Open jlewi opened 1 year ago
I tried the following
if not os.path.exists(os.path.join(app_dir, "resourcegroup.yaml")):
subprocess.check_call(["kpt", f"--context={context}", "live", "init", f"--namespace={namespace}", app_dir])
subprocess.check_call(["kpt", f"--context={context}", "live", "apply", f"--namespace={namespace}", app_dir])
The problem is we delete the directory each time we do hydration because we want to get rid of any resources that have been deleted. This ends up deleting the resourcegroup.yaml which gets stored inside the directory.
Then when we rerun init we create a new resourcegroup.yaml file which has a new inventory id. We then get errors like the following
namespace/gateway apply skipped: inventory policy prevented actuation (strategy: Apply, status: NoMatch, policy: MustMatch)
So kpt isn't acquiring the resources because the resource has changed.
Setting name and inventory id didn't work
subprocess.check_call(["kpt", f"--context={context}", f"--name={subdir}", f"--inventory-id={subdir}", "live", "init", f"--namespace={namespace}", app_dir])
subprocess.check_call(["kpt", f"--context={context}", "live", "apply", f"--namespace={namespace}", app_dir])
Same error
gateway.gateway.networking.k8s.io/platform apply skipped: inventory policy prevented actuation (strategy: Apply, status: NoMatch, policy: MustMatch)
Here is the contents of resourcegroup.yaml
apiVersion: kpt.dev/v1alpha1
kind: ResourceGroup
metadata:
name: gateway
namespace: gateway
labels:
cli-utils.sigs.k8s.io/inventory-id: gateway
And the resource in the cluster.
kubectl -n gateway get resourcegroup -o yaml gateway
apiVersion: kpt.dev/v1alpha1
kind: ResourceGroup
metadata:
creationTimestamp: "2023-04-26T23:20:02Z"
generation: 2
labels:
cli-utils.sigs.k8s.io/inventory-id: gateway
name: gateway
namespace: gateway
resourceVersion: "77074329"
uid: 006f404a-a72e-48ce-ba0c-c6a65f9abede
spec: {}
status:
observedGeneration: 0
It looks like this doesn't match the inventory-id field set on the resources e.g.
config.k8s.io/owning-inventory: fooid
related issue: https://github.com/GoogleContainerTools/kpt/issues/2488
I did
kubectl -n gateway edit managedcertificate platform
And changed the annotation to
config.k8s.io/owning-inventory: gateway
The reconcile then seemed to work.
What is the right way to use kpt so we get pruning on subsequent installs?
Didn't seem to work. Is setting inventory-id not sufficient? Do we also need to set name with init?