kubectl server side diff errors due to field type changes #94275
Comments
|
/sig CLI |
|
/wg api-expression |
|
Can you try to do: |
|
Hi @apelisse Here's the output of the most complete set of tests I could think of (the one you asked is the last command execution), on a v1.18.8 clean cluster: The error appears regardless of the deployment items already existing on the cluster, which makes me think that it is generated when parsing the local file to generate a patch, before anything even gets sent to the apiserver. |
|
I was pretty sure we were handling int-or-string properly in SSA ... Can it be a problem with the limit-range? I'll look into it FYI @lavalamp |
|
Yeah that's strange, did we break something with the optimizations? cc @jpbetz |
|
Yeah, we should check if the schema looks like it should, and if it does, we certainly need a test if we don't have one ... |
|
I recreated the cluster as version 1.19.0, and here are the results of the previous tests: ⤷ Ran as expected ⤷ Ran with unexpected error ⤷ Ran as expected ⤷ Ran as expected ⤷ Ran with unexpected error ⤷ Ran as expected ⤷ Ran with unexpected error ⤷ Ran as expected ⤷ Ran showing unexpected changes (nothing changed compared to the server version) ⤷ Ran with unexpected error ⤷ Ran with unexpected changes applied (nothing changed compared to the server version) So, all in all, I think nothing changed compared to version 1.18.8. The comments I have for each execution are what I believe to be the expected outcome, but I might be mistaken for some cases (like client side vs server side changes). In that case, feel free to correct me. Hope this helps. |
|
@jpmsilva As a workaround, you could change |
|
As per https://github.com/kubernetes/kubernetes/blob/master/api/openapi-spec/swagger.json: "io.k8s.apimachinery.pkg.util.intstr.IntOrString": {
"description": "IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number.",
"format": "int-or-string",
"type": "string"
},
"io.k8s.apimachinery.pkg.api.resource.Quantity": {
"description": "<omitted>",
"type": "string"
},Perhaps we should set the OpenAPISchemaFormat of |
|
Yeah probably, but that doesn't solve the bug about quantity being canonicalized by the apiserver (and forcing possible etcd rewrites). |
|
I am not sure if this is a bug or an expected behavior. |
What specifically? If you write 0.5 and it's converted to "0.5", "Fieldmanager" detects a change (because at the time we detect managed fields, we don't know yet that 0.5 and "0.5" are the same thing), update the managedFields entry, and forces a rewrite in etcd. That's clearly not expected :-/
That's a good short-term solution. |
I mean accepting integer value as quantity and then converting it to string at server side. Now that the value would eventually be converted to string and I am not quite familiar with the code history, if this is a workaround for some previous problems, I think we should stick to string. If not, I think we could set the |
|
though I think I am not experienced or competent to decide what to do :/ |
|
We must continue to accept the number, that's clearly a bug. |
|
Hi @knight42 and @apelisse If I run apply and then diff (both on client side or both on server side), only the time field shows as a difference, which is the separate issue #94121. However, if I apply client side and then diff server side, an error occurs: The value I did look and when the apply is run client side the Do you think this is an issue, and if so, would it warrant a separate issue? For me is not at all critical, as I am not planning on mixing client side and server side operations on the configuration management formulas. |
|
That's expected, especially if you don't have 1.19. We've simplified the experience in 1.19 so that client-side and server-side don't conflict with each other. |
|
For whatever it’s worth (and anyone that might encounter a similar error message), the execution I showed was with version 1.19.0. |
|
@julianvmodesto Would that be expected? |
|
Hm that's not expected... let me check the tests for this. |
|
/assign |
|
@apelisse I tried to run again the steps to reproduce the bug with the change in #94815, here is the result: $ kubectl --context kind-repro diff -f ~/test.yml --server-side=true --force-conflicts=true
diff -u -N /var/folders/vm/ghtbxsmj3z108zhlzj44873r0000gp/T/LIVE-796717667/v1.LimitRange.default.default-limit-range /var/folders/vm/ghtbxsmj3z108zhlzj44873r0000gp/T/MERGED-436581478/v1.LimitRange.default.default-limit-range
--- /var/folders/vm/ghtbxsmj3z108zhlzj44873r0000gp/T/LIVE-796717667/v1.LimitRange.default.default-limit-range 2020-09-18 15:02:15.918245465 +0200
+++ /var/folders/vm/ghtbxsmj3z108zhlzj44873r0000gp/T/MERGED-436581478/v1.LimitRange.default.default-limit-range 2020-09-18 15:02:15.924263300 +0200
@@ -3,18 +3,24 @@
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
- {"apiVersion":"v1","kind":"LimitRange","metadata":{"annotations":{},"name":"default-limit-range","namespace":"default"},"spec":{"limits":[{"default":{"cpu":1,"memory":"2Gi"},"defaultRequest":{"cpu":0.5,"memory":"1Gi"},"max":{"memory":"8Gi"},"type":"Container"}]}}
+ {"apiVersion":"v1","kind":"LimitRange","metadata":{"name":"default-limit-range","namespace":"default"},"spec":{"limits":[{"default":{"cpu":1,"memory":"2Gi"},"defaultRequest":{"cpu":0.5,"memory":"1Gi"},"max":{"memory":"8Gi"},"type":"Container"}]}}
creationTimestamp: "2020-09-18T12:57:57Z"
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
+ f:spec:
+ f:limits: {}
+ manager: kubectl
+ operation: Apply
+ time: "2020-09-18T13:02:15Z"
+ - apiVersion: v1
+ fieldsType: FieldsV1
+ fieldsV1:
f:metadata:
f:annotations:
.: {}
f:kubectl.kubernetes.io/last-applied-configuration: {}
- f:spec:
- f:limits: {}
manager: kubectl-client-side-apply
operation: Update
time: "2020-09-18T12:57:57Z"Without I haven't started investigating yet and I don't have much context on this topic, but it makes sense to me. |
|
We only ignore field transfer between SSA and CSA when the values haven't changed, but they do here because of the canonicalization of quantity. This is a very hard bug to fix, not sure we'll ever be able to solve it. Same as before, apply the canonicalized form to work around the bug. |
|
I am not sure I get it, how does the canonicalization of quantity affects fields? Intuitively it should affect only the value, right? |
|
I'm not sure I understand your question. How does it affect fields? I agree it only affects the value, but because we don't know these values are equal, we infer that the user changed the field value, and so we move the field ownership around, causing possible conflicts and extra-diff output. |
|
Right! now it's clear, thanks! |
|
/unassign |
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-contributor-experience at kubernetes/community. |
|
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-contributor-experience at kubernetes/community. |
|
/remove-lifecycle rotten Was this fixed by #94815 ? We're downstream but have started to run into this issue, so just wondering if a fix is coming down the pipe. |
|
Well, it'd be fixed by #94815 but we won't be merging that. We need a better answer. I have some ideas related to that, but nothing easy. |
|
Anecdotally, I think we started seeing something similar on HorizontalPodAutoscalers, specifically fields like |
|
Yeah, they are using |
|
Actually, I was wrong, it's been merged in kubernetes as part of #99817. This is fixed in 1.22. |
What happened:
Spawned from #94121
Running kubectl diff server side errors out due to the internal data types being different.
What you expected to happen:
No error should be shown, and the diff (if any) should be shown instead.
How to reproduce it (as minimally and precisely as possible):
Given the following test manifest:
Apply it to the cluster:
Run a diff server side:
Anything else we need to know?:
Running
kubectl apply --dry-run=server -f ...always detects incoming changes, which might be a consequence of this issue (I can't tell for sure):This issue is related to #94121, where this behavior was first observed.
Environment:
kubectl version):cat /etc/os-release):Kernel (e.g.
uname -a):Linux pluto-next 5.4.0-42-generic #46-Ubuntu SMP Fri Jul 10 00:24:02 UTC 2020 x86_64 x86_64 x86_64 GNU/LinuxInstall tools:
Network plugin and version (if this is a network-related bug):
Others:
The text was updated successfully, but these errors were encountered: