New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kubectl apply: warning that kubectl will ignores no-namespaced resource in future release with namespace specified and with default pruneAllowlist #110907
Conversation
/cc @eddiezane |
/assign @brianpursley @eddiezane |
Prune cane be kind of tricky. Apply, with
I don't know how
I am inclined to approve this, even though it is inconsistent with how apply without prune works, but I want to see what @seans3 thinks first. |
Another thing to keep in mind is that this issue/PR is framed around the default allow list, which the user can override with Point being, we should consider the case where the user is explicitly overriding the list. As @brianpursley rightly points out, a single Maybe another option could be to change the default allow list when the namespace flag is set, but continue to honor any user-specified list. Wdyt? I'd also be curious to get other SIG members' perspective on whether we need a notice period for a behaviour change like this, e.g. emit a warning for N releases before making the change. It's true that pruning is marked as alpha in the docs, but that status isn't explicit in the actual command/flag, and this behaviour has been around a VERY long time. So long that someone somewhere likely relies on it, sensibly or not. |
Good Point. The current fix is a behavior change and is not consistent with Two key problems here.
The current fix seems to be easier to understand, but cannot cover the above two problems gracefully.
We should decide which is the final behavior first. Should we ignore the non-namespaced resources finally. Or just warn the user if the flags are not that proper. A proposal: In this v1.26(for instance)
In this v1.28+(for instance) if this behavior change is not expected, just add some warning may help.
|
As much as I personally don't like the idea of mixing scopes in a single apply operation, from an ecosystem perspective, I think that we should not change or warn based on anything the user is doing explicitly. So if they do In the next release: After deprecation period passes: Change the default allow list for I personally would support that, but based on #109705 (comment) I suspect Sean may not. No matter what, this PR is proposing a behaviour change to a long-standing command, so a compelling argument for it needs to be brought to the SIG for discussion. Incidentally, regardless of this decision, IMO we should add an alias for this flag that uses inclusive language, i.e. |
It sounds better to me.
kubernetes/staging/src/k8s.io/kubectl/pkg/util/prune/prune.go Lines 41 to 58 in fa16bf8
|
There is a discussion in the sig-cli meeting about this at https://www.youtube.com/watch?v=ZGKfwWof9js. |
/hold |
3513ada
to
2cd25b8
Compare
Latest changes look good. A few things about the PR itself:
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: brianpursley, pacoxu The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
…namespaced resource if -n is not empty Signed-off-by: Paco Xu <paco.xu@daocloud.io>
Updated and also the release note to use allowlist instead of whitelist. |
/lgtm |
Signed-off-by: Paco Xu <paco.xu@daocloud.io>
@KnVerey a go format verify failed and pushed again and need LGTM |
/lgtm |
This change is confusing and the warning is totally obscure. For example I use Cuber to compile and apply this YML file: That YML file contains everything that goes into the namespace. Then I Why do I get this warning now?
What should I do? I simply want to apply that YML file to the namespace and prune every resource in the namespace that is no longer present in the YML file. |
@collimarco in your provide yaml, the only non-namespaced resource is the namespace itself. I think this warning will not affect your application. You have specified the namespace here, and even if you remove the namespace object in the yaml, the
You can see an example in #110905. |
@pacoxu Perfect, thanks for the clarification. Is there any way to get rid of the warning message? Or will it disappear automatically in the future releases of kubectl? |
We plan to remove the warning in v1.29, and I think the behavior will change in v1.29. But it is still a plan and it should be done with the agreement of SIG-Cli maintainers. |
What type of PR is this?
/kind bug
What this PR does / why we need it:
It is weird that a non-namespaced resource is pruned when I run
kubectl apply
on a specified namespace.After discussions in sig-cli meeting, we only decided to add a warning in the current kubectl.
In a future release, we will change the behavior. (at least 1.28 or later)
Which issue(s) this PR fixes:
ref #110905
Special notes for your reviewer:
kubernetes/staging/src/k8s.io/kubectl/pkg/util/prune/prune.go
Lines 41 to 58 in fa16bf8
Does this PR introduce a user-facing change?