search

devtron-labs / silver-surfer

Kubernetes objects api-version compatibility checker and provides migration path for K8s objects and prepare it for cluster upgrades
https://devtron.ai/
Apache License 2.0
353 stars 37 forks source link

kubedd reports unsupported property for data (RawExtension) #27

Closed mateuszkwiatkowski closed 1 year ago

mateuszkwiatkowski commented 2 years ago

Kubedd reports many errors about not supported property (spec). This happens for ControllerRevision objects in our cluster:

 falco                audit-falco-558b87fb8c                                 ControllerRevision   apps/v1                           data    property "spec" is unsupported  
 falco                audit-falco-594bd6b8d8                                 ControllerRevision   apps/v1                           data    property "spec" is unsupported  
 falco                audit-falco-59c55fcdbd                                 ControllerRevision   apps/v1                           data    property "spec" is unsupported  
 falco                audit-falco-5df9d6bd48                                 ControllerRevision   apps/v1                           data    property "spec" is unsupported

Example instance of ControllerRevision that kubedd complained abou:

# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: apps/v1
data:
  spec:
    template:
      $patch: replace
      metadata:
        annotations:
          checksum/certs: 01ba4719c80b6fe911b091a2c05124b64eeece964e09c058ef8f9805daca546b
          checksum/config: c04d1feb5233533ff0f8ac8e3320213447a4d2912d69c8332f43360df11b1a18
          checksum/rules: 2c4eaf6e810932d56ee056ba47a0fe15f4eaf37081a1fe00edc62bc8ceb7a735
        creationTimestamp: null
        labels:
          app: audit-falco
          role: security
        name: audit-falco
      spec:
        containers:
        - args:
          - /usr/bin/falco
          - --cri
          - /run/containerd/containerd.sock
          - -K
          - /var/run/secrets/kubernetes.io/serviceaccount/token
          - -k
[CUT]
kind: ControllerRevision
metadata:
  annotations:
    deprecated.daemonset.template.generation: "18"
    meta.helm.sh/release-name: audit-falco
    meta.helm.sh/release-namespace: falco
  creationTimestamp: "2022-01-31T14:16:41Z"
  labels:
    app: audit-falco
    controller-revision-hash: 558b872b8c
    role: security
  name: audit-falco-558b87fb8c
  namespace: falco
  ownerReferences:
  - apiVersion: apps/v1
    blockOwnerDeletion: true
    controller: true
    kind: DaemonSet
    name: audit-falco
    uid: 0a3821f7-fe77-48f4-a4ca-c7490b337ffa
  resourceVersion: "313405104"
  uid: 106621ac-e2a3-4f9b-8b6a-0352daff3fa6
revision: 18
alsyia commented 1 year ago

Same issue on my side! The spec says that Data is the serialized representation of the state.. So it looks like the spec attribute is indeed unsupported... yet it's used by Kube itself?

pghildiyal commented 1 year ago

Hi Can you please share the cluster version against which you are validating it.

alsyia commented 1 year ago

Hi,

I can reproduce the issue against a GKE cluster in 1.22.16-gke.2000.

Hope that helps! :)

pghildiyal commented 1 year ago

RawExtensions is excluded from validation now and merged in mail

alsyia commented 1 year ago

RawExtensions is excluded from validation now and merged in mail

Thanks!