Breaking changes in Flux due to Kustomize v4 #1522
Comments
stefanprodan
added
area/kustomization
Does this mean standard URLs do not work anymore? e.g. ---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
commonLabels:
grafana_dashboard: "1"
resources:
- https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/v0.8.0/manifests/grafana-dashboardDefinitions.yaml |
|
@onedr0p I've update the issue with examples, let me know if it answers your question. |
🤦♂️ |
|
I am pretty shocked how easily the kustomize crowd breaks established standards, given how dogmatic they are about their templating philosophy. On that note, maybe flux should not include such massive breaking changes in minor releases. From an operational perspective, this is a nightmare. I guess we will stay on flux 0.14.0 for some time until this has settled. @stefanprodan Thank you for pushing back on this and clearly documenting the impacts. 👍 |
You may not be aware, but flux2 has no GA release so we can't bump the major version before going GA aka 2.0.0. Every minor release of flux2 could come with breaking changes, we try to communicate those ahead of time, in this case with Kustomize v4, I documented the whole thing months ago here: #918 |
|
I've faced with "Non-string YAML keys" problem, but in the context of helm itself, more specifically a helm template has integer key. As far as I understand this is because of post-rendering kustomization, so basically helm-controller renders helm templates and then runs kustomization - am I correct? |
|
The helm-controller does run a default Kustomize plugin to be able to trace resources that originate from a The impact of this may however been underestimated with the recent changes to Kustomize v4, and we may want to provide some sort of configuration flag to disable this default behavior for charts it does not cope with. |
Signed-off-by: David J. M. Karlsen <[email protected]>
Signed-off-by: David J. M. Karlsen <[email protected]>
|
I stumbled upon the "Duplicate YAML keys" problem in one of my releases. Fixing it is rather easy. I'm a little concerned about how to avoid this kind of failure in the future. I found a very awkward way to do it, but I wonder if someone found something more sustainable... |
|
@or-shachar I also have the same issue. How did you workaround this? But now I get the "Duplicate YAML keys" error... |
|
I have two initContainers in my deployment and I cannot proceed (I can merge the command, but still, this is one of the first apps I'm porting to flux 2, I don't want to guess the issues I'll find in other ones), is this bug related? initContainers:
- name: create-csvs
image: "{{ .Values.image }}"
command:
- mkdir
- -p
- /var/www/html/sendy/uploads/csvs
volumeMounts:
- name: data
mountPath: /var/www/html/sendy/uploads
name: sendy-data
- name: take-data-dir-ownership
image: "{{ .Values.image }}"
command:
- chown
- -R
- www-data:www-data
- /var/www/html/sendy/uploads
volumeMounts:
- name: data
mountPath: /var/www/html/sendy/uploads
name: sendy-data |
No. |
|
thanks @endrec, that definitely slipped under my tired eyes 👍 |
|
Looks like this is fixed in upstream now: kubernetes-sigs/kustomize#3675 |
|
Can't wait for the update to this newer version of kustomize in Flux, anchor support is amazing. |
|
And there's alreay a new kustomize release which includes the fix: https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv4.4.0 |
`kubernetes.io/ingress.class` annotation is already rendered on line 23 from `.Values.ingress.annotations`. This removes the duplicate, allowing Flux to deploy the chart (fluxcd/flux2#1522) Signed-off-by: Eugene Malihins <[email protected]>
|
I just upgraded to v0.29.0 and noticed that a kustomization like this is no longer supported, is this safe to assume now? ---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- github.com/rancher/system-upgrade-controller?ref=v0.9.1I looked into it a bit more and discvoered this PR kubernetes-sigs/kustomize#4453 which makes it seem like the below would work ---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- git::https://github.com/rancher/system-upgrade-controller?ref=v0.9.1But I am getting an error: |
|
@onedr0p this is a newly introduced security constraint set too tight. I will get this sorted now, and ensure a regression test is added. |
|
Have a confirmed fix, but need to do the required writing of more extensive tests. Will aim to have it available before EOD UTC. |
|
A computer is currently doing the required work to produce a |
|
Users running into issues after updating to |
|
Hi, day 1 as a new user, I'm wondering if this report belongs here. I am also seeing a duplicate key. I do indeed have multiple InternalIP addresses. |
|
I'm getting similar error with |
|
@tomaszduda23 can you confirm the directory structure in fluxcd/kustomize-controller#657 matches yours? As the tests for this appear to pass. |
|
I get the same error with your structure. |
|
Based on this full output I think the problem is with the CLI. Thanks for getting back to me, I'll look into the bootstrap code. |
|
Is there a way to change the yaml parser or even disable the liniting/validation of the resources? To resolve the duplicate keys on the yaml. |
|
Hi all, I have opened an issue here about duplicate mapping keys that I cannot find the source of. The error in the This seems related as well. Maybe somebody has a solution? |
|
Duplicate keys are not allowed by Kustomize, we moved Flux to Kustomize v5 so going to close and lock this issue. |
Starting with version 0.15.0, Flux and its controllers have been upgraded to Kustomize v4. While Kustomize v4 comes with many improvements and bug fixes, it introduces a couple of breaking changes.
Remote archives
Due to the removal of
hashicorp/go-getterfrom Kustomize v4, the set of URLs accepted by Kustomize in theresourcesfiled is reduced to file system paths, URLs to plain YAMLs and values compatible withgit clone.This means you can no longer use resources from archives (zip, tgz, etc).
No longer works:
Works:
Non-string YAML keys
Due to a bug in Kustomize v4, if you have non-string keys in your manifests, the controller will fail to build the final manifest.
The non-string keys bug affects Helm release like the nginx-ingress one, for example:
The above will fail with
{}{2222:"app/server:2222:2222"}}}}: json: unsupported type: map[interface {}]interface {}.To fix this issue, you have to make the YAML keys into strings, e.g.:
Duplicate YAML keys
Unlike Helm, the Kustomize yaml parser (kyaml) does not accept duplicate keys, while Helm drops the duplicates, Kustomize errors out. This impacts helm-controller as it uses
kustomize/kyamlto label objects reconciled by aHelmRelease.For example, a chart that adds the
app.kubernetes.io/namemore than once, will result in a HelmRelease install failure:YAML formatting
Due to a bug in Kustomize v4 that makes the image-automation-controller crash when YAMLs contain non-ASCII characters, we had to update the underlying go-yaml package to fix the panics.
The
gopkg.in/yaml.v3update means that the indentation style changed:From:
To:
The text was updated successfully, but these errors were encountered: