kubeadm: kustomize: print warning if no matching objects were found

EDIT: neolit123

see comments here for an update of the problem: https://github.com/kubernetes/kubeadm/issues/1953#issuecomment-589989066

TL;DR we need to print a warning if the user has a patch that does not match to one of our objects name/namespace/GVK that we support.

Is this a BUG REPORT or FEATURE REQUEST?

BUG REPORT

Versions

kubeadm version: kubeadm version: &version.Info{Major:“1”, Minor:“16”, GitVersion:“v1.16.3”, GitCommit:“b3cbbae08ec52a7fc73d334838e18d17e8512749”, GitTreeState:“clean”, BuildDate:“2019-11-13T11:20:25Z”, GoVersion:“go1.12.12”, Compiler:“gc”, Platform:“linux/amd64”}

Environment:

  • Kubernetes version: v1.16.3
  • Cloud provider or hardware configuration: AWS (EC2)
  • OS: CentOS Linux 7
  • Kernel: 3.10.0-957.1.3.el7.x86_64
  • Others:

What happened?

No kustomize was applied when trying to patch a static pod manifest. I was running kubeadm init together with the --experimental-kustomize (or -k) flag and pointing it at a kubeadm-patches folder containing kustomization.yaml + patchesjson6902 patch to try and achieve this.

What you expected to happen?

I would expect kustomization to get applied or to give me any error or reason for why it wasn’t applied. I would also expect any loglines (at least with --v=5) containing [kustomize] as I specified the --experimental-kustomize flag.

How to reproduce it (as minimally and precisely as possible)?

#!/usr/bin/env bash
mkdir -p /tmp/kubeadm-patches/

cat >/tmp/kubeadm-patches/kustomization.yaml <<EOF
patchesJson6902:
- target:
    version: v1
    kind: Pod
    name: kube-apiserver
  path: add-service-account-key-file.yaml
EOF

cat >/tmp/kubeadm-patches/add-service-account-key-file.yaml <<EOF
- op: add
  path: /spec/containers/0/command/-
  value: --service-account-key-file=/tmp/additional-issuer.pub
EOF

kubeadm init --experimental-kustomize /tmp/kubeadm-patches/
}

Anything else we need to know?

When copying /etc/kubernetes/manifests/kube-apiserver.yaml to /tmp/kubeadm-patches/ and adding kube-apiserver.yaml as a resource to the kustomize.yaml, it works fine when running kubectl kustomize /tmp/kubeadm-patches/. Here’s a gist for that:

Running --experimental-kustomize in the same environment, using a very simple example which adds a k/v to metadata works fine:

apiVersion: v1
kind: Pod
metadata:
  name: kube-apiserver
  namespace: kube-system
  foo: bar
  
$ kubeadm init -experimental-kustomize /foo/ --v=5
...
I1202 21:22:58.251840   19327 manifests.go:91] [control-plane] getting StaticPodSpecs
[kustomize] Applying 1 patches to /v1, Kind=Pod Resource=kube-system/kube-apiserver
...```

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 19 (11 by maintainers)

Most upvoted comments

@neolit123 - Thanks for letting me know why the patch wasn’t applied!

+1
dnmgns on Feb 23, 2020

@dnmgns @pytimer

to workaround the issue make sure you pass the namespace:

version: v1
kind: Pod
name: ....
namespace: kube-system

i do not understand why kustomize in kubectl tolerates the lack of namespace, but kubeadm needs it.

+1
neolit123 on Feb 22, 2020
Read more comments on GitHub
← kubeadm: kubelet won't restart after reboot - Unable to register node with API server: connection refused
kubeadm: Marking the master by adding the taints 'error marking master: timed out waiting for the condition' →