fix(grafana): comment out grafana steps to unblock rollouts (ARO-28044)#5838
Conversation
There was a problem hiding this comment.
Pull request overview
Temporarily disables EV2 reconciliation of the shared Managed Grafana instance and related integrations to unblock production rollouts impacted by Azure Policy restrictions on ARM deploymentScripts (ARO-28044). This is positioned as a non-destructive mitigation until the longer-term fix in ARO-28040 lands.
Changes:
- Comments out the Grafana workspace lookup module, Grafana instance module, and AFD permission module wiring in
global-infra.bicep. - Comments out Grafana subscription RBAC and dashboard reconciliation steps in the global pipelines.
- Comments out the regional pipeline step that adds the Grafana datasource.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| dev-infrastructure/templates/global-infra.bicep | Disables Grafana module deployments (workspace lookup, instance creation, AFD permissions) via TODO-commented blocks. |
| dev-infrastructure/region-pipeline.yaml | Disables the regional Grafana datasource reconciliation step. |
| dev-infrastructure/global-pipeline.yaml | Disables Grafana monitoring-reader RBAC and dashboard reconciliation steps in the global pipeline. |
| dev-infrastructure/global-pipeline-stg.yaml | Disables Grafana monitoring-reader RBAC and dashboard reconciliation steps in the staging global pipeline. |
janboll
left a comment
There was a problem hiding this comment.
Please do not delete more than needed to solve this
janboll
left a comment
There was a problem hiding this comment.
after discussion, we readd this after doing refactoring
/lgtm
/approve
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: janboll, raelga The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
The ARO-28044 mitigation (Azure#5838) commented out the grafana rollout and reader steps to unblock pipelines. This change supersedes that mitigation with a redesigned, deploymentScript-free grafana reconcile, so re-enable grafana first by reverting the mitigation in full.
The ARO-28044 mitigation (Azure#5838) commented out the grafana rollout and reader steps to unblock pipelines. This change supersedes that mitigation with a redesigned, deploymentScript-free grafana reconcile, so re-enable grafana first by reverting the mitigation in full.
ARO-28044
What
Comments out the Grafana rollout resources and steps that reconcile the shared Grafana instance and integrations:
grafanaWorkspaceIdLookup,grafana, and Grafana AFD permissions inglobal-infra.bicepgrafana-monitoring-readerandgrafana-dashboardsin the global pipelinesadd-grafana-datasourcein the regional pipelineWhy
Prod rollouts are currently blocked by the AME deployment-script storage policy used by the Grafana workspace lookup. This is a non-destructive mitigation: the existing Grafana instance and existing integrations remain in place, while EV2 stops reconciling Grafana until the proper reconcile fix lands in #5837 / ARO-28040.
Testing
cd config && make materializemake validate-config-pipelines/home/rael/bin/bicep build dev-infrastructure/templates/global-infra.bicep(passes with expected unused Grafana parameter/import warnings while Grafana is commented out)No unit, integration, or E2E tests were added; this only disables EV2 Grafana rollout steps/resources.
Special notes for your reviewer
@jboll this is intended as a temporary ARO-28044 mitigation only. Each commented block has a
TODO([ARO-28044](https://redhat.atlassian.net/browse/ARO-28044)): re-enable after [ARO-28040](https://redhat.atlassian.net/browse/ARO-28040)marker.PR Checklist
If E2E tests are included:
demonstrate that the test is able to detect a defect/error and fail with
proper error message and logs which communicates nature of the problem.