Bases deprecated - multiple resources in kustomization.yaml causes previous to be overwritten

[dippydocus]

What happened?

The use of bases inkustomization.yaml files was deprecated in version v2.1.0. Instead users should make use of the resources field for both bases and resources.

If bases is replaced with resources due to the deprecation of bases and a resources already exists within the kustomization.yaml file, any previous occurrences gets replaced with the value of the final resources field.
This removes all previously defined resources which can in turn cause a lot of deletions.

While this may sound a bit silly, some businesses use Kustomize with extremely large codebases which include hundreds of resources/bases within the root kustomization file and perhaps almost as many further down the chain.

In our particular case, bases was updated to resources and as the file included so many more resources a duplicate resources field existed but was missed further down the file.
Unfortunately this was also not picked up during review.

The first occurrence included PVCs among other stateful resources that ended up being deleted.

The problem in this case was down to user error however I believe that there are several ways that this could be avoided.

• Validate that the files are valid YAML (if I understand correctly, you can't have duplicate map keys in YAML) and error
• Combine the contents of each resources field
• Anything else?

It's a little worrying to think that there must be thousands of cases where the potential for this to occur is high. So although I completely understand that this is a case of someone being a bit dumb, overworked etc., I think it's worth trying to address.

What did you expect to happen?

Either fail with a message such as 'duplicate resources field in file '
or
Combine all values of resources into a single resources

How can we reproduce it (as minimally and precisely as possible)?

PR showing how to reproduce it in test

Expected output

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx
  name: nginx-deployment
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - image: nginx:1.14.2
        name: nginx
        ports:
        - containerPort: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx
  name: nginx-deployment-bases
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - image: nginx:1.14.2
        name: nginx
        ports:
        - containerPort: 80

Actual output

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx
  name: nginx-deployment
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - image: nginx:1.14.2
        name: nginx
        ports:
        - containerPort: 80

Kustomize version

v5.3.0

Operating system

MacOS

[koba1t]

Hi @andyp-uw
I think kustomize edit fix command is covered in your use case.

kob@Yugos-MacBook-Air 5547 % cat kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- pod.yaml
bases:
- job.yaml
kob@Yugos-MacBook-Air 5547 % kustomize edit fix
# Warning: 'bases' is deprecated. Please use 'resources' instead. Run 'kustomize edit fix' to update your Kustomization automatically.

Fixed fields:
  patchesJson6902 -> patches
  patchesStrategicMerge -> patches
  commonLabels -> labels

To convert vars -> replacements, run the command `kustomize edit fix --vars`

WARNING: Converting vars to replacements will potentially overwrite many resource files
and the resulting files may not produce the same output when `kustomize build` is run.
We recommend doing this in a clean git repository where the change is easy to undo.
kob@Yugos-MacBook-Air 5547 % cat kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- pod.yaml
- job.yaml

/triage need-informations

[k8s-ci-robot]

@koba1t: The label(s) triage/need-informations cannot be applied, because the repository doesn't have them.

In response to this:

Hi @andyp-uw
kustomize edit fix command is covered in your use case.

kob@Yugos-MacBook-Air 5547 % cat kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- pod.yaml
bases:
- job.yaml
kob@Yugos-MacBook-Air 5547 % kustomize edit fix
# Warning: 'bases' is deprecated. Please use 'resources' instead. Run 'kustomize edit fix' to update your Kustomization automatically.

Fixed fields:
 patchesJson6902 -> patches
 patchesStrategicMerge -> patches
 commonLabels -> labels

To convert vars -> replacements, run the command `kustomize edit fix --vars`

WARNING: Converting vars to replacements will potentially overwrite many resource files
and the resulting files may not produce the same output when `kustomize build` is run.
We recommend doing this in a clean git repository where the change is easy to undo.
kob@Yugos-MacBook-Air 5547 % cat kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- pod.yaml
- job.yaml

/triage need-informations

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[koba1t]

/triage needs-information

[koba1t]

FYI, I tried to add validation for a duplicated field, but that contains regression and revert it.
If someone has time, please check this comment that considers the future of this validation step.

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle rotten
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[koba1t]

Please feel free to reopen if you have any additional problem!

/close