-
Notifications
You must be signed in to change notification settings - Fork 554
docs: Config Approval Draft #3981
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
Show all changes
4 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
124 changes: 124 additions & 0 deletions
124
docs/user-guide/creating-application/config-approval.md
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,124 @@ | ||
| # Protect Configuration | ||
|
|
||
| ## Introduction | ||
|
|
||
| Since resources are created according to the configurations you enter, it's essential to restrict such configurations from direct modifications. For critical environments like production, it becomes necessary to introduce an approval flow for any edits made to the configuration files. | ||
|
|
||
| In Devtron, these configurations are present in the **App Configuration** tab of your application. | ||
|
|
||
| Any changes made to the following configurations will require approval if enabled: | ||
|
|
||
| - Deployment Template | ||
| - ConfigMaps | ||
| - Secrets | ||
|
|
||
| This stands true for both: base configuration and respective environment-level configuration. | ||
|
|
||
|  | ||
|
|
||
|  | ||
|
|
||
| --- | ||
|
|
||
| ## Changing the Configuration Values | ||
|
|
||
| {% hint style="info" %} | ||
| Only a super-admin, manager, and admin can edit the configuration values. | ||
| {% endhint %} | ||
|
|
||
| Let's assume you are the application admin and you wish to edit the deployment template of your environment (as an override). | ||
|
|
||
| 1. Go to the `App Configuration` tab. | ||
|
|
||
| 2. In Environment Overrides → (choose your environment) → Deployment Template | ||
|
|
||
|  | ||
|
|
||
| 3. You can change the value of a key to a desired value as shown below. Once done, click the **Save Changes…** button **.** | ||
|
|
||
|  | ||
|
|
||
| 4. If the configuration is protected, your changes won't be published right away. You can do either of the following: | ||
|
|
||
| * **Save as draft** : Selecting this option will save your file as a draft. You and other users can view and edit the saved draft and propose it further for approval. | ||
| * **Save & Propose Changes** : Selecting this option will propose your changes to a configuration approver for a review. | ||
|
|
||
| Since we are proposing the changes immediately, click **Propose Changes**. | ||
|
|
||
|  | ||
|
|
||
| 5. You can also view the approver(s) if you wish. | ||
|
|
||
|  | ||
|
|
||
| {% hint style="info" %} | ||
| The one who performs the edits cannot approve their own changes. A different user has to review and approve. | ||
| {% endhint %} | ||
|
|
||
| Only one draft can exist at time and you cannot create multiple drafts. In the top-right corner, you have the option to discard the draft if you don't wish to proceed with the edits you made. | ||
|
|
||
| --- | ||
|
|
||
| ## Approving the Configuration | ||
|
|
||
| {% hint style="info" %} | ||
| Only a different super-admin user or someone (who is not amongst the editors of the draft), having `Configuration approver` access, can approve the changes made to the configuration files. | ||
| {% endhint %} | ||
|
|
||
| Go to the edited configuration file to review and approve the changes as shown below. | ||
|
|
||
|  | ||
|
|
||
| A super-admin can check whether a user has approval rights by going to **Global Configurations** → **Authorization** (dropdown) → **User Permissions**. | ||
|
|
||
|  | ||
|
|
||
|
|
||
| --- | ||
|
|
||
| ## Deploying with New Configuration Values | ||
|
|
||
| Once the approver validates and approves your configuration changes, you can proceed to deploy your application with the updated configuration. | ||
|
|
||
| 1. Go to the **Build & Deploy** tab of your application. | ||
|
|
||
| 2. Click **Select Image** in the deployment flow. | ||
|
|
||
|  | ||
|
|
||
| 3. You can view an indicator at the bottom `Config Diff from Last Deployed`. Click **Review** to view the changes. | ||
|
|
||
|  | ||
|
|
||
| {% hint style="info" %} | ||
| If the new configuration is not yet approved, the changes made to the config would not be visible during deployment, it would show `No Config Diff from Last Deployed` at the bottom. In that case, check whether your changes are present in the live config or not. If your changes are absent, chances are your draft is either pending for approval or rejected (discarded). | ||
| {% endhint %} | ||
|
|
||
| 4. Once you have verified the changes, you can click **Deploy**. | ||
|
|
||
|  | ||
|
|
||
| {% hint style="info" %} | ||
| If you don't wish to deploy with the new changes, you can choose `Last deployed config` from the available drop-down. | ||
| {% endhint %} | ||
|
|
||
| --- | ||
|
|
||
| ## Enabling/Disabling Config Protection | ||
ashoknayak777 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| {% hint style="info" %} | ||
| Only a super-admin can enable or disable the config protection. | ||
| {% endhint %} | ||
|
|
||
| 1. Go to the `App Configuration` tab. | ||
|
|
||
| 2. Click `Protect Configuration`. | ||
|
|
||
| 3. Use the toggle button to enable the protection for the configuration of your choice (base/environment level). A protection badge would appear next to the chosen configuration. | ||
|
|
||
| Alternatively, unprotecting the configuration will lead to the discarding of unapproved drafts (if any). | ||
|
|
||
|  | ||
|
|
||
|  | ||
|
|
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.