controller-gen: webhook manifest order can change unexpectedly

[jmeyers35]

We ran into a case of config/webhook/manifests.yaml changing unexpectedly - that is, without any changes/additions to the existing webhooks.

I can't share the source of our project and I don't have another repo at the moment, but I'll share one if I can reproduce this with sample code. For context, we have two API versions in our project: v1 and v1alpha1.

After adding an import of the v1alpha1 package in code unrelated to webhooks, controller-gen changed the order of the webhook definitions in manifests.yaml. I was able to trace this back to a difference in the order in which controller-gen traverses packages - with the new import, it visits v1alpha1 first; without the new import, it visits v1 first.

I would expect that webhook/manifests.yaml should be stable when there are no changes that involve webhooks. I'm not sure if the appropriate fix here would be in the webhook parser (e.g. an additional sort based on the API version) or in how controller-gen visits packages.

[sbueringer]

Also not sure where to fix this ideally, but sounds like something we should fix. Maybe it's easier in a place close to where we generate the output manifests to not affect other parts of the code.

Ideally we would do it without producing churn compared to what we generate today. But I think that will be impossible.

[sbueringer]

cc @alvaroaleman @vincepri re: the trade-off between producing churn now vs. having the current behavior

[jmeyers35]

@sbueringer @alvaroaleman @vincepri any updates on this?

[sbueringer]

No

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle rotten
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten