Skip to content

Operational runbooks for the addon catalog#86

Merged
stxkxs merged 1 commit into
mainfrom
design-state-docs
Jul 2, 2026
Merged

Operational runbooks for the addon catalog#86
stxkxs merged 1 commit into
mainfrom
design-state-docs

Conversation

@stxkxs

@stxkxs stxkxs commented Jul 2, 2026

Copy link
Copy Markdown
Member

See commit message. Four runbooks (addon-sync-degraded, rollback, druid-operations, render-gate-failures), each grounded in the applicationsets/catalog/CI; symptoms→diagnosis→remediation→verification shape.

docs/runbooks/ carried a single troubleshooting reference for a repo that
deploys ~40 addons across four environments. This adds four operational
runbooks, each grounded in what the repo actually ships (applicationsets,
the druid catalog chart, the CI render gates) and shaped
symptoms → diagnosis → remediation → verification.

─── addon-sync-degraded ───

Diagnosing an ArgoCD Application that is stuck, degraded, or missing:
reading status.conditions/operationState, why a missing cluster-secret
environment label means no app at all (missingkey=error), sync-wave
implications for CRD-before-consumer ordering, the ignoreDifferences
contract for StatefulSet volumeClaimTemplates, and targeted
hard-refresh / per-resource sync / terminate-op levers — with the
explicit caveat that the ApplicationSet controller owns the generated
Application spec, so manual overrides are transient by design.

─── rollback ───

Chart-pin revert flow: pins live in the ApplicationSet list elements,
values deltas in addons/<category>/<addon>/, and because every app runs
automated {prune, selfHeal}, the only durable rollback is a git revert
through the same render gates as the original change. Documents the
temporary incident levers (sync-policy none, app rollback) and their
self-heal expiry, plus version-specific gotchas: CRD-managing charts
don't downgrade CRDs, StatefulSet volumeClaimTemplates are immutable.

─── druid-operations ───

The chart this repo owns outright. Keystore secret rotation end to end:
AWS Secrets Manager → ExternalSecret (1h refresh, force-sync
annotation) → cert-manager passwordSecretRef re-encryption → pod
restart, with the ordering constraint that pods must not restart
between the password sync and the keystore re-issue. Probe semantics
table (per-component ports, the broker/historical readiness endpoints
vs plain /status/health, the ~11-minute startup window, why HTTPS
probes work against the self-signed internal CA). Scaling guidance per
component class: historicals gated on segment reload from deep storage,
stateless broker/router, leader-elected coordinator/overlord, and
ingestion capacity living in the overlord's Job launcher rather than
replicas — all through git because selfHeal reverts kubectl scale.

─── render-gate-failures ───

What each CI gate failure means (zero-placeholder, render-assert,
kubeconform strict with no ignore-missing-schemas, trivy config
MEDIUM+) and the local task equivalents to reproduce. Codifies the
exception discipline: a .trivyignore.yaml entry is legitimate only when
the finding is the component's contract, must be path-scoped to one
addon's rendered output, and must carry a statement that survives a
cold review — the existing device-plugin and druid entries are the
calibration. Same per-kind, commented discipline for kubeconform skips.

README's documentation index groups the runbooks under a Runbooks list.

Co-authored-by: stxkxsbot <275011021+stxkxsbot@users.noreply.github.com>
@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown

CI Results

Check Status
YAML Lint ✅ success
Render + assert + schema + misconfig (all environments) ✅ success

All checks passed.

@stxkxs stxkxs marked this pull request as ready for review July 2, 2026 02:46
@stxkxs stxkxs merged commit a07be4a into main Jul 2, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant