search

kubestellar / kubeflex

A flexible and scalable platform for running Kubernetes control plane APIs.
Apache License 2.0
47 stars 13 forks source link

bug: PostCreateHook cannot create resources with apiVersion "v1" #278

Closed pdettori closed 1 month ago

pdettori commented 1 month ago

Describe the bug

PostCreateHook cannot create resources with apiVersion "v1". For example, cannot create configmaps.

Steps To Reproduce

  1. Install KubeStellar 0.24 following documentation.
  2. Apply the following PCH: 
    apiVersion: tenancy.kflex.kubestellar.org/v1alpha1
kind: PostCreateHook
metadata:
name: test
labels:
kflex.kubestellar.io/cptype: test
spec:
templates:
- apiVersion: v1
kind: ConfigMap
metadata:
  name: test
data:
  test.txt: "test
  3. Apply the PCH and create a new CP: 
    k apply -f tes-pch.yaml
kflex create test -t k8s -p test
kflex ctx
  4. Verify that ConfigMap does not get created and that the CP shows an error: 
    k get cp test -o yaml
apiVersion: tenancy.kflex.kubestellar.org/v1alpha1
kind: ControlPlane
metadata:
creationTimestamp: "2024-09-23T14:30:22Z"
finalizers:
- kflex.kubestellar.org/finalizer
generation: 1
name: test
resourceVersion: "5943"
uid: fe320b55-de68-4476-a4ce-2b04faa34607
spec:
backend: shared
postCreateHook: test
type: k8s
status:
conditions:
- lastTransitionTime: "2024-09-23T14:48:48Z"
lastUpdateTime: "2024-09-23T14:48:48Z"
message: ""
reason: Available
status: "True"
type: Ready
- lastTransitionTime: "2024-09-23T14:52:12Z"
lastUpdateTime: "2024-09-23T14:52:12Z"
message: resource ConfigMap in group  with version v1 was not found
reason: ReconcileError
status: "False"
type: Synced
observedGeneration: 0
secretRef:
inClusterKey: kubeconfig-incluster
key: kubeconfig
name: admin-kubeconfig
namespace: test-system

Expected Behavior

Should create the resources of apiVersion "v1"

Additional Context

No response

pdettori commented 1 month ago

This code is clearly problematic when group=="" https://github.com/kubestellar/kubeflex/blob/ee326624021341a3d9053759cf39aef2ef99e6f9/pkg/util/unstructured.go#L114

francostellari commented 1 month ago

@pdettori I think you pasted the PCH for a role by mistake instead of a cm. I think you meant something like this:

apiVersion: tenancy.kflex.kubestellar.org/v1alpha1
kind: PostCreateHook
metadata:
  name: test
  labels:
    kflex.kubestellar.io/cptype: test
spec:
  templates:
  - apiVersion: v1
    kind: ConfigMap
    metadata:
      name: test
    data:
      test.txt: "test
pdettori commented 1 month ago

@francostellari thanks, I updated the issue

francostellari commented 1 month ago

@pdettori referring to the role PCH that you posted. I'm unable to apply it because of this error:

$ kubecolor apply -f - <<EOL
> apiVersion: tenancy.kflex.kubestellar.org/v1alpha1
> kind: PostCreateHook
> metadata:
>   name: test
>   labels:
>     kflex.kubestellar.io/cptype: test
> spec:
>   templates:
>   - apiVersion: rbac.authorization.k8s.io/v1
>     kind: Role
>     metadata:
>       name: test-role
>       namespace: "{{.Namespace}}"
>     rules:
>     - apiGroups:
>       - ""
>       resources:
>       - secrets
>       verbs:
>       - get
> EOL
The PostCreateHook "test" is invalid: spec.templates[0].metadata.namespace: Invalid value: "{{.Namespace}}": a lowercase RFC 1123 label must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character (e.g. 'my-name',  or '123-abc', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?')

Where:

$ kubectl version
Client Version: v1.31.1
Kustomize Version: v5.4.2
Server Version: v1.31.0
$ kind version
kind v0.24.0 go1.22.6 linux/amd64

I'm confused by the fact that kubectl is trying to interpret the spec.namespace of the CR when it should be left to kubeflex to apply