search

tohjustin / kube-lineage

A CLI tool to display all dependencies or dependents of an object in a Kubernetes cluster.
Apache License 2.0
386 stars 24 forks source link

Objects not discovered as dependent, but parent-object discovered as dependency #8

Open erdii opened 1 year ago

erdii commented 1 year ago

Hey @tohjustin :wave: :) I think I've experienced a bug and hope this report helps improving your wonderful tool. Please let me know if you want more info or something else!

Story time

I've installed package-operator which brings its own CRDs which are strictly organized in a hierarchy.

After installation of the operator [1], there is a tree of objects, glued together by ownerReferences that looks like this:

ClusterPackage/package-operator
-> ClusterObjectDeployment/package-operator
  -> ClusterObjectSet/package-operator-$hash
    -> Actual kubernetes objects

But some object relations are missing from kubectl-lineage's output. This is the output for kubectl lineage clusterpackage package-operator: 

NAME                                                                                 READY   STATUS   AGE
ClusterPackage/package-operator                                                      -                3m35s
└── ClusterObjectDeployment/package-operator                                         -                3m34s
    └── ClusterObjectSet/package-operator-56496479f6                                 -                3m33s
        ├── ClusterRole/package-operator-remote-phase-manager                        -                3m17s
        ├── ClusterRoleBinding/package-operator                                      -                3m44s
        ├── CustomResourceDefinition/clusterobjectdeployments.package-operator.run   -                3m37s
        ├── CustomResourceDefinition/clusterobjectsetphases.package-operator.run     -                3m37s
        ├── CustomResourceDefinition/clusterobjectsets.package-operator.run          -                3m37s
        ├── CustomResourceDefinition/clusterobjectslice.package-operator.run         -                3m37s
        ├── CustomResourceDefinition/clusterobjecttemplates.package-operator.run     -                3m37s
        ├── CustomResourceDefinition/clusterpackages.package-operator.run            -                3m37s
        ├── CustomResourceDefinition/objectdeployments.package-operator.run          -                3m37s
        ├── CustomResourceDefinition/objectsetphases.package-operator.run            -                3m37s
        ├── CustomResourceDefinition/objectsets.package-operator.run                 -                3m37s
        ├── CustomResourceDefinition/objectslice.package-operator.run                -                3m37s
        ├── CustomResourceDefinition/objecttemplates.package-operator.run            -                3m37s
        ├── CustomResourceDefinition/packages.package-operator.run                   -                3m37s
        └── Namespace/package-operator-system                                        -                4m22s

I know that there is a missing ServiceAccount which I can reverse query for its dependencies with kubectl lineage -D -n package-operator-system ServiceAccount/package-operator:

NAMESPACE                 NAME                                                             READY   STATUS   AGE
package-operator-system   ServiceAccount/package-operator                                  -                5m31s
                          ├── ClusterObjectSet/package-operator-56496479f6                 -                5m20s
                          │   └── ClusterObjectDeployment/package-operator                 -                5m21s
                          │       └── ClusterPackage/package-operator                      -                5m22s
                          ├── ClusterRoleBinding/package-operator                          -                5m31s
                          │   ├── ClusterObjectSet/package-operator-56496479f6             -                5m20s
                          │   └── ClusterRole/cluster-admin                                -                6m56s
                          ├── ClusterRoleBinding/system:basic-user                         -                6m56s
                          │   └── ClusterRole/system:basic-user                            -                6m56s
                          ├── ClusterRoleBinding/system:discovery                          -                6m56s
                          │   └── ClusterRole/system:discovery                             -                6m56s
                          ├── ClusterRoleBinding/system:public-info-viewer                 -                6m56s
                          │   └── ClusterRole/system:public-info-viewer                    -                6m56s
                          └── ClusterRoleBinding/system:service-account-issuer-discovery   -                6m56s
                              └── ClusterRole/system:service-account-issuer-discovery      -                6m56s

and also a deployment kubectl lineage -D -n package-operator-system Deployment/package-operator-manager:

NAMESPACE                 NAME                                               READY   STATUS   AGE
package-operator-system   Deployment/package-operator-manager                1/1              11m
                          └── ClusterObjectSet/package-operator-56496479f6   -                11m
                              └── ClusterObjectDeployment/package-operator   -                11m
                                  └── ClusterPackage/package-operator        -                11m

I'll link the Package sources for reference [2]. The full list of missing dependent objects should be:

All objects have proper ownerReferences set up. I've tried to include all relevant object manifest in the attached dump. [3]

[1]

kubectl apply -f https://github.com/package-operator/package-operator/releases/download/v1.6.5/self-bootstrap-job.yaml

[2] https://github.com/package-operator/package-operator/tree/v1.6.6/config/packages/package-operator [3] package-operator-objectdump.tar.gz

tohjustin commented 1 year ago

Hi @erdii! Really glad that you found this tool useful for you & thanks for writing this comprehensive bug report 🙏

Can I also trouble you to share the example outputs shared above but including the --output=wide flag? That would help me get a better idea of the list of relationships that the tool as resolved from scanning through all the resources fetched from your cluster.

I'll try to make some time to take a good look at this soon 🙏