Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kustomize Controller deletes resource when Kustomization encounters resource with invalid / nonsense spec #734

Open
CAR6807 opened this issue Sep 28, 2022 · 2 comments
Open

Kustomize Controller deletes resource when Kustomization encounters resource with invalid / nonsense spec #734

CAR6807 opened this issue Sep 28, 2022 · 2 comments

Comments

@CAR6807
Copy link

CAR6807 commented Sep 28, 2022

A resource is deleted when the resource is updated with an invalid spec.

Expected behavior is the resource fails to update but not delete the existing resource.

To reproduce

Prior to change, verify resource exist

kubectl get svc -n zebrafinch zt-ms-zf-master-pre-release
NAME                          TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE
zt-ms-zf-master-pre-release   ClusterIP   192.168.122.47   <none>        443/TCP   24s

Then introduce invalid spec change, in this case an empty ports section for the Service Object

---
apiVersion: v1
kind: Service
metadata:
  labels:
    contextRoot: zt-ms-zf
  name: ingress-zt-ms-zf-master-pre-release
  namespace: zebrafinch
spec:
  ports:  #<-------- note the ports section is empty
  selector:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/component: controller
  type: ClusterIP

Once committed, the resource is deleted from the cluster even though the resource still exists in git and the update fails.

kubectl get svc -n zebrafinch zt-ms-zf-master-pre-release 
Error from server (NotFound): services "zt-ms-zf-master-pre-release " not found

Event from the Kustomize Object states it cannot find the object because it deleted by Kustomize

caas-zerotouch-ms-zebrafinch-master            396d   False     Service/zebrafinch/zt-ms-zf-master-pre-release immutable field detected, failed to delete object, error: services "zt-ms-zf-master-pre-release" not found

Spec from Kustomize Object include Prune

spec:
  decryption:
    provider: sops
  force: true
  interval: 1m0s
  path: ./caas/zerotouch-ms-zebrafinch/master
  prune: true
  serviceAccountName: zebrafinch
  sourceRef:
    kind: GitRepository
    name: zebrafinch
    namespace: zebrafinch
  targetNamespace: zebrafinch

Kustomize object still has resource in inventory

  inventory:
    entries:
     - id: zebrafinch_zt-ms-zf-master-pre-release__Service
      v: v1

Kustomize Controller should not delete resource if it encounters invalid spec.
@stefanprodan
Copy link
Member

It deletes the object because of force: true, the Kubernetes API returns the same error as for immutable changes.

@CAR6807
Copy link
Author

CAR6807 commented Sep 28, 2022

Odd thing I have seen this on CRDs where fields are not set as Immutable and otherwise can be updated manually with the invalid fields dropped

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stefanprodan @CAR6807