Comments (10)
We should fix that and have "show" behave like update
from kubecfg.
Can you share a few details about which objects are moving around? What are their GVKs, namespaces, and names?
kubecfg takes these details into consideration for sorting objects. It alphabetizes by namespace, name, and object kind. If for some reason your API was changing the OpenAPI schema it serves, changing details like whether a resource is namespaced or not, I could see this order jumping around.
from kubecfg.
Here is my example:
{
foo: [ manifest1, manifest2 ],
bar: [ manifest3, manifest4],
baz: [ manifest5 ]
}
where
manifest3
has:
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
manifest4
has:
apiVersion: gateway.solo.io/v1
kind: VirtualService
All manifests are in the same namespace. All names are distinct.
Issues: manifest3
and manifest4
were swapped when re-running kubecfg.
from kubecfg.
from kubecfg.
Thank you for the detailed example. What is the name of the VirtualService? Did it change between these two invocations?
from kubecfg.
The names didn't change (otherwise the change would have appeared in the diff).
from kubecfg.
What is the name of the VirtualService?
from kubecfg.
Here is the entire file:
---
apiVersion: helm.fluxcd.io/v1
kind: HelmRelease
metadata:
labels:
app: pomerium
name: pomerium
namespace: pomerium
spec:
chart:
name: pomerium
repository: https://helm.pomerium.io
version: 5.0.3
releaseName: pomerium
values:
annotations:
configmap.reloader.stakater.com/reload: pomerium
secret.reloader.stakater.com/reload: pomerium
authenticate:
idp:
serviceAccount: true
config:
existingSecret: pomerium
policy:
- allow_websockets: true
allowed_groups:
- [email protected]
allowed_users: []
from: https://dev-portal.dev.tidepool.org
to: http://dev-portal.gloo-system.svc.cluster.local:8080
- allow_websockets: true
allowed_groups:
- [email protected]
allowed_users: []
from: https://apiserver.dev.tidepool.org
to: http://apiserver-ui.gloo-system.svc.cluster.local:8080
- allow_websockets: true
allowed_groups:
- [email protected]
allowed_users: []
from: https://envoy-admin.dev.tidepool.org
to: http://gateway-proxy.gloo-system.svc.cluster.local:19000
- allow_websockets: true
allowed_groups:
- [email protected]
allowed_users: []
from: https://glooe-monitoring.dev.tidepool.org
to: http://glooe-grafana.gloo-system.svc.cluster.local
- allow_websockets: true
allowed_groups:
- [email protected]
allowed_users: []
from: https://glooe-metrics.dev.tidepool.org
to: http://glooe-prometheus-server.gloo-system.svc.cluster.local
- allow_websockets: true
allowed_groups:
- [email protected]
allowed_users: []
from: https://goldilocks.dev.tidepool.org
to: http://goldilocks-dashboard.goldilocks.svc.cluster.local
- allow_websockets: true
allowed_groups:
- [email protected]
allowed_users: []
from: https://linkerd-web.dev.tidepool.org
to: http://linkerd-web.linkerd.svc.cluster.local:8084
- allow_websockets: true
allowed_groups:
- [email protected]
allowed_users: []
from: https://grafana.dev.tidepool.org
to: http://monitoring-prometheus-operator-grafana.monitoring.svc.cluster.local
- allow_websockets: true
allowed_groups:
- [email protected]
allowed_users: []
from: https://tracing.dev.tidepool.org
to: http://jaeger-query.tracing.svc.cluster.local:16686
rootDomain: dev.tidepool.org
extraEnv:
log_level: debug
forwardAuth:
enabled: false
ingress:
enabled: false
service:
type: ClusterIP
---
apiVersion: gateway.solo.io/v1
kind: VirtualService
metadata:
labels:
protocol: http
type: pomerium
name: proxy-http
namespace: pomerium
spec:
displayName: proxy-http
virtualHost:
domains:
- dev-portal.dev.tidepool.org
- apiserver.dev.tidepool.org
- envoy-admin.dev.tidepool.org
- glooe-monitoring.dev.tidepool.org
- glooe-metrics.dev.tidepool.org
- goldilocks.dev.tidepool.org
- linkerd-web.dev.tidepool.org
- grafana.dev.tidepool.org
- tracing.dev.tidepool.org
routes:
- matchers:
- prefix: /
redirectAction:
httpsRedirect: true
---
apiVersion: gateway.solo.io/v1
kind: VirtualService
metadata:
labels:
protocol: https
type: pomerium
name: proxy-https
namespace: pomerium
spec:
displayName: proxy-https
sslConfig:
secretRef:
name: pomerium-tls
namespace: pomerium
sniDomains:
- dev-portal.dev.tidepool.org
- apiserver.dev.tidepool.org
- envoy-admin.dev.tidepool.org
- glooe-monitoring.dev.tidepool.org
- glooe-metrics.dev.tidepool.org
- goldilocks.dev.tidepool.org
- linkerd-web.dev.tidepool.org
- grafana.dev.tidepool.org
- tracing.dev.tidepool.org
virtualHost:
domains:
- dev-portal.dev.tidepool.org
- apiserver.dev.tidepool.org
- envoy-admin.dev.tidepool.org
- glooe-monitoring.dev.tidepool.org
- glooe-metrics.dev.tidepool.org
- goldilocks.dev.tidepool.org
- linkerd-web.dev.tidepool.org
- grafana.dev.tidepool.org
- tracing.dev.tidepool.org
routes:
- matchers:
- prefix: /
options:
headerManipulation:
requestHeadersToRemove:
- Origin
upgrades:
- websocket:
enabled: true
routeAction:
single:
upstream:
name: pomerium-proxy
namespace: pomerium
---
apiVersion: gateway.solo.io/v1
kind: VirtualService
metadata:
labels:
protocol: https
type: pomerium
name: authorize
namespace: pomerium
spec:
displayName: authorize
sslConfig:
secretRef:
name: pomerium-tls
namespace: pomerium
sniDomains:
- authorize.dev.tidepool.org
virtualHost:
domains:
- authorize.dev.tidepool.org
routes:
- matchers:
- prefix: /
routeAction:
single:
upstream:
name: pomerium-authorize
namespace: pomerium
---
apiVersion: gateway.solo.io/v1
kind: VirtualService
metadata:
labels:
protocol: https
type: pomerium
name: authenticate
namespace: pomerium
spec:
displayName: authenticate
sslConfig:
secretRef:
name: pomerium-tls
namespace: pomerium
sniDomains:
- authenticate.dev.tidepool.org
virtualHost:
domains:
- authenticate.dev.tidepool.org
routes:
- matchers:
- prefix: /
routeAction:
single:
upstream:
name: pomerium-authenticate
namespace: pomerium
---
apiVersion: gloo.solo.io/v1
kind: Upstream
metadata:
labels:
app: pomerium-proxy
name: pomerium-proxy
namespace: pomerium
spec:
discoveryMetadata: {}
kube:
selector:
app.kubernetes.io/instance: pomerium
app.kubernetes.io/name: pomerium-proxy
serviceName: pomerium-proxy
serviceNamespace: pomerium
servicePort: 443
sslConfig:
secretRef:
name: pomerium-proxy-tls
namespace: pomerium
---
apiVersion: gloo.solo.io/v1
kind: Upstream
metadata:
labels:
app: pomerium-authenticate
name: pomerium-authenticate
namespace: pomerium
spec:
discoveryMetadata: {}
kube:
selector:
app.kubernetes.io/instance: pomerium
app.kubernetes.io/name: pomerium-authenticate
serviceName: pomerium-authenticate
serviceNamespace: pomerium
servicePort: 443
sslConfig:
secretRef:
name: pomerium-authenticate-tls
namespace: pomerium
---
apiVersion: gloo.solo.io/v1
kind: Upstream
metadata:
labels:
app: pomerium-authorize
name: pomerium-authorize
namespace: pomerium
spec:
discoveryMetadata: {}
kube:
selector:
app.kubernetes.io/instance: pomerium
app.kubernetes.io/name: pomerium-authorize
serviceName: pomerium-authorize
serviceNamespace: pomerium
servicePort: 443
sslConfig:
secretRef:
name: pomerium-authorize-tls
namespace: pomerium
---
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: authenticate.dev.tidepool.org
namespace: pomerium
spec:
commonName: authenticate.dev.tidepool.org
dnsNames:
- authenticate.dev.tidepool.org
- authorize.dev.tidepool.org
- dev-portal.dev.tidepool.org
- apiserver.dev.tidepool.org
- envoy-admin.dev.tidepool.org
- glooe-monitoring.dev.tidepool.org
- glooe-metrics.dev.tidepool.org
- goldilocks.dev.tidepool.org
- linkerd-web.dev.tidepool.org
- grafana.dev.tidepool.org
- tracing.dev.tidepool.org
issuerRef:
kind: ClusterIssuer
name: letsencrypt-production
secretName: pomerium-tls
from kubecfg.
Ah, now I see what's wrong: only the delete and update subcommands sort the objects. In your case, presumably running show, you're falling prey to the the JSON reader's use of map iteration, which we know is deliberately unspecified and variable.
Thank you for providing the additional detail along the way.
from kubecfg.
Yes, I am using the show subcommand. I implement GitOps. I use kubecfg to generate the manifests.
from kubecfg.
Related Issues (20)
- type assertion panic in --diff-strategy=subset
- Allow specifying kubecfg cluster within jsonnet files
- Diff & confirm before apply
- Cuelang Support HOT 4
- Please update to go-sonnet version v0.14.0. HOT 2
- ext-code/tla-code improperly parsed
- Error go getting kubecfg HOT 1
- Generate breadcrumbs
- std.sort differs from go-jsonnet implementation HOT 4
- Validate command didn't report error, but kubctl report error
- Cant' get kubecfg to validate CRD from cert-manager
- kubecfg fails to install with Go v1.16
- Import external json file with --tla-code not working
- extCodeFile support for yaml
- Unstable key order within maps
- Add support for show command to render non-K8s objects
- Add ability to render multiple files from same invocation to kubecfg
- Handle client-go warnings
- diff subcommand should ignore gc tag HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubecfg.