search

kubernetes-sigs / kustomize

Customization of kubernetes YAML configurations
Apache License 2.0
11.02k stars 2.25k forks source link

validators fail due to mutation caused by tracking annotations #5036

Open bluebrown opened 1 year ago

bluebrown commented 1 year ago

What happened?

I am trying to create some custom validators using the krm framework. There are some examples. These work fine when doing kustomize fn run but when using the validators field from a kustomization file pointing to some function config kustomize build fails. From what I understand this is because it sees that the kio writer has added some tracking annotations to the resources and a validator is not allowed to do mutations.

What did you expect to happen?

I would expect that it is possible to run krm filter created with the framework can be used as validators in a kustomization file.

How can we reproduce it (as minimally and precisely as possible)?

I have created a repository containing a minimalistic krm filter, to reproduce the issue: https://github.com/bluebrown/kustomize-validator-issue. The filter does nothing.

func main() {
    framework.Execute(proc(), &kio.ByteReadWriter{
        Reader:                os.Stdin,
        Writer:                os.Stdout,
        OmitReaderAnnotations: true,
        KeepReaderAnnotations: false,
        PreserveSeqIndent:     false,
        NoWrap:                true,
    })
}

func proc() framework.ResourceListProcessor {
    return framework.ResourceListProcessorFunc(func(rl *framework.ResourceList) error {
        return nil
    })
}

I have also tried padding nil as rlSource to get defaults and also the higher level command.Build. Both yield the same error.

Expected output

I expect that it does not fail.

Actual output

Error: validator shouldn't modify the resource map: nodes unequal: 
 -- {"apiVersion":"v1","data":{"key":"value"},"kind":"ConfigMap","metadata":{"name":"myapp"}},
 -- {"apiVersion":"v1","data":{"key":"value"},"kind":"ConfigMap","metadata":{"annotations":{"config.kubernetes.io/path":"configmap_myapp.yaml","internal.config.kubernetes.io/path":"configmap_myapp.yaml"},"name":"myapp"}}

--
&resource.Resource{RNode:yaml.RNode{fieldPath:[]string(nil), value:(*yaml.Node)(0xc00177fea0), Match:[]string(nil)}, refVarNames:[]string(nil)}
------
&resource.Resource{RNode:yaml.RNode{fieldPath:[]string(nil), value:(*yaml.Node)(0xc001a234a0), Match:[]string(nil)}, refVarNames:[]string(nil)}

Kustomize version

v5.0.0

Operating system

Linux

natasha41575 commented 1 year ago

/triage accepted

Thank you for filing the issue and providing a reproduction setup.

The first thing we noted is that the annotations that have been added to your resource are standard annotations added by the kyaml function framework, but that the options you set (OmitReaderAnnotations and KeepReaderAnnotations) should prevent them from being added in the first place. We should investigate why they are being added anyways.

yutaroyamanaka commented 1 year ago

I'd like to fix this issue. /assign

natasha41575 commented 1 year ago

Whoops, didn't mean to unassign you

k8s-triage-robot commented 2 months ago

This issue has not been updated in over 1 year, and should be re-triaged.

You can:

For more details on the triage process, see https://www.kubernetes.dev/docs/guide/issue-triage/

/remove-triage accepted