OpenAPI field should support merging #4613
Comments
k8s-ci-robot
added
the
needs-triage
|
I've just ran into this issue with a Deployment's containers object not merging properly with my |
|
I'm facing issues when trying to patch different resources at a time: rollout, services, etc. Once I specified the Is there a way to add/append your custom schema to the existing built-in so all the resources will be patched as expected? |
|
I am having the same issue where when openapi path is added, my deployments are missing specified resource limits that are added with a patch. If I remove the openapi path then my deployment limit is patched properly. |
|
Argo project will have a workaround for this soon with a blog post detailing how we came about it. But you can peak at this as well https://github.com/argoproj/argo-schema-generator |
|
Thanks @zachaller, I used the @dan-j, I also verified that your solution worked. I used the output of I opted for @zachaller since it seemed clean and also resulted in a smaller schema size. Thank @zachaller |
|
Those who commented that the
/triage accepted |
k8s-ci-robot
changed the title
k8s-ci-robot
added
triage/accepted
|
I have a blog post that should be posted this Thursday (8/25/2022) here that will also go into some of these issues as well. But really looking forward to either changes from kustomize or k8s to help with this issue as well. |
|
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
k8s-ci-robot
added
lifecycle/rotten
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /close not-planned |
|
@k8s-triage-robot: Closing this issue, marking it as "Not Planned". In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/lifecycle frozen |
k8s-ci-robot
added
lifecycle/frozen
|
The custom openapi example in the documentation suggests strongly that the We should update the example to point out that it is replacing the default schema and with that example, kustomize will no longer correctly handle lists in native resources like pods, deployments, etc. |
`spec.containers` field of Pods:
spec:
containers:
- name: container1
image: example
- name: container2
image: example
Kustomize is able to apply a strategic merge patch to specific
elements in this list by matching the patch against a "merge key".
That is, if we want to add an `env` attribute to `container2`, we can
apply a patch like this:
apiVersion: v1
kind: Pod
metadata:
name: example
spec:
containers:
- name: container2
env:
- MYVAR=somevalue
Kustomize "knows" to patch the list item with `name` equal to
`container2` because it has a compiled in schema for native kubernetes
resources that identifies the appropriate merge keys (the `name`
field). We end up with:
spec:
containers:
- name: container1
image: example
- name: container2
image: example
env:
- MYVAR=somevalue
This won't work by default for custom resources. For example, if we
have a resource like this:
apiVersion: multicluster.openshift.io/v1
kind: MultiClusterEngine
metadata:
name: multiclusterengine
spec:
overrides:
components:
- enabled: true
name: local-cluster
- enabled: true
name: assisted-service
- enabled: false
name: hypershift-preview
And we try to modify it with a patch like this:
apiVersion: multicluster.openshift.io/v1
kind: MultiClusterEngine
metadata:
name: multiclusterengine
spec:
overrides:
components:
- enabled: true
name: hypershift-preview
We will see that rather than making the expected change (setting
`enabled` to `true` for the list item with `name:
hypershift-preview`), this will simply *replace* the entire content of
the `components` key.
It is possible to provide Kustomize with a custom openapi schema that
informs of it of the appropriate merge keys for this sort of custom
resource. There is documentation and an example at [1], but
unfortunately this example is misleading. After reading that document
you may believe that you can provide a schema specific to the custom
resources you want to patch, but that is not the case: a custom schema
*completely replaces* the compiled-in schema, so for example with the
configuration shown in that example, Kustomize would no longer be able
to correctly patch containers in Pods and Deployments. This problem is
more fully discussed in [2], and there is some discussion in
kubernetes/kubernetes#82942 and kubernetes-sigs/kustomize#4613.
[1]: https://github.com/kubernetes-sigs/kustomize/blob/master/examples/customOpenAPIschema.md
[2]: https://blog.argoproj.io/argo-crds-and-kustomize-the-problem-of-patching-lists-5cfc43da288c
Strategic merge patches are the only way to patch lists by
object id, rather than by index, so it's functionality we need. To
support this, that means we need to dump the complete openapi schema
from our clusters to a file and make that available to Kustomize. This
commit introduces an initial version of this schema, but we will need
to update this in the future whenever we want to patch CRDs that
weren't available at the time we last generated this schema dump.
|
I agree the docs could be more clear. I noticed under I'm going to try and implement a relatively not too complex system for this using kustomize and some text parsing. If you download all the schemas and store them in their own kustomize directories, attach a random GVK, patch the schemas you want to patch, run a kustomize that calls all the directories, chop off the random GVK and add in |
|
@snuggie12 I've implemented something like that here. |
Due to issues with the way Kustomize handles patching lists in custom resource types, we need to provide a complete OpenAPI schema that includes schema definitions for any CRDs we wish to patch. See kubernetes-sigs/kustomize#4613 for more discussion on this topic. See `cluster-scope/base/openapi/README.md` for more information.
|
This issue has not been updated in over 1 year, and should be re-triaged. You can:
For more details on the triage process, see https://www.kubernetes.dev/docs/guide/issue-triage/ /remove-triage accepted |
k8s-ci-robot
added
needs-triage
Describe the bug
We have four directories:
deployment-base - A simple Deployment resource
deployment-patch - Patch for deployment-base's Deployment resource
rollout-base - A Rollout resource with its openapi definition
rollout-patch - Patch for rollout-base's Rollout resource
If I run
kustomize build deployment-patchit works as expected and it does patch the Deployment resourceIf I run
kustomize build rollout-patchit works as expected and it does patch the Rollout resourceIf I run kustomize build with the following kustomization.yaml then it works as expected (and both resources are patched properly):
But when I change the sequence to the following
then Rollout resource is still patched properly but at Deployment resource the container definition does not contain properties that are defined only in base.
I have prepared a repo with the details and examples:
https://github.com/gruberrichard/kustomize-bug-with-openapi
Expected output
I would expect that the generated manifests are the same (and patching of Deployment resource does not break) if I change the sequence of resource directories
Kustomize version
Platform
macOS
The text was updated successfully, but these errors were encountered: