-
Notifications
You must be signed in to change notification settings - Fork 553
docs: Config Approval Draft #3981
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
110 changes: 110 additions & 0 deletions
110
docs/user-guide/creating-application/config-approval.md
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,110 @@ | ||
| # Configuration Approval Process in Devtron | ||
|
|
||
| ## Introduction | ||
|
|
||
| Since resources are created according to the configurations you enter, it's essential to protect such configurations against unauthorized changes. For critical environments like production, it becomes necessary to introduce an approval flow for any edits made to the configuration files. | ||
ashoknayak777 marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| In Devtron, these configurations are present in the **App Configuration** tab of your application. | ||
|
|
||
| Any changes made to the following configurations will require approval: | ||
ashoknayak777 marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| - Deployment Template | ||
| - ConfigMaps | ||
| - Secrets | ||
|
|
||
| This stands true for both: base configuration and respective environment-level configuration. | ||
ashoknayak777 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
|  | ||
|
|
||
|  | ||
|
|
||
| --- | ||
|
|
||
| ## Changing the Configuration Values | ||
|
|
||
| Let's say you wish to edit the deployment template of your environment (as an override) | ||
|
|
||
| 1. Go to the `App Configuration` tab. | ||
|
|
||
| 2. Click `Choose Protect Configuration`. | ||
|
|
||
| 3. Enable the protection for the configuration of your choice (base/environment level). A protection badge would appear next to the chosen configuration. | ||
ashoknayak777 marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| 4. In Environment Overrides → (choose your environment) → Deployment Template | ||
|
|
||
|  | ||
|
|
||
| 5. You can change the value of a key to a desired value as shown below. Once done, click the **Save Changes…** button **.** | ||
|
|
||
|  | ||
|
|
||
| 6. Next, you can either do one of the following: | ||
|
|
||
| * **Save as draft** : Selecting this option will save your file as a draft. Other users can view and edit the saved draft and propose it further for approval. | ||
ashoknayak777 marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| * **Save & Propose Changes** : Selecting this option will propose your changes for approval from an authorized user. | ||
ashoknayak777 marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| Since we are proposing the changes immediately, click **Propose Changes**. | ||
|
|
||
|  | ||
|
|
||
| 7. You can also view the approver(s) if you wish. | ||
|
|
||
|  | ||
|
|
||
| {% hint style="info" %} | ||
| If you are already a super-admin who performed the edits, still you won't be able to approve your own changes. A different user has to approve your changes. | ||
ashoknayak777 marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| {% endhint %} | ||
|
|
||
| In the top-right corner, you have the option to discard the draft if you don't wish to proceed with the edits you made. Alternatively, unprotecting the configuration in the **App Configuration** page will also lead to the discarding of your proposed changes. | ||
ashoknayak777 marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
|  | ||
|
|
||
|  | ||
|
|
||
| --- | ||
|
|
||
| ## Approving the Configuration | ||
|
|
||
| Only a super-admin user or someone with `Configuration approver` access can approve the changes made to the configuration files. To check this, follow the below steps. | ||
ashoknayak777 marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| 1. Go to **Global Configurations** from the left menu. | ||
|
|
||
| 2. Click the **Authorization** dropdown. | ||
|
|
||
| 3. Select **User Permissions**. | ||
|
|
||
| 4. Check the permissions granted to the user. | ||
|
|
||
|  | ||
|
|
||
| If the user has the requisite permissions, he/she can approve the configuration changes as shown below. | ||
ashoknayak777 marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
|  | ||
|
|
||
| --- | ||
|
|
||
| ## Deploying with New Configuration Values | ||
|
|
||
| Once the approver validates and approves your configuration changes, you can proceed to deploy your application with the updated configuration. | ||
|
|
||
| 1. Go to the **Build & Deploy** tab of your application. | ||
|
|
||
| 2. Click **Select Image** in the deployment flow. | ||
|
|
||
|  | ||
|
|
||
| 3. You can view an indicator at the bottom `Config Diff from Last Deployed`. Click **Review** to view the changes. | ||
|
|
||
|  | ||
|
|
||
| {% hint style="info" %} | ||
| If the new configuration is not yet approved, the changes made to the config would not be visible during deployment, it would show `No Config Diff from Last Deployed` at the bottom. | ||
ashoknayak777 marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| {% endhint %} | ||
|
|
||
| 4. Once you have verified the changes, you can click **Deploy**. | ||
|
|
||
|  | ||
|
|
||
| {% hint style="info" %} | ||
| If you don't wish to deploy with the new changes, you can choose `Last deployed config` from the available drop-down. | ||
| {% endhint %} | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.