Skip to content

Commit

Permalink
Revoke kubectl managed fields ownership
Browse files Browse the repository at this point in the history
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
  • Loading branch information
stefanprodan committed Jan 21, 2022
1 parent 0b01831 commit 0d8a732
Show file tree
Hide file tree
Showing 3 changed files with 82 additions and 4 deletions.
23 changes: 21 additions & 2 deletions .github/workflows/e2e.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,6 @@ jobs:
- name: Setup Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v1
with:
buildkitd-flags: "--debug"
- name: Restore Go cache
uses: actions/cache@v1
with:
Expand Down Expand Up @@ -97,6 +95,27 @@ jobs:
make dev-deploy IMG=test/kustomize-controller:latest
kubectl -n kustomize-system rollout status deploy/source-controller --timeout=1m
kubectl -n kustomize-system rollout status deploy/kustomize-controller --timeout=1m
- name: Run tests for removing kubectl managed fields
run: |
kubectl create ns managed-fields
kustomize build github.com/stefanprodan/podinfo//kustomize?ref=6.0.0 > /tmp/podinfo.yaml
kubectl -n managed-fields apply -f /tmp/podinfo.yaml
kubectl -n managed-fields apply -f ./config/testdata/managed-fields
kubectl -n managed-fields wait kustomization/podinfo --for=condition=ready --timeout=4m
OUTDATA=$(kubectl -n managed-fields get deploy podinfo --show-managed-fields -oyaml)
if echo "$OUTDATA" | grep -q "kubectl";then
echo "kubectl client-side manager not removed"
exit 1
fi
kubectl -n managed-fields apply --server-side --force-conflicts -f /tmp/podinfo.yaml
kubectl -n managed-fields annotate --overwrite kustomization/podinfo reconcile.fluxcd.io/requestedAt="$(date +%s)"
kubectl -n managed-fields wait kustomization/podinfo --for=condition=ready --timeout=4m
OUTDATA=$(kubectl -n managed-fields get deploy podinfo --show-managed-fields -oyaml)
if echo "$OUTDATA" | grep -q "kubectl";then
echo "kubectl server-side manager not removed"
exit 1
fi
kubectl delete ns managed-fields
- name: Run overlays tests
run: |
kubectl -n kustomize-system apply -k ./config/testdata/overlays
Expand Down
23 changes: 23 additions & 0 deletions config/testdata/managed-fields/podinfo.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: podinfo
spec:
interval: 15m
path: "./kustomize/"
prune: true
sourceRef:
kind: GitRepository
name: podinfo
timeout: 1m
targetNamespace: managed-fields
---
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: GitRepository
metadata:
name: podinfo
spec:
interval: 5m
url: https://github.com/stefanprodan/podinfo
ref:
semver: "6.0.0"
40 changes: 38 additions & 2 deletions controllers/kustomization_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ import (

securejoin "github.com/cyphar/filepath-securejoin"
"github.com/hashicorp/go-retryablehttp"
corev1 "k8s.io/api/core/v1"
apierrors "k8s.io/apimachinery/pkg/api/errors"
apimeta "k8s.io/apimachinery/pkg/api/meta"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
Expand Down Expand Up @@ -687,6 +688,41 @@ func (r *KustomizationReconciler) apply(ctx context.Context, manager *ssa.Resour
applyOpts.Exclusions = map[string]string{
fmt.Sprintf("%s/reconcile", kustomizev1.GroupVersion.Group): kustomizev1.DisabledValue,
}
applyOpts.Cleanup = ssa.ApplyCleanupOptions{
Annotations: []string{
// remove the kubectl annotation
corev1.LastAppliedConfigAnnotation,
// remove deprecated fluxcd.io annotations
"kustomize.toolkit.fluxcd.io/checksum",
"fluxcd.io/sync-checksum",
},
Labels: []string{
// remove deprecated fluxcd.io labels
"fluxcd.io/sync-gc-mark",
},
FieldManagers: []ssa.FiledManager{
{
// to undo changes made with 'kubectl apply --server-side --force-conflicts'
Name: "kubectl",
OperationType: metav1.ManagedFieldsOperationApply,
},
{
// to undo changes made with 'kubectl apply'
Name: "kubectl",
OperationType: metav1.ManagedFieldsOperationUpdate,
},
{
// to undo changes made with 'kubectl apply'
Name: "before-first-apply",
OperationType: metav1.ManagedFieldsOperationUpdate,
},
{
// to undo changes made by kustomize-controller before SSA
Name: "kustomize-controller",
OperationType: metav1.ManagedFieldsOperationUpdate,
},
},
}

// contains only CRDs and Namespaces
var stageOne []*unstructured.Unstructured
Expand Down Expand Up @@ -902,7 +938,7 @@ func (r *KustomizationReconciler) finalize(ctx context.Context, kustomization ku

// Remove our finalizer from the list and update it
controllerutil.RemoveFinalizer(&kustomization, kustomizev1.KustomizationFinalizer)
if err := r.Update(ctx, &kustomization); err != nil {
if err := r.Update(ctx, &kustomization, client.FieldOwner(r.ControllerName)); err != nil {
return ctrl.Result{}, err
}

Expand Down Expand Up @@ -1000,5 +1036,5 @@ func (r *KustomizationReconciler) patchStatus(ctx context.Context, req ctrl.Requ
patch := client.MergeFrom(kustomization.DeepCopy())
kustomization.Status = newStatus

return r.Status().Patch(ctx, &kustomization, patch)
return r.Status().Patch(ctx, &kustomization, patch, client.FieldOwner(r.ControllerName))
}

0 comments on commit 0d8a732

Please sign in to comment.