-
Notifications
You must be signed in to change notification settings - Fork 158
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ignore deprecated APIs in last-applied-configuration #276
Comments
I'm running in to this issue too. this took isn't helpful because of it |
Unfortunately it seems like this is exactly what kube-no-trouble was designed for: https://github.com/doitintl/kube-no-trouble/blob/master/pkg/collector/cluster.go#L115 Can someone explain, maybe the author himself @stepanstipl, why it scans this configuration? last-applied-configuration only represents the object state of the creation (see https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/):
so if I make changes to the object after its creation kube-no-trouble will not be able to scan the new configuration and only detects outdated APIs. |
Hi @mkemmerz, I think this is a bit of a misunderstanding of how K8S works internally regarding API versions. The TL;DR: If you have old I hope this makes sense. But let me know if you have any questions or if have misunderstood the issue. 👍 |
say that again? the last applied version is what was applied before the latest one. We'll have a cluster upgrade to 1.22. shortly i'll respond if it causes any issues |
@stepanstipl thanks a lot for the clarification! As this was the only documenttion I was able to find it was a misunderstanding from my side 😄 @davem-git good luck! I am also interested if you ran into any problems. We are going to upgrade soon too. As this ticket makes no sense now I will close. |
@davem-git Not quite - what I was trying to say is that the API version of how the resource is created is not related to how it's stored internally, and how it's retrieved by the client. Let me give a little example:
I hope this makes it a bit more clear 😃 @mkemmerz np, I should probably document this in the README or somewhere, as you're right - it's not well documented anywhere AFAIK, and often a point of confusion. 🤯 ☮️ |
ok i guess i miss understood what this tool did. i was trying to use this tool to ensure we were safe to upgrade, with these results though this tool cannot be used that way |
@davem-git I believe it can - maybe it's a bit of misunderstanding what the issue is with K8S API deprecations. So because you have a resource with the annotation with the old API version, it is likely that the resource was created/last updated using the old API version. This won't matter if you have manually created it as a one-off action, and never change it again. But if it's part of your CI/CD pipeline, or even just a manifest in your repo that you try to use next time, it will fail. And this is typically the case with K8S API deprecations - resources that are already created in the cluster will be upgraded just fine (automatically, as part of K8S migration process; leaving aside edge cases when the behaviour can change as a result of such upgrade and cases when the resource is removed completely). But once any tool/app/script tries to use the old API after the upgrade, it will fail. I hope this makes sense 😅 |
This is a really great explanation @stepanstipl of how this stuff works, thank you very much! |
kube-no-trouble also dectects deprecated APIs in configurations that are not directly applied at the moment. The example below should show this. kube-no-trouble detectes the in Kubernetes 1.22 depcreated API
networking.k8s.io/v1beta1
but the Ingress in running on a valid APInetworking.k8s.io/v1
.Therefore my feature request is to ignore deprecated API entries (and the warning) in
kubectl.kubernetes.io/last-applied-configuration
if the object is running on a non-deprecated API.The text was updated successfully, but these errors were encountered: