🌱 Kustomize: Update deprecated syntax #9223
Conversation
This commit updates the following: - patchesStrategicMerge -> patches - patchesJson6902 -> patches - vars and varReference -> replacements - bases -> resources Most of this is straight forward, but the vars -> replacements change is a bit complicated. I have taken inspiration from kubebuilder for how to do the change. In particular I changed the name of the secret that holds the certificate to be static. Previously it was set partially from a variable. I believe it would be unnecessarily complicated to keep this behavior and that a static name does not take away much.
k8s-ci-robot
added
area/dependency
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
| - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc | ||
| - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local |
There was a problem hiding this comment.
While these changes to remove $() are not strictly necessary, they do make it clearer that we do not rely on vars. It is also how kubebuilder has done it.
| issuerRef: | ||
| kind: Issuer | ||
| name: selfsigned-issuer | ||
| secretName: $(SERVICE_NAME)-cert # this secret will not be prefixed, since it's not managed by kustomize | ||
| secretName: webhook-service-cert # this secret will not be prefixed, since it's not managed by kustomize |
There was a problem hiding this comment.
This is probably the most controversial change, making the secret name static (not including a variable for the prefix). I think it would be possible to use replacements to keep the exact same behavior, but I'm not sure it is worth it. Happy to discuss it though. For now I went with the static name since this is also what kubebuilder has.
I see 3 options:
- static name like proposed here
- static name including a prefix to make it more obvious where the secret belongs
- replicate the exact behavior of vars but using replacements
Sure, I can do that. I was not sure about the first part of the issue though. Something about |
|
Hmm this could prove a bit tricky. I guess the envsubst variables are messing up the kustomize patch. Will need to investigate. |
Yeah - the creationTimestamp issue was a bug which was fixed in controller tools - ref kubernetes-sigs/controller-tools#800 |
|
The test errors seem to be because of kubernetes-sigs/kustomize#5049. It is possible to work around them by splitting the strategic merge patches into multiple files, but I think the better approach is to just wait for this issue to be resolved. There is work on-going to fix it and if that lands we will not need any additional changes I hope. /hold |
k8s-ci-robot
added
the
do-not-merge/hold
|
Thanks for digging into the errors! Let's track the status of that issue - if it's fixed relatively soon we can update. . AFAIK we only kustomize for generating test yamls so I'm not sure if we have any real urgency for bumping the version for CAPI. |
k8s-ci-robot
added
the
needs-rebase
|
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
Hey, thanks for this update. The issue mentioned above is fixed upstream. I checked out your branch locally and even with the latest kustomize version (v5.0.3), I'm getting the parsing error mentioned above.
I think this still holds true. When I comment out a patch from the files where we have more than one patches, it works. |
|
I guess you mean v5.3.0? That is strange 🤔 |
Yes, that was a typo. :( |
There was a problem hiding this comment.
@lentzi90 sorry for the previous comment, I was using wrong version indeed. I was not able to catch it because I was using direnv in a directory and that updated the PATH.
Your changes looks good.
On this branch, I no longer see warnings w.r.t. bases, vars, patchesStrategicMerge.
$ kustomize build config/default/ > /dev/null
# Warning: 'commonLabels' is deprecated. Please use 'labels' instead. Run 'kustomize edit fix' to update your Kustomization automatically.The commonLabels is deprecated now and the following is the preferred way to use labels.
-commonLabels:
- cluster.x-k8s.io/provider: "cluster-api"
+labels:
+- includeSelectors: true
+ pairs:
+ cluster.x-k8s.io/provider: cluster-apiYou can use the above pattern or you can also run kustomize edit fix but after running that some more manual changes will be required.
|
@lentzi90: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
@lentzi90 , kindly want to ask if you have time to get back on this or should someone else takeover :-) |
|
Sorry, I have not had time to get back to this. @peppi-lotta volunteered to take over though 🎉 |
|
/assign @peppi-lotta |
|
@lentzi90: GitHub didn't allow me to assign the following users: peppi-lotta. Note that only kubernetes-sigs members with read permissions, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
Thanks @lentzi90 and @peppi-lotta :-) |
|
Let's close this in favor of #10294 |
What this PR does / why we need it:
This commit updates the following:
Most of this is straight forward, but the vars -> replacements change is a bit complicated. I have taken inspiration from kubebuilder for how to do the change. In particular I changed the name of the secret that holds the certificate to be static. Previously it was set partially from a variable. I believe it would be unnecessarily complicated to keep this behavior and that a static name does not take away much.
Here is a link to some relevant code in kubebuilder that I used as inspiration: https://github.com/kubernetes-sigs/kubebuilder/blob/68abac1dfb5550f7159dec4ce600cd9b6db925bb/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/kdefault/kustomization.go#L97
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Related to #8457.
/area dependency