Look into why unnecessary setElementOrder directives are generated for Volumes and VolumeMounts in case of pods

[pepov]

Description of the problem

When matching pods (and possibly other types of objects) a typical issue is that the patch will contain unnecessary $setElementOrder directives, most probably caused by the automatically generated Volumes and VolumeMounts of the service account token.

Current mitigation

Right now this is mitigated by actually applying the patch locally and checking it against the current version to see if it is a false positive or not.

It is possibly a bug or a limitation in the package k8s.io/apimachinery/pkg/util/strategicpatch but would need more investigation to find out.

How to reproduce

Remove the code responsible for double checking the patch and run the integration tests go test -integration -v to see pod matches with original to fail with the following unwanted patch:

 {"spec":{"$setElementOrder/volumes":[{"name":"empty"}]}}

The original pod spec:

&v1.Pod{
                ObjectMeta: standardObjectMeta(),
                Spec: v1.PodSpec{
                    Containers: []v1.Container{
                        {
                            Name: "test-container", Image: "test-image",
                        },
                    },
                    Volumes: []v1.Volume{
                        {
                            Name: "empty",
                            VolumeSource: v1.VolumeSource{
                                EmptyDir: &v1.EmptyDirVolumeSource{},
                            },
                        },
                    },
                },
            })

[fernandesnikhil]

Ran into this as well - is anyone else also experiencing this?

[cannonpalms]

This is broader than just volumes/volumeMounts. It affects imagePullSecrets in https://github.com/konpyutaika/nifikop

[caigy]

I ran into a same problem, any ways to solve it?