search

kptdev / kpt

Automate Kubernetes Configuration Editing
https://kpt.dev
Apache License 2.0
1.68k stars 225 forks source link

kpt live apply does not surface status error. #3366

Open dfellmeth-google opened 2 years ago

dfellmeth-google commented 2 years ago

Expected behavior

kpt live apply with no additional arguments to expand output verbosity should surface all error-level events from underlying processes.

Actual behavior

kpt live apply only surfaces this error when the --show-status-events flag is supplied.

Information

As a result of https://github.com/GoogleCloudPlatform/k8s-config-connector/issues/682 there is an error while applying a package containing an instance using a rhel-sap-cloud family OS image. This error shown with --show-status-events is:

computeinstance.compute.cnrm.cloud.google.com/image-bug is Failed: Update call failed: cannot make changes to immutable field(s): [bootDisk.0.InitializeParams.0.Image]

Steps to reproduce the behavior

  1. Create a package with a ComputeInstance using any rhel-sap-cloud family image
  2. kpt live init
  3. kpt live apply
  4. Observe no errors are presented
  5. Clean up package and apply again supplying --show-status-events
  6. Observe the immutable field error is surfaced.
karlkfi commented 2 years ago

FWIW, this is the default "event" output that you're talking about. The "table" output and "json" output both print errors.

I was under the impression that the event output would include errors. So if it doesn't, it might be a bug.

In this case, I don't think the fact that it's a KCC object is specifically required to reproduce. It's just one way to produce an error. Tho the kind of error it produces might be relevant to debugging.

tgjonestx commented 1 year ago

We run gatekeeper in our GKE clusters. I have seen cases where rejections from gatekeeper admission webhooks are not reported when --output=table is used