Comments (17)
Today, all the namespaced objects sent from Config Sync to cli-utils have the metadata.namespace field explicitly set.
Is it reasonable to expect this from other users of cli-utils ?
cli-utils already requires this.
This problem here is with apply-time-mutation annotations which were initially designed to support inferring the namespace of dependencies from the namespace of the dependent object. However, it does look like disabling implicit namespace resolution for apply-time-mutation is the easier path forward, and would align with the requirement on the objects themselves.
from cli-utils.
Explicit dep with depends-on works, so it's just apply-time-mutation that doesn't (weird!).
$ kpt live apply
namespace/test unchanged
1 resource(s) applied. 0 created, 1 unchanged, 0 configured, 0 failed
pod/pod-a created
1 resource(s) applied. 1 created, 0 unchanged, 0 configured, 0 failed
pod/pod-b created
1 resource(s) applied. 1 created, 0 unchanged, 0 configured, 0 failed
from cli-utils.
apply-time-mutation works if the source namespace is specified. So it's just the implicit namespace resolution that breaks graph sorting.
from cli-utils.
Root cause:
graph.Sort
only uses mutation.ReadAnnotation
, which returns an empty Namespace, if not specified by the user. The implicit namespace resolution is performed in ApplyTimeMutator.Mutate
.
Unfortunately, the easy solution of moving implicit namespace resolution into mutation.ReadAnnotation
doesn't work, because it needs to know whether the Source and Target are both namespaced. This would require using the mapper to resolve the resource schemas. If we try to use the mapper in graph.Sort
it would fail for resources that haven't had their CRD applied yet.
So this is another issue with mapping lookups happening up front instead of lazily as-needed. Changing that, to resolve sort order after every apply, would be a significant change...
Also unfortunate is that we can't reject SourceRefs without an explicit namespace without knowing if the resource is namespaced or not...
from cli-utils.
Possible workarounds:
- Resolve mapping up front, if possible, and error at apply time, if not
- Add a ResourceReference field to specify if the resource is cluster or namespace scoped.
- Perform implicit namespace resolution before sorting (to avoid needing to inject the mapper into graph.SortObjs).
- If there's no schema and the namespace is empty and the resource is namespace scoped, it will still error at apply time, but all other cases will work as expected.
- Disable implicit namespace resolution
- Error at apply time if namespace is empty and resource is namespace scoped (makes the apply error more actionable, but requires namespace to always be specified)
- Change sorting to only sort one stage at a time (dynamic task scheduling).
- Add a SortTask after every Apply+Wait and Delete+Wait. This new task would determine the next tasks to execute and add them to the task queue.
- Replace graph.SortObjs with a graph.Next (or similar) that just returns the next UnstructuredSet to apply/delete.
- Resolve implicit namespace by checking against the UnstructuredSet being sorted,
- Lookup the resource both without the namespace and with the namespace, to see if there is a match.
- If there's no match, skip adding the graph edge and log a warning
- This only works for dependencies in the resource set (not external deps: #412)
from cli-utils.
- Disable implicit namespace resolution
Today, all the namespaced objects sent from Config Sync to cli-utils have the metadata.namespace
field explicitly set.
Is it reasonable to expect this from other users of cli-utils ?
from cli-utils.
cli-utils already requires this.
I don't think this is true. I tested with kapply
built from the master, which doesn't require the metadata.namespace
field of a Deployment object to be explicitly set.
from cli-utils.
The Applier runs the Valdator which runs the validateNamespace
method, passing in the list of CRDs in the set and the mapper.
The valdiator should error if it's namespace-scoped with no namespace or cluster-scoped with a namespace.
https://github.com/kubernetes-sigs/cli-utils/blob/master/pkg/object/validate.go#L124
from cli-utils.
Accurately speaking, Applier.Run
requires the metadata.namespace
field of a namespaced object to be explicitly set.
kapply does not require this, since it sets the metadata.namespace
field of a namespaced object if it is missing.
from cli-utils.
Thanks for clarifying. I don't know if having kapply do that really helps us test, but it might be trying to duplicate kpt and kubectl behavior.
from cli-utils.
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
- After 90d of inactivity,
lifecycle/stale
is applied - After 30d of inactivity since
lifecycle/stale
was applied,lifecycle/rotten
is applied - After 30d of inactivity since
lifecycle/rotten
was applied, the issue is closed
You can:
- Mark this issue or PR as fresh with
/remove-lifecycle stale
- Mark this issue or PR as rotten with
/lifecycle rotten
- Close this issue or PR with
/close
- Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
from cli-utils.
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
- After 90d of inactivity,
lifecycle/stale
is applied - After 30d of inactivity since
lifecycle/stale
was applied,lifecycle/rotten
is applied - After 30d of inactivity since
lifecycle/rotten
was applied, the issue is closed
You can:
- Mark this issue or PR as fresh with
/remove-lifecycle rotten
- Close this issue or PR with
/close
- Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten
from cli-utils.
/remove-lifecycle rotten
from cli-utils.
Short term fix is to disable implicit namespaces, since they don't work as-is: #482
Long term fix is unknown.
from cli-utils.
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
- After 90d of inactivity,
lifecycle/stale
is applied - After 30d of inactivity since
lifecycle/stale
was applied,lifecycle/rotten
is applied - After 30d of inactivity since
lifecycle/rotten
was applied, the issue is closed
You can:
- Mark this issue or PR as fresh with
/remove-lifecycle stale
- Mark this issue or PR as rotten with
/lifecycle rotten
- Close this issue or PR with
/close
- Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
from cli-utils.
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
- After 90d of inactivity,
lifecycle/stale
is applied - After 30d of inactivity since
lifecycle/stale
was applied,lifecycle/rotten
is applied - After 30d of inactivity since
lifecycle/rotten
was applied, the issue is closed
You can:
- Mark this issue or PR as fresh with
/remove-lifecycle rotten
- Close this issue or PR with
/close
- Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten
from cli-utils.
/remove-lifecycle rotten
/lifecycle frozen
from cli-utils.
Related Issues (20)
- Bug: Destroyer should retain inventory if any objects failed to delete or reconcile HOT 4
- Bug: kstatus/status returns incorrect "Current" result immediately after DaemonSet apply HOT 2
- Bug: InventoryManager.SetObjectStatus doesn't actually update the object status
- Chore: refactor Filters to take TaskContext HOT 3
- Bug: Inventory updates should tolerate drift (and overwrite it) HOT 4
- Feature Request: Expose skip operation reasons HOT 3
- Bug: event printer only prints reconcile summary once (should be 1 for apply wait & 1 for prune wait) HOT 3
- Provide the possibility to override condition functions for resources HOT 10
- ObjectMetadata fieldSeparator is set to underscore, breaking Gitlab Kubernetes Agent and Crossplane. HOT 2
- kapply panic when the inventory object is missing HOT 5
- kstatus does not accept booleans for conditions HOT 7
- Table view as in `kpt live apply` is hard to read on slow terminals HOT 4
- Bug: objects flagged by CurrentUIDFilter should be removed from the inventory
- Watch for client-go deployments HOT 5
- Fix or reduce frequency or switch off perma-failing jobs HOT 6
- safely consuming kstatus collector updates HOT 6
- Feature Request: Optionally skip waiting for reconciliation HOT 9
- kstatus: defaults to fail open when no `status` field is available HOT 5
- Archive the repository? HOT 2
- Feature Request: Apply roles before bindings HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cli-utils.