We feel it would be beneficial to add a sub-section here referencing the reconcile options available to users when creating their policies as it pertains to GitOps when deploying policies to one's cluster. Akin to what is presently located in the application lifecycle documentation: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/applications/managing-applications#resource-overwrite-example Without this information customers can be confused on the best method for deploying and modifying polices onto clusters via GitOps. Reported by: rhn-support-jayoung https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/governance/governance#annotations:f30b6b47-5c9f-486e-ad34-ba9c28a41771
Hey Andy, thanks for your patience. There was a comment made by Gus in the GH issue. You can find his comment later in this message: "Hey Mikela, I'm happy to work with you on this, except this issue does appear to be confusing to me. Right now we do not expose the apps.open-cluster-management.io/reconcile-option in our deploy script in the policy-collection repository. This means the subscriptions will always use the merge options with gitops. While users are more than welcome to customize the reconcile option -- I would expect a best practice to be all policies should be applied through gitops, making the concern here to be minimized when compared to how this may typically work with applications. We can discuss this more though if you think there's an angle that important to capture that I don't see right now. Thanks! We can always link to this section from the policy documentation so users are aware there's a reconcile setting." From my viewpoint, it is working as is. However, we can work on adding a reconcile section in our upcoming release
Excuse me, it is working as designed
Hi Mikela, Thanks for the update Regards, Andy
@andbartl Gus made the suggestion to temporarily add a note about some of the reconciliation options. Here is the note that Gus suggested: "Note: By default, policies deployed with gitops will use the merge reconcile option. If you would like to use the replace reconcile option instead, add the annotation apps.open-cluster-management.io/reconcile-option: replace to the Subscription resource. See [Application Lifecycle](https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/applications/managing-applications#resource-overwrite-example) for more details." Here is the change you should expect to see on Thursday evening/Friday. Product documentation is refreshed by the team on Thursdays after 3: "*Note*: By default, policies deployed with GitOps use the `merge` reconcile option. If you want to use the `replace` reconcile option instead, add the `apps.open-cluster-management.io/reconcile-option: replace` annotation to the `Subscription` resource. See link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/applications/managing-applications#resource-overwrite-example[Application Lifecycle] for more details." I will create an issue for the Governance team to consider adding the reconcile options. This is also updated in 2.4. Thank you for bringing this to our attention.
Here is the link where the update will be displayed: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/governance/governance#deploying-policies-to-your-cluster and https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/governance/governance#deploying-policies-to-your-cluster
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: Red Hat Advanced Cluster Management 2.4.2 security updates and bug fixes), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0735
Thanks for the update on this. Regards, Andy