kubernetes: Kubectl diff fails when there are immutable fields

What happened?

I am trying to run a kubectl diff --server-side --force-conflicts against our cluster, but it fails with the following message:

The Job "test-job" is invalid: spec.template: Invalid value: core.PodTemplateSpec{...}: field is immutable

We use flux with the force: true option when applying this change to the cluster, so we don’t have a problem with deployments and immutability, but it is a problem when trying to do a diff against the cluster.

What did you expect to happen?

I would expect kubectl diff to have a --force flag just like the apply command to ignore immutable fields during diff operations. I see that there is --force-conflicts, but it doesn’t fix this issue

How can we reproduce it (as minimally and precisely as possible)?

Create a simple Job and apply it to the cluster:

---
apiVersion: batch/v1
kind: Job
metadata:
  name: test-job
  namespace: default
spec:
  template:
    spec:
      restartPolicy: Never
      containers:
        - name: create-dbs
          image: alpine
          command:
            - echo
            - hello there

Update any field in the template spec, for example change the hello there message.

$ kubectl diff --server-side --force-conflicts -f job.yaml

The Job "test-job" is invalid: spec.template: Invalid value: core.PodTemplateSpec{...}: field is immutable

The ... is the redacted pod spec, it’s not relevant here.

Anything else we need to know?

No response

Kubernetes version

$ kubectl version
Client Version: version.Info{Major:"1", Minor:"27", GitVersion:"v1.27.2", GitCommit:"7f6f68fdabc4df88cfea2dcf9a19b2b830f1e647", GitTreeState:"archive", BuildDate:"2023-05-28T13:03:55Z", GoVersion:"go1.20.4", Compiler:"gc", Platform:"linux/amd64"}
Kustomize Version: v5.0.1
Server Version: version.Info{Major:"1", Minor:"27", GitVersion:"v1.27.2", GitCommit:"7f6f68fdabc4df88cfea2dcf9a19b2b830f1e647", GitTreeState:"clean", BuildDate:"2023-05-25T23:29:16Z", GoVersion:"go1.20.4", Compiler:"gc", Platform:"linux/amd64"}

Cloud provider

local kind cluster

OS version

# On Linux:
$ cat /etc/os-release
NAME="Arch Linux"
PRETTY_NAME="Arch Linux"
ID=arch
BUILD_ID=rolling
ANSI_COLOR="38;2;23;147;209"
HOME_URL="https://archlinux.org/"
DOCUMENTATION_URL="https://wiki.archlinux.org/"
SUPPORT_URL="https://bbs.archlinux.org/"
BUG_REPORT_URL="https://bugs.archlinux.org/"
PRIVACY_POLICY_URL="https://terms.archlinux.org/docs/privacy-policy/"
LOGO=archlinux-logo
$ uname -a
Linux niccolum 6.3.4-arch1-1 #1 SMP PREEMPT_DYNAMIC Wed, 24 May 2023 17:44:00 +0000 x86_64 GNU/Linux

Install tools

Container runtime (CRI) and version (if applicable)

Related plugins (CNI, CSI, …) and versions (if applicable)

About this issue

  • Original URL
  • State: open
  • Created a year ago
  • Reactions: 5
  • Comments: 15 (6 by maintainers)

Most upvoted comments

Sure, I think it’s fine to add --force to kubectl diff, but I don’t have any capacity to help with that at the moment unfortunately.

+3
apelisse on Jun 5, 2023

/cc @apelisse Would you mind take a look at this one when have time? Thank you 😃 /triage accepted

+1
cici37 on May 30, 2023
Read more comments on GitHub
← kubernetes: kubectl describe shows SandboxChanged which is not a helpful user message
kubernetes: kubectl discovery dramatically slower on MacOS than Linux →