.0.0.1:443/apis/policy/v1?timeout=32s
{"level":"info","ts":"2022-02-10T22:57:08.187Z","logger":"controller.kustomization","msg":"server-side apply completed","reconciler group":"kustomize.toolkit.fluxcd.io","reconciler kind":"Kustomization","name":"cluster-config-cluster-config","namespace":"cluster-config","output":{"Namespace/dev":"unchanged","Namespace/ingress-basic":"unchanged","Namespace/stage":"unchanged"}}
{"level":"info","ts":"2022-02-10T22:57:08.435Z","logger":"controller.kustomization","msg":"server-side apply completed","reconciler group":"kustomize.toolkit.fluxcd.io","reconciler kind":"Kustomization","name":"cluster-config-cluster-config","namespace":"cluster-config","output":{"Deployment/dev/azure-vote-back":"unchanged","Deployment/dev/azure-vote-front":"unchanged","Deployment/stage/azure-vote-back":"unchanged","Deployment/stage/azure-vote-front":"unchanged","HelmRelease/ingress-basic/ingress-nginx":"unchanged","HelmRepository/ingress-basic/ingress-nginx":"unchanged","Ingress/dev/az-vote-front-ingress":"unchanged","Ingress/stage/az-vote-front-ingress":"unchanged","Service/dev/azure-vote-back":"unchanged","Service/dev/azure-vote-front":"unchanged","Service/stage/azure-vote-back":"unchanged","Service/stage/azure-vote-front":"unchanged"}}
{"level":"info","ts":"2022-02-10T22:57:08.448Z","logger":"controller.kustomization","msg":"Reconciliation finished in 1.545596821s, next run in 2m0s","reconciler group":"kustomize.toolkit.fluxcd.io","reconciler kind":"Kustomization","name":"cluster-config-cluster-config","namespace":"cluster-config","revision":"master/2b73b2fc54020e415e25c1fc1c351f65e205fbe0"}
I0210 22:57:47.066079       7 request.go:665] Waited for 1.045471167s due to client-side throttling, not priority and fairness, request: GET:https://10.0.0.1:443/apis/policy/v1?timeout=32s
{"level":"info","ts":"2022-02-10T22:57:47.266Z","logger":"controller.kustomization","msg":"server-side apply completed","reconciler group":"kustomize.toolkit.fluxcd.io","reconciler kind":"Kustomization","name":"cluster-config-cluster-config","namespace":"cluster-config","output":{"Namespace/dev":"unchanged","Namespace/ingress-basic":"unchanged","Namespace/stage":"unchanged"}}
{"level":"info","ts":"2022-02-10T22:57:47.507Z","logger":"controller.kustomization","msg":"server-side apply completed","reconciler group":"kustomize.toolkit.fluxcd.io","reconciler kind":"Kustomization","name":"cluster-config-cluster-config","namespace":"cluster-config","output":{"Deployment/dev/azure-vote-back":"unchanged","Deployment/dev/azure-vote-front":"unchanged","Deployment/stage/azure-vote-back":"configured","Deployment/stage/azure-vote-front":"configured","HelmRelease/ingress-basic/ingress-nginx":"unchanged","HelmRepository/ingress-basic/ingress-nginx":"unchanged","Ingress/dev/az-vote-front-ingress":"unchanged","Ingress/stage/az-vote-front-ingress":"unchanged","Service/dev/azure-vote-back":"unchanged","Service/dev/azure-vote-front":"unchanged","Service/stage/azure-vote-back":"unchanged","Service/stage/azure-vote-front":"unchanged"}}
{"level":"info","ts":"2022-02-10T22:57:47.524Z","logger":"controller.kustomization","msg":"Reconciliation finished in 1.526845864s, next run in 2m0s","reconciler group":"kustomize.toolkit.fluxcd.io","reconciler kind":"Kustomization","name":"cluster-config-cluster-config","namespace":"cluster-config","revision":"master/444ee463530ca540cf52368fa3c79a94c91ba42d"}
I0210 22:59:09.526827       7 request.go:665] Waited for 1.04595049s due to client-side throttling, not priority and fairness, request: GET:https://10.0.0.1:443/apis/scheduling.k8s.io/v1?timeout=32s
{"level":"info","ts":"2022-02-10T22:59:09.729Z","logger":"controller.kustomization","msg":"server-side apply completed","reconciler group":"kustomize.toolkit.fluxcd.io","reconciler kind":"Kustomization","name":"cluster-config-cluster-config","namespace":"cluster-config","output":{"Namespace/dev":"unchanged","Namespace/ingress-basic":"unchanged","Namespace/stage":"unchanged"}}
{"level":"info","ts":"2022-02-10T22:59:09.971Z","logger":"controller.kustomization","msg":"server-side apply completed","reconciler group":"kustomize.toolkit.fluxcd.io","reconciler kind":"Kustomization","name":"cluster-config-cluster-config","namespace":"cluster-config","output":{"Deployment/dev/azure-vote-back":"unchanged","Deployment/dev/azure-vote-front":"unchanged","Deployment/stage/azure-vote-back":"unchanged","Deployment/stage/azure-vote-front":"unchanged","HelmRelease/ingress-basic/ingress-nginx":"unchanged","HelmRepository/ingress-basic/ingress-nginx":"unchanged","Ingress/dev/az-vote-front-ingress":"unchanged","Ingress/stage/az-vote-front-ingress":"unchanged","Service/dev/azure-vote-back":"unchanged","Service/dev/azure-vote-front":"unchanged","Service/stage/azure-vote-back":"unchanged","Service/stage/azure-vote-front":"unchanged"}}
{"level":"info","ts":"2022-02-10T22:59:09.983Z","logger":"controller.kustomization","msg":"Reconciliation finished in 1.52466977s, next run in 2m0s","reconciler group":"kustomize.toolkit.fluxcd.io","reconciler kind":"Kustomization","name":"cluster-config-cluster-config","namespace":"cluster-config","revision":"master/444ee463530ca540cf52368fa3c79a94c91ba42d"}
I0210 22:59:47.493934       7 request.go:665] Waited for 1.044181943s due to client-side throttling, not priority and fairness, request: GET:https://10.0.0.1:443/apis/rbac.authorization.k8s.io/v1?timeout=32s
{"level":"info","ts":"2022-02-10T22:59:47.701Z","logger":"controller.kustomization","msg":"server-side apply completed","reconciler group":"kustomize.toolkit.fluxcd.io","reconciler kind":"Kustomization","name":"cluster-config-cluster-config","namespace":"cluster-config","output":{"Namespace/dev":"unchanged","Namespace/ingress-basic":"unchanged","Namespace/stage":"unchanged"}}
{"level":"info","ts":"2022-02-10T22:59:47.948Z","logger":"controller.kustomization","msg":"server-side apply completed","reconciler group":"kustomize.toolkit.fluxcd.io","reconciler kind":"Kustomization","name":"cluster-config-cluster-config","namespace":"cluster-config","output":{"Deployment/dev/azure-vote-back":"unchanged","Deployment/dev/azure-vote-front":"unchanged","Deployment/stage/azure-vote-back":"unchanged","Deployment/stage/azure-vote-front":"unchanged","HelmRelease/ingress-basic/ingress-nginx":"unchanged","HelmRepository/ingress-basic/ingress-nginx":"unchanged","Ingress/dev/az-vote-front-ingress":"unchanged","Ingress/stage/az-vote-front-ingress":"unchanged","Service/dev/azure-vote-back":"unchanged","Service/dev/azure-vote-front":"unchanged","Service/stage/azure-vote-back":"unchanged","Service/stage/azure-vote-front":"unchanged"}}
{"level":"info","ts":"2022-02-10T22:59:47.963Z","logger":"controller.kustomization","msg":"Reconciliation finished in 1.536128865s, next run in 2m0s","reconciler group":"kustomize.toolkit.fluxcd.io","reconciler kind":"Kustomization","name":"cluster-config-cluster-config","namespace":"cluster-config","revision":"master/59703674c7f3526e1de3999c73f84d13c6941214"}
I0210 23:01:11.059355       7 request.go:665] Waited for 1.043187792s due to client-side throttling, not priority and fairness, request: GET:https://10.0.0.1:443/apis/coordination.k8s.io/v1?timeout=32s
{"level":"info","ts":"2022-02-10T23:01:11.273Z","logger":"controller.kustomization","msg":"server-side apply completed","reconciler group":"kustomize.toolkit.fluxcd.io","reconciler kind":"Kustomization","name":"cluster-config-cluster-config","namespace":"cluster-config","output":{"Namespace/dev":"unchanged","Namespace/ingress-basic":"unchanged","Namespace/stage":"unchanged"}}
{"level":"info","ts":"2022-02-10T23:01:11.521Z","logger":"controller.kustomization","msg":"server-side apply completed","reconciler group":"kustomize.toolkit.fluxcd.io","reconciler kind":"Kustomization","name":"cluster-config-cluster-config","namespace":"cluster-config","output":{"Deployment/dev/azure-vote-back":"unchanged","Deployment/dev/azure-vote-front":"unchanged","Deployment/stage/azure-vote-back":"unchanged","Deployment/stage/azure-vote-front":"unchanged","HelmRelease/ingress-basic/ingress-nginx":"unchanged","HelmRepository/ingress-basic/ingress-nginx":"unchanged","Ingress/dev/az-vote-front-ingress":"unchanged","Ingress/stage/az-vote-front-ingress":"unchanged","Service/dev/azure-vote-back":"unchanged","Service/dev/azure-vote-front":"unchanged","Service/stage/azure-vote-back":"unchanged","Service/stage/azure-vote-front":"unchanged"}}
{"level":"info","ts":"2022-02-10T23:01:11.537Z","logger":"controller.kustomization","msg":"Reconciliation finished in 1.55205511s, next run in 2m0s","reconciler group":"kustomize.toolkit.fluxcd.io","reconciler kind":"Kustomization","name":"cluster-config-cluster-config","namespace":"cluster-config","revision":"master/59703674c7f3526e1de3999c73f84d13c6941214"}
I0210 23:03:12.609901       7 request.go:665] Waited for 1.045898838s due to client-side throttling, not priority and fairness, request: GET:https://10.0.0.1:443/apis/discovery.k8s.io/v1beta1?timeout=32s
{"level":"info","ts":"2022-02-10T23:03:12.817Z","logger":"controller.kustomization","msg":"server-side apply completed","reconciler group":"kustomize.toolkit.fluxcd.io","reconciler kind":"Kustomization","name":"cluster-config-cluster-config","namespace":"cluster-config","output":{"Namespace/dev":"unchanged","Namespace/ingress-basic":"unchanged","Namespace/stage":"unchanged"}}
{"level":"info","ts":"2022-02-10T23:03:13.096Z","logger":"controller.kustomization","msg":"server-side apply completed","reconciler group":"kustomize.toolkit.fluxcd.io","reconciler kind":"Kustomization","name":"cluster-config-cluster-config","namespace":"cluster-config","output":{"Deployment/dev/azure-vote-back":"unchanged","Deployment/dev/azure-vote-front":"unchanged","Deployment/stage/azure-vote-back":"unchanged","Deployment/stage/azure-vote-front":"unchanged","HelmRelease/ingress-basic/ingress-nginx":"unchanged","HelmRepository/ingress-basic/ingress-nginx":"unchanged","Ingress/dev/az-vote-front-ingress":"unchanged","Ingress/stage/az-vote-front-ingress":"unchanged","Service/dev/azure-vote-back":"unchanged","Service/dev/azure-vote-front":"unchanged","Service/stage/azure-vote-back":"unchanged","Service/stage/azure-vote-front":"unchanged"}}
{"level":"info","ts":"2022-02-10T23:03:13.110Z","logger":"controller.kustomization","msg":"Reconciliation finished in 1.57047581s, next run in 2m0s","reconciler group":"kustomize.toolkit.fluxcd.io","reconciler kind":"Kustomization","name":"cluster-config-cluster-config","namespace":"cluster-config","revision":"master/59703674c7f3526e1de3999c73f84d13c6941214"}

Azure DevOps orchestratorPAT as KeyVault reference instead of supplied as a hardcoded string

Description

When creating the HelmRelease for the GitOps Connector and if you're using Azure DevOps, you have to supply an orchestratorPAT for the GitOps Connector to change the status of the deployment on the commits and for it to make a callback afterwards.

However, having the token in the code is a security issue, as everybody with access to the repository can now get the orchestratorPAT and potentially do anything that the token can do.

This could be secured by supplying a KeyVault reference with the secret name to the HelmRelease instead of providing the hardcoded token.

Optional: If you also use Workload Identity Federation you also need a service account. It would be extra swell if you could supply the service account along with the KeyVault and secret name.

Receiving a "sync-success" dispatch even when no changes have been deployed

I am trying to use the sync-success dispatch event to trigger the next workflow and run integration tests.

The issue I am seeing is that on every reconciliation flux reports a commit_status event
DEBUG:root:GitOps phase: {'involvedObject': {'kind': 'Kustomization', 'namespace': 'flux-system', 'name': 'kustomization-mymanifests', 'uid': 'f3de8ac7-e027-411c-a2e1-ffdf73cb35a4', 'apiVersion': 'kustomize.toolkit.fluxcd.io/v1beta2', 'resourceVersion': '13397523'}, 'severity': 'info', 'timestamp': '2022-11-10T14:24:20Z', 'message': 'Reconciliation finished in 843.869422ms, next run in 1m0s', 'reason': 'ReconciliationSucceeded', 'metadata': {'commit_status': 'update', 'revision': 'lab-talent-aks/efbe4dd15f723a82e90a122a508f092e7320d6af'}, 'reportingController': 'kustomize-controller', 'reportingInstance': 'kustomize-controller-6fc6744c6b-6dj68'}

And because of the logic in _notify_orchestrator and is_finished I end up getting the sync-success dispatched repeatedly.

I thought maybe this was an issue with flux, but the maintainer over there told me this is expected behavior and to disable handling of events that contain metadata commit_status

fluxcd/flux2#3308

Flux does offer an ExclusionList on the Alert object, but I'm not sure how to configure it to exclude just these extra events

Missing Tolerations in helm chart

Hi,

We are trying out this connector with Flux2. But we are having issues with helm chart as our nodes are tainted.

Tolerations are missing in helm chart. Can you please add them. I can also submit a PR if thats ok.

Thanks

gitops-connector + Azur Arc

Hey,

Is it possible to use gitops-connector with Azure Arc?

I have managed to install the gitops-connector on my cluster, but I don't know what to configure FluxCD with to send notifications to GitOps connector. From the documentation GitRepository or Kustomization are used as eventSources, I don't have any of those resources in my cluster because Flux is installed using Azure Arc, and it doesn't seem to create those resources/controllers in the cluster.

Do I have to use native Flux for this to work?

Pls make a new release for NewArtifact issue

Hi:

We encountered the following issue. And I checked the submit of gitops-connector. Looks this issue is fixed last month.
In our test, once this issue happened, gitops-connector will execute "attempting task completion callback" incorrectly.
So could you make a new release with this bug fix asap?

INFO:root:Finished PR cleanup, sleeping for 30 seconds...
DEBUG:root:GitOps phase: {'involvedObject': {'kind': 'GitRepository', 'namespace': 'flux-system', 'name': 'flux-system', 'uid': '448b6503-1326-4f84-b5eb-65d636cf4092', 'apiVersion': 'source.toolkit.fluxcd.io/v1beta2', 'resourceVersion': '3265499'}, 'severity': 'info', 'timestamp': '2022-10-11T14:15:23Z', 'message': "stored artifact for commit 'Merged PR 60360: [task] deploy ccrc'", 'reason': 'NewArtifact', 'metadata': {'revision': 'main/5497a27ed48fa3fb414e5cb714f8d01ca84aed6c'}, 'reportingController': 'source-controller', 'reportingInstance': 'source-controller-958559676-tp8cw'}
DEBUG:root:Kind: GitRepository
ERROR:gitops_event_handler:Exception on /gitopsphase [POST]
Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 2446, in wsgi_app
response = self.full_dispatch_request()
File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 1951, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 1820, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/local/lib/python3.9/site-packages/flask/_compat.py", line 39, in reraise
raise value
File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 1949, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 1935, in dispatch_request
return self.view_functionsrule.endpoint
File "/app/gitops_event_handler.py", line 33, in gitopsphase
gitops_connector.process_gitops_phase(payload, req_time)
File "/app/gitops_connector.py", line 29, in process_gitops_phase
self._queue_commit_statuses(phase_data, req_time)
File "/app/gitops_connector.py", line 35, in _queue_commit_statuses
commit_statuses = self._gitops_operator.extract_commit_statuses(phase_data)
File "/app/operators/flux_gitops_operator.py", line 22, in extract_commit_statuses
reason_message = self._map_reason_to_description(
File "/app/operators/flux_gitops_operator.py", line 150, in _map_reason_to_description
return reason_description_map[reason]
KeyError: 'NewArtifact'
DEBUG:root:GitOps phase: {'involvedObject': {'kind': 'Kustomization', 'namespace': 'flux-system', 'name': 'infrastructure', 'uid': 'ad7b55b3-4cee-484f-986c-4919cfe85b80', 'apiVersion': 'kustomize.toolkit.fluxcd.io/v1beta2', 'resourceVersion': '3265521'}, 'severity': 'info', 'timestamp': '2022-10-11T14:15:23Z', 'message': 'Reconciliation finished in 330.665831ms, next run in 30m0s', 'reason': 'ReconciliationSucceeded', 'metadata': {'commit_status': 'update', 'revision': 'main/5497a27ed48fa3fb414e5cb714f8d01ca84aed6c'}, 'reportingController': 'kustomize-controller', 'reportingInstance': 'kustomize-controller-5b96477d7f-f46x6'}
DEBUG:root:Kind: Kustomization
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): dev.azure.com:443
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): dev.azure.com:443
DEBUG:urllib3.connectionpool:https://dev.azure.com:443 "POST /ericsson/Flux_Poc/_apis/git/repositories/Flux_Poc/commits/5497a27ed48fa3fb414e5cb714f8d01ca84aed6c/statuses?api-version=6.0 HTTP/1.1" 201 887
DEBUG:urllib3.connectionpool:https://dev.azure.com:443 "GET /ericsson/Flux_Poc/_apis/git/repositories/Flux_Poc/commits/5497a27ed48fa3fb414e5cb714f8d01ca84aed6c?api-version=6.0 HTTP/1.1" 200 985
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): dev.azure.com:443
DEBUG:urllib3.connectionpool:https://dev.azure.com:443 "GET /ericsson/Flux_Poc/_apis/git/repositories/Flux_Poc/pullRequests/60360/properties?api-version=6.0-preview HTTP/1.1" 200 512
INFO:root:PR 60360: Rollout True, attempting task completion callback...
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): ericsson.visualstudio.com:443
DEBUG:urllib3.connectionpool:https://ericsson.visualstudio.com:443 "GET /d734cc11-29df-47c5-a5ee-3d2f5108ff58/_apis/distributedtask/hubs/build/plans/066b0f13-863f-4c1d-9e9b-201abadcb0aa HTTP/1.1" 200 665
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): ericsson.visualstudio.com:443
DEBUG:urllib3.connectionpool:https://ericsson.visualstudio.com:443 "POST /d734cc11-29df-47c5-a5ee-3d2f5108ff58/_apis/distributedtask/hubs/build/plans/066b0f13-863f-4c1d-9e9b-201abadcb0aa/events?api-version=2.0-preview.1 HTTP/1.1" 204 0
DEBUG:root:Update PR task response contentb''
INFO:root:PR 60360: Successfully completed task c0e4c74c-be1d-5fa9-b73b-72a8d2302878

Best regards
Zhiyun Wang

When autocomplete is used, the PR number cannot be retrieved

When autocomplete is used, the PR merged message changes (no longer starts with Merged PR) and it is not possible to retrieve the PR number

def get_pr_num(self, commit_id) -> str:
        comment = self.get_commit_message(commit_id)
        MERGED_PR = "Merged PR "

The actual message is

"comment": "Merge pull request XXXX from dev/YYYY/zzzzz into main",

GitCommit status update fails for Azure DevOps Repo

Hey!

I've deployed GitOps connector with the below config:

gitRepositoryType: AZDO          
ciCdOrchestratorType: AZDO
gitOpsOperatorType: FLUX
azdoGitOpsRepoName: <RepoName>
azdoOrgUrl: https://dev.azure.com/<org>/<project>
orchestratorPAT: <DevOps PAT>

When the connector tries to update the commit status I get this error (I've ommited the sensitive parts of the URLs):

 2023-05-02T06:52:55.378175027Z DEBUG:urllib3.connectionpool:https://dev.azure.com:443 "POST /<org>/<project>/_apis/git/repositories/<repo>/commits/main@sha1:<sha>/statuses?api-version=6.0 HTTP/1.1" 400 227

If I run this request manually against DevOps I get the response:

{
    "$id": "1",
    "innerException": null,
    "message": "A potentially dangerous Request.Path value was detected from the client (:).",
    "typeName": "System.Web.HttpException, System.Web",
    "typeKey": "HttpException",
    "errorCode": 0,
    "eventId": 0
}

Full log:

 2023-05-02T06:52:55.405696440Z ERROR:gitops_event_handler:Exception on /gitopsphase [POST]                                                                                                                    
 ││ 2023-05-02T06:52:55.405730040Z Traceback (most recent call last):                                                                                                                                             
 ││ 2023-05-02T06:52:55.405736340Z   File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 2077, in wsgi_app                                                                                           
 ││ 2023-05-02T06:52:55.405741040Z     response = self.full_dispatch_request()                                                                                                                                    
 ││ 2023-05-02T06:52:55.405746140Z   File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 1525, in full_dispatch_request                                                                              
 ││ 2023-05-02T06:52:55.405750040Z     rv = self.handle_user_exception(e)                                                                                                                                         
 ││ 2023-05-02T06:52:55.405753340Z   File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 1523, in full_dispatch_request                                                                              
 ││ 2023-05-02T06:52:55.405757940Z     rv = self.dispatch_request()                                                                                                                                               
 ││ 2023-05-02T06:52:55.405762340Z   File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 1509, in dispatch_request                                                                                   
 ││ 2023-05-02T06:52:55.405767140Z     return self.ensure_sync(self.view_functions[rule.endpoint])(**req.view_args)                                                                                               
 ││ 2023-05-02T06:52:55.405772840Z   File "/app/gitops_event_handler.py", line 33, in gitopsphase                                                                                                                 
 ││ 2023-05-02T06:52:55.405776440Z     gitops_connector.process_gitops_phase(payload, req_time)                                                                                                                   
 ││ 2023-05-02T06:52:55.405782940Z   File "/app/gitops_connector.py", line 32, in process_gitops_phase                                                                                                            
 ││ 2023-05-02T06:52:55.405786440Z     self._notify_orchestrator(phase_data, commit_id)                                                                                                                           
 ││ 2023-05-02T06:52:55.405790540Z   File "/app/gitops_connector.py", line 44, in _notify_orchestrator                                                                                                            
 ││ 2023-05-02T06:52:55.405795740Z     self._cicd_orchestrator.notify_on_deployment_completion(commit_id, is_successful)                                                                                          
 ││ 2023-05-02T06:52:55.405800740Z   File "/app/orchestrators/azdo_cicd_orchestrator.py", line 25, in notify_on_deployment_completion                                                                             
 ││ 2023-05-02T06:52:55.405805540Z     pr_num = self.git_repository.get_pr_num(commit_id)                                                                                                                         
 ││ 2023-05-02T06:52:55.405810341Z   File "/app/repositories/azdo_git_repository.py", line 125, in get_pr_num                                                                                                     
 ││ 2023-05-02T06:52:55.405814941Z     comment = self.get_commit_message(commit_id)                                                                                                                               
 ││ 2023-05-02T06:52:55.405818241Z   File "/app/repositories/azdo_git_repository.py", line 117, in get_commit_message                                                                                             
 ││ 2023-05-02T06:52:55.405821341Z     response.raise_for_status()                                                                                                                                               
 ││ 2023-05-02T06:52:55.405824841Z   File "/usr/local/lib/python3.9/site-packages/requests/models.py", line 1021, in raise_for_status                                                                             
 ││ 2023-05-02T06:52:55.405828741Z     raise HTTPError(http_error_msg, response=self)                                                                                                                             
 ││ 2023-05-02T06:52:55.405833541Z requests.exceptions.HTTPError: 400 Client Error: Bad Request for url:

Problem with gitops-connector concept and hard to adapt for multiple applications scenario

We are trying to implement the solution using GitOps Connector and we face some issues related to the solution.
We have found out that the solution is designed to host one app repository with one manifest repository, but our scenario is different.

We have several projects in one manifest repository, therefore we can have multiple commit-ids or pull-requests entering the git history at the same time. Flux reconciles the latest commit id updated with the source controller, meaning that we can miss several commit-ids and pull-requests in the way of the gitops-connector notification.

Following scenario:

We have gitops source controller with commit-id

123 --- as latest

After several commits

123 <- latest applied by kustomization
321
432
212
122 <- latest commit not yet applied

SourceController updates to 122 hash and then kustomization will apply… Of course, all in between will apply as well since Git is cumulating changes, but the gitops-connector will only execute on top of 122 the latest commit notified by flux, if we have multiples pipelines waiting for gitops connector response git commit hash such as 212, 432 or 321, will not be notified and the pipeline will wait for approval until the task timeout expires.

IRL Scenario:

Giving one manifest repo to multiple applications pipelines, Is there an option or solution of configuration using GitOps-Connector?

Gitops-connector only support 1 kustomization per gitops repo

Does the gitops-connector only support 1 kustomization per gitops repo.

Our workflow has multiple Kustomization per gitops repo. When running multiple kustomization the dev kustomization event triggers the staging kustomization and vice versa.

gitops-connector pod in CrashLoopBackoff state after executing helm upgrade

HI,

I have an OKdo ROCK 4 SE running Ubuntu. I've installed Rancher k3s and connected the cluster to Arc.

I've successfully executed the first set of steps from this tutorial to get a cluster-config GitOps up and running and happy that I can commit changes to the namespaces.yaml and see the new namespaces deployed to the cluster:

https://learn.microsoft.com/en-us/azure/azure-arc/kubernetes/tutorial-gitops-flux2-ci-cd#connect-the-gitops-repository-1

I've then tried to follow the next set of steps to get the GitOps connector installed:

https://learn.microsoft.com/en-us/azure/azure-arc/kubernetes/tutorial-gitops-flux2-ci-cd#install-gitops-connector-1

After running the helm upgrade step when I do a check of the pods using kubectl get pods -n flux-system I see:

NAME READY STATUS RESTARTS AGE
notification-controller-df5b79cc5-v5vtl 1/1 Running 0 137m
source-controller-758ffb89cf-bbchm 1/1 Running 0 137m
helm-controller-65d59c8c87-vzt9k 1/1 Running 0 137m
kustomize-controller-64f6855bbc-jvm46 1/1 Running 0 137m
fluxconfig-controller-769fd4df9d-gq2g9 2/2 Running 0 137m
fluxconfig-agent-54648b6887-9ztfn 2/2 Running 0 137m
gitops-connector-76f779b899-5nc7w 0/1 CrashLoopBackOff 25 (56s ago) 104m

If I run kubectl logs -l=app=gitops-connector -n flux-system -f I see:

exec /usr/bin/sh: exec format error

If I run kubectl describe pod gitops-connector-76f779b899-5nc7w -n flux-system I see:

Name: gitops-connector-76f779b899-5nc7w
Namespace: flux-system
Priority: 0
Service Account: default
Node: rock4se/10.0.0.40
Start Time: Mon, 14 Aug 2023 09:36:22 +0100
Labels: app=gitops-connector
pod-template-hash=76f779b899
Annotations:
Status: Running
IP: 10.42.0.43
IPs:
IP: 10.42.0.43
Controlled By: ReplicaSet/gitops-connector-76f779b899
Containers:
connector:
Container ID: containerd://1f3bf4a836d5944f4e332d2805fa90b8a7ba2a1215bd70b27ff31dc3f58cd966
Image: ghcr.io/azure/gitops-connector:1.2.1
Image ID: ghcr.io/azure/gitops-connector@sha256:d120265b9a8d68b5759e8415da49e88e2a3b389898b1f1f764e70d40179b9917
Port: 8080/TCP
Host Port: 0/TCP
State: Waiting
Reason: CrashLoopBackOff
Last State: Terminated
Reason: Error
Exit Code: 1
Started: Mon, 14 Aug 2023 11:20:08 +0100
Finished: Mon, 14 Aug 2023 11:20:08 +0100
Ready: False
Restart Count: 25
Environment:
GIT_REPOSITORY_TYPE: <set to the key 'GIT_REPOSITORY_TYPE' of config map 'gitops-connector-cm'> Optional: false
CICD_ORCHESTRATOR_TYPE: <set to the key 'CICD_ORCHESTRATOR_TYPE' of config map 'gitops-connector-cm'> Optional: false
GITOPS_OPERATOR_TYPE: <set to the key 'GITOPS_OPERATOR_TYPE' of config map 'gitops-connector-cm'> Optional: false
GITOPS_APP_URL: <set to the key 'GITOPS_APP_URL' of config map 'gitops-connector-cm'> Optional: false
GITHUB_GITOPS_REPO_NAME: <set to the key 'GITHUB_GITOPS_REPO_NAME' of config map 'gitops-connector-cm'> Optional: false
GITHUB_GITOPS_MANIFEST_REPO_NAME: <set to the key 'GITHUB_GITOPS_MANIFEST_REPO_NAME' of config map 'gitops-connector-cm'> Optional: false
GITHUB_ORG_URL: <set to the key 'GITHUB_ORG_URL' of config map 'gitops-connector-cm'> Optional: false
PAT: <set to the key 'PAT' in secret 'gitops-connector-secret'> Optional: false
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-xnrf5 (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
kube-api-access-xnrf5:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional:
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors:
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message

Warning BackOff 94s (x481 over 106m) kubelet Back-off restarting failed container connector in pod gitops-connector-76f779b899-5nc7w_flux-system(9a6fe095-0be6-493e-981d-78f3218d61bb)

Gitops connector not working with manual azure devops approval

We are using Azure devops pipeline with flux and able to get response from call back url when PR approved manually.
But the same not working when we try to approve PR from pipeline.
Anyone can help here?

Documentation links are broken

Specifically this line:

Refer to [a sample of such agentless task](https://github.com/Azure/arc-cicd-demo-src/blob/FluxV2/.pipelines/pr-completion-task-template.yaml) for the implementation details.

I'm not sure where this should link or i'd put in a PR

Support workload identity

Since azure devops now supports managed identity it would be nice to be able to use aks workload identity instead of PAT for authentication with azure devops.

ArgoCD Notification script is out of date

The format for adding notifications to ArgoCD using ArgoCD Notifications is not up to date in the example from the README file.
Also it does not cover the case where the gitops connector is in a different namespace than ArgoCD itself.

I used this version in my own deployment.

apiVersion: v1
kind: ConfigMap
metadata:
  name: argocd-notifications-cm
  namespace: <ARGOCD-NAMESPACE>
data:
  service.webhook.gitops-connector: |
    url: http://gitops-connector.<GITOPS-CONNECTOR-NAMESPACE>:8080/gitopsphase
    headers: #optional headers
    - name: Content-Type
      value: application/json
      
  template.sync-operation-status-change: |
    webhook:
      gitops-connector:
        method: POST
        body: |
          {
            "commitid": "{{.app.status.operationState.operation.sync.revision}}",
            "phase": "{{.app.status.operationState.phase}}",
            "sync_status": "{{.app.status.sync.status}}",
            "health": "{{.app.status.health.status}}",
            "message": "{{.app.status.operationState.message}}",
            "resources": {{toJson .app.status.resources}}
          }
  
  trigger.sync-operation-status: |
    - when: app.status.operationState.phase in ['Error', 'Failed']
      send: [sync-operation-status-change]
    - when: app.status.operationState.phase in ['Succeeded']
      send: [sync-operation-status-change]
    - when: app.status.operationState.phase in ['Running']
      send: [sync-operation-status-change]
    - when: app.status.health.status in ['Progressing']
      send: [sync-operation-status-change]
    - when: app.status.health.status in ['Healthy'] && app.status.operationState.phase in ['Succeeded']
      send: [sync-operation-status-change]
    - when: app.status.health.status in ['Unknown', 'Suspended', 'Degraded', 'Missing']
      send: [sync-operation-status-change]
  
  subscriptions: |
    - recipients:
        - gitops-connector:""
      triggers:
        - sync-operation-status

Incompatibility with the latest revision format for Flux

The source revision format reported by the Flux controllers has changed according to RFC-0005

https://github.com/fluxcd/notification-controller/blob/v0.32.1/CHANGELOG.md#0320

DEBUG:urllib3.connectionpool:https://api.github.com:443 "GET /repos/myorg/myrepo/commits/dev@sha1:1fde4efca7a513638ba8f1c836b37f1661e0abd3/status HTTP/1.1" 404 None
ERROR:gitops_event_handler:Exception on /gitopsphase [POST]
Traceback (most recent call last):
  File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 2077, in wsgi_app
    response = self.full_dispatch_request()
  File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 1525, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 1523, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 1509, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**req.view_args)
  File "/app/gitops_event_handler.py", line 33, in gitopsphase
    gitops_connector.process_gitops_phase(payload, req_time)
  File "/app/gitops_connector.py", line 30, in process_gitops_phase
    if not self._git_repository.is_commit_finished(commit_id):
  File "/app/repositories/github_git_repository.py", line 40, in is_commit_finished
    response.raise_for_status()
  File "/usr/local/lib/python3.9/site-packages/requests/models.py", line 1021, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 404 Client Error: Not Found for url: https://api.github.com/repos/myorg/myrepo/commits/dev@sha1:1fde4efca7a513638ba8f1c836b37f1551e0abd3/status

while the correct URL would be something likehttps://api.github.com/repos/myorg/myrepo/commits/1fde4efca7a513638ba8f1c836b37f1551e0abd3/status

Not possible to use with GitHub for manifest repository when using Azure DevOps for CI/CD

I was not able to configure the GitOps Connector to work with Azure DevOps as CI/CD and GitHub for Manifests repository.
As far as I understand this is currently not possible to use it like this. The tool can be used only if both Manifests repository and CI/CD pipelines are on one - either GitHub or Azure DevOps, but not mixed.
Could you please confirm that?

If that's the case, could this be clearly stated in the documentation? Currently, the configuration have separate fields for gitRepositoryType and ciCdOrchestratorType which imply they can be set to different values and work.

From what I understand, to use Azure DevOps pipeline agentless waiting for deployment status - we need to push information about the callback to Git pull request properties, but setting properties is only available in Azure DevOps repositories and not in GitHub.
Could you suggest some workaround for this?

Broken link in Readme

In the readme there is a broken link

https://github.com/Azure/gitops-connector/blob/main/README.md?plain=1#L109

.app.status.operationState.phase has value: "<no value>" sometimes

Hi,

We're using an argocd notification trigger based on the last reconciliation time to make a callback to an Azure pipeline. This way we can trigger a notification/callback by refreshing the application.

Our pipeline job is getting falsely canceled by the following notification, because the is_finished boolean evaluates to true when phase is "<no value>". But in reality the sync is not yet finished and now the wait step has failed for no reason. I'm not sure why phase is being set to "<no value>" and mostly it doesn't happen and the pipeline runs as it should. The pipeline basically patches the pull request properties and waits, and then it calls the argocd api to refresh the application, which should trigger a notification in case there is no change in the health status or phase status.

{
  "commitid": "eeef473c8481d1bec7d06bae20eafbe95e567d1a",
  "repo": "https://dev.azure.com/stater-europe/Stater/_git/devops-pipelines-autotest-gitops",
  "phase": "<no value>",
  "sync_status": "OutOfSync",
  "health": "Healthy",
  "message": "<no value>",
  "resources": [
    {
      "health": {
        "status": "Healthy"
      },
      "kind": "Service",
      "name": "autotest",
      "namespace": "autotest",
      "status": "Synced",
      "version": "v1"
    },
    {
      "group": "apps",
      "health": {
        "status": "Healthy"
      },
      "kind": "Deployment",
      "name": "autotest",
      "namespace": "autotest",
      "status": "OutOfSync",
      "version": "v1"
    },
    {
      "group": "networking.k8s.io",
      "health": {
        "status": "Healthy"
      },
      "kind": "Ingress",
      "name": "autotest",
      "namespace": "autotest",
      "status": "Synced",
      "version": "v1beta1"
    }
  ]
}

Here is the notifications configmap I used:

argocd-notifications:
  logLevel: info
  metrics:
    enabled: true
    serviceMonitor:
      enabled: true
  resources:
    limits:
      cpu: 1
      memory: 256Mi
    requests:
      cpu: 100m
      memory: 128Mi

  subscriptions:
    - triggers:
        - sync-operation-status-change
        - refresh-reconciled-at
      recipients:
        - azdo-gitops-connector

  triggers:
    trigger.sync-operation-status-change: |
      - description: "Sync could not be completed."
        when: app.status.operationState.phase in ['Error', 'Failed']
        send:
          - sync-operation-status-change
      - description: "Application sync status succeeded."
        when: app.status.operationState.phase in ['Succeeded']
        send:
          - sync-operation-status-change
      - description: "Sync operation started, manifest are being fetched and diffed."
        when: app.status.operationState.phase in ['Running']
        send:
          - sync-operation-status-change
      - description: "Kubernetes objects are being reconciled by controllers."
        when: app.status.health.status in ['Progressing']
        send:
          - sync-operation-status-change
      - description: "Healthy app"
        when: app.status.health.status in ['Healthy'] && app.status.operationState.phase in ['Succeeded']
        send:
          - sync-operation-status-change
      - description: "Sync and reconciliation resulted in unhealthy app"
        when: app.status.health.status in ['Unknown', 'Suspended', 'Degraded', 'Missing']
        send:
          - sync-operation-status-change
    trigger.refresh-reconciled-at: |
      - description: "Refreshed during the last minute."
        oncePer: app.status.reconciledAt
        when: time.Now().Sub(time.Parse(app.status.reconciledAt)).Minutes() <= 5
        send:
          - sync-operation-status-change

  templates:
    template.sync-operation-status-change: |
      webhook:
        azdo-gitops-connector:
          method: POST
          path: /gitopsphase
          body: |
            {
              "commitid": "{{.app.status.sync.revision}}",
              "repo": "{{.app.spec.source.repoURL}}",
              "phase": "{{.app.status.operationState.phase}}",
              "sync_status": "{{.app.status.sync.status}}",
              "health": "{{.app.status.health.status}}",
              "message": "{{.app.status.operationState.message}}",
              "resources": {{toJson .app.status.resources}}
            }

  notifiers:
    service.webhook.azdo-gitops-connector: |
      url: http://gitops-connector:8080
      headers:
      - name: Content-Type
        value: application/json

Option to control logging level

Hello!

Currently, the gitops connector is configured to use logging level DEBUG, which causes a lot of logs. In our case, it resulted in several hundred thousand logs daily.

I would like it configurable through the HelmRelease so we can decide what logging level we would like.

Example of the logging configuration I would like to be configurable:

IndexError: list index out of range - AT runid = commitMessageArray[2]

I was not seeing the dispatch event on deploy completion, so went to the logs and noticed there is an index out of range error where it tries to fetch the runid/commitId.

    def _get_source_commit_id_run_id(self, manifest_commitid):
        commitMessage = self.git_repository.get_commit_message(manifest_commitid)
        commitMessageArray = commitMessage.split('/', 5)
        runid = commitMessageArray[2]
        commitid = commitMessageArray[3]
        logging.info(f'CommitId {commitid}')
        return commitid, runid

Looks like it is expecting a commit message to exist on the manifest update commit with these values. I haven't seen that documented anywhere though, and in my case I am using flux image automation to automatically update manifests when a new image hits the container registry, so I don't think I will have any easy way to generate this commit message from flux.