Plans are how Apollo delivers instructions from the Hub to agents in managed Environments. Each Plan is a unit of work, such as a configuration change or a Release upgrade, and will only be sent to an agent for execution when all relevant constraints have been satisfied.
Apollo supports the following Plan types:
Plans and constraints are surfaced in the Apollo Control Center, to ensure that Apollo’s workflows are human-readable. Users can see the history of Plans that an agent performed for a given Environment, each of which has a start and an end time.
Apollo's Plan-based paradigm is different than other "control loop" systems. Rather than directly carrying out actions in the background without a human noticing, Apollo generates a Plan, and once all constraints are satisfied, the Plan is sent to an agent for execution. This Plan-based paradigm provides more transparency and visibility to users for on-going, upcoming, and previous changes made in the Environment. You can view the history of Plans for an Apollo-managed Entity under the Plans tab of the Entity's home page.
The Orchestration Engine in every Hub Environment:
Agents in every Spoke Environment:
You can track the progress of a Plan in the Plans tab of the Entity or Environment home page. Select a Plan's status from the Status column to view the task(s) that form the Plan and their progress.
For Plans that are in progress, you can view:
For Plans that failed, you can view an error message for each task that failed. This enables you to identify the reason that the Plan failed and resolve any issues.
When Plans fail, Apollo will automatically create an Entity-level suppression window, which will prevent further work on that Entity. Apollo will continue to issue new Plans for other Entities in the Environment. If the number of Entities in an Environment that are under automated suppression windows exceeds the configured threshold, Apollo will automatically create an Environment-wide suppression window as this may be indicative of a system-wide problem. An Environment-wide suppression will prevent further work on all Entities in the Environment. Once the number of Entities under suppression windows returns to below the threshold, Apollo will automatically remove the Environment-wide suppression.
After a Plan had failed and an automatic suppression window was applied, Apollo will permit a “rollback” Plan to restore the old state of the world despite the automatic suppression window. This does not apply if the suppression window was created by a human - Apollo will always respect these.
Apollo will request a new Plan for an Entity when one of the following happens:
Plan invalidation due to changes to the Reported State of the Environment is based on the dependency graph of Entities in the Environment. Modifying an Entity creates new a Plan request for the Entity itself as well as its neighbors in the dependency graph, meaning its dependencies and dependents. Apollo requests Plans for an Entity’s dependencies and dependents because an Entity changing versions can change the versions to which its dependencies and dependents can upgrade due to product dependency constraints.
Consider the following example dependency graph for Entities in an Environment:
Service A depends on Service B, which depends on Service C. For now, assume that these are the only dependencies that these services declare.
A modification to the Service C Entity would request a new Plan for Service C and Service B because it declares a dependency on Service C.
A modification to the Service B Entity would request a new Plan for Service C as a dependency, the Service B Entity itself, and Service A as a dependent Entity.
A modification to the Service A Entity would request a new Plan for Service B as a dependency and Service A itself.
Constraints are conditions that Plans must satisfy before they can be executed by an agent. Apollo evaluates constraints to ensure that agents only execute Plans when it is safe and acceptable to do so.
Apollo’s constraint solving engine automates the validation that a human would have to do before performing an upgrade; for example, at the time of code review in a GitOps model.
Constraints are surfaced in the Apollo Control Center and help users understand why a Plan is blocked from starting (for example, when an upgrade is not happening). They also provide enough information so that a user can take an action to unblock the Plan from being carried out by an agent. Here is a screenshot of a "suppression window" constraint preventing a plan from being executed until the suppression window ends:
Some example constraints are listed below.
Environment editors can define time windows during which it is acceptable for Apollo to make changes to Entities in their Environment (that is, upgrade or change configuration). These are called Environment and Entity maintenance windows. Product editors can define maintenance windows for their Products that determine when Apollo can promote a Release to a Release Channel. These are called Product maintenance windows. Maintenance window constraints block Plans from making changes outside of the defined time window.
There are two types of maintenance windows in Apollo: downtime and no-downtime.
Users may also request approval for a temporary maintenance window override
to allow Plans to proceed outside of the normal maintenance window. See Managing Environments for more details.
By default, Apollo will ignore no-downtime maintenance windows when rolling off a recalled Release. This is not true for roll-offs that require downtime where maintenance windows are respected. To override this behavior, set the require-maintenance-windows-for-no-downtime-recalled-release-roll-offs
field to true
in the Environment settings.
Users will often see that Plans on Entities are blocked by the constraint that “entity is not in maintenance window”. This means that Apollo is waiting for the next MW to apply the corresponding change to the Entity. The user can wait for the next MW, edit the MW schedule (if the user is an Environment editor), or create a maintenance window override (MWO). Refer to Managing Environments - Environment settings for information on how to perform these actions.
When publishing a Product to the Product Catalog, Product creators can include information about which other Products are required for proper functioning under the manifest. Product creators are required to specify the permitted version range of those dependencies. For more information see Managing Products - Publishing Helm Charts.
Copied!1 2 3 4 5 6 7 8 9 10 11 12
extensions: product-dependencies: - product-group: com.palantir.example product-name: example minimum-version: 1.0.0 maximum-version: 1.x.x - product-group: com.palantir.other product-name: other minimum-version: 2.53.1 maximum-version: 2.x.x
The Product Dependencies constraint ensures that Apollo will only execute a plan when:
Accurately defining Product dependencies and relying on this constraint allows Product creators to safely roll software across many disparate Environments using Apollo, without them needing to manually validate whether every upgrade is safe or coordinate releases with other teams.
You can override a Product dependency constraint for an Entity by adding ignored dependencies in the Entity advanced settings. This is useful when some capabilities provided by the ignored dependency are not required and thus not deployed. Only use this option if you are aware of the exact impact the ignored dependency will have on the Product.
Suppression windows prevent Apollo from issuing Plans during the configured time and supersede maintenance windows. Suppression windows can be set for either an Entity or the whole Environment. Suppression windows can be created in three ways:
Manual suppression windows should always be applied to an Entity before performing manual changes. Otherwise, Apollo could issue Plans that conflict with the changes and could cause unexpected behavior.
Learn more about managing suppressions windows for configuration and cancelling Plans.
Creating an Entity-level suppression window is the only supported way to cancel an active Plan.