Comments (4)
Hi @yogeek and thanks for the issue :)
You're right, this is a false positive. This has been already mapped in #72 and it's in my backlog.
I'm finishing to re-structure the code so it will be easier to put each behavior in each input format, as this is a false positive when you're using a k8s cluster but not when you're using an input file :)
I'll keep this open just to make sure those are the same issues and I'm not letting anything pass, and expect to correct this by the weekend :)
Thank you!
from kubepug.
Hey @yogeek
About the last-applied, it's an annotation containing the marshalled JSON used to apply to kube-apiserver but AFAIK annotations are just metadata put by the object owner (like the user, the developer) or by the controller to represent something. It shall not be used to control the behavior of the object in the cluster, EXCEPT in cases like Ingress Controllers that still uses annotations in Ingress Objects as this was the best way to achieve this.
And this is why also CRD came to life and are turning the de-facto objects for non existing things in the Core of Kubernetes :)
So no, this annotation should not represent how the object is persisted in apiserver (and ETCD). Probably the api server mutates the object before persisting it in the etcd server, and I should think that also when you migrate from a version to other the apiserver might convert those objects if this is supported but I really need to test.
I've made a quick test here, creating a ClusterRoleBinding with the stable/final version (rbac.authorization.k8s.io/v1) and then getting the v1beta1 and it was returned in both listings, so my guess is that the API Server have a preferred GroupVersion (that I'm using in the code that will convert this here) but it still accepts if you want to get the older beta version.
About the tool, the approach is slight different: It lists all the possible APIs that Kubernetes might have using the swagger.json and with the description containing the "DEPRECATED" word and then tries to fetch each of them in the cluster. If the list is bigger then 1 (that happens as we have seen in this bug) it marks all the objects as deprecated.
The change of approach here is going to be: Gets all the APIs and their Preferred GroupVersion (like ClusterRoleBinding have rbac.authorization.k8s.io in v1 and v1beta1), checks if there's an object in the deprecated api group/version, if so checks the preferred group/version for that same resource and if the length is the same (meaning those are the same API Resources but in different groups), pass to the next as this might not be deprecated :)
from kubepug.
@yogeek I'm closing this in favor of #72 but please feel free to reach me or reopen if you think those are different issues :)
Thank you
from kubepug.
Hi @rikatz ! Just a quick question : after I opened this issue, I noticed that the resource apiVersion was indeed rbac.authorization.k8s.io/v1 but the "last-applied" configuration apiVersion was in beta... Does it mean the YAML that were applied to the cluster contained 'beta' but during the apply, kubernetes modified it to set the 'v1' apiVersion ? Is it possible ?
And do your tool look at the real apiVersion or at the 'last-applied' one ?
from kubepug.
Related Issues (20)
- EKS cluster authentication issue HOT 1
- Pipe manifests to stdin for enhanced CI experience
- GitHub Actions formatter HOT 3
- Kubepug 2.0 - Planning
- policy/v1beta1 PodDisruptionBudget resources not reported HOT 2
- externaldns.k8s.io/v1alpha1 DNSEndpoint reported as deleted HOT 3
- CSIStorageCapacity deprecation not found HOT 3
- Use Kubernetes API markers as inputs
- Aggregated apiserver APIs are marked as removed HOT 3
- No output when using 1.6.0 HOT 5
- Is there a way to check upstream helm chart? HOT 1
- data.json hosted on Github HOT 2
- Standard output messes up prompt
- Move doc CI build to website repo HOT 1
- Documentation should show how to use kubepug installed by krew
- Deprecated/Removed Pod Security Policy not found
- CVE-2023-44487 HOT 1
- Add option to silence footer STDOUT
- Kubepug not showing any deprecated or removed API when checking a v1.24 cluster upgrading to v1.25 HOT 4
- Completions for kubectl-deprecations?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubepug.