Code Monkey home page Code Monkey logo

Comments (10)

mkmik avatar mkmik commented on June 12, 2024 2

We should fix that and have "show" behave like update

from kubecfg.

seh avatar seh commented on June 12, 2024

Can you share a few details about which objects are moving around? What are their GVKs, namespaces, and names?

kubecfg takes these details into consideration for sorting objects. It alphabetizes by namespace, name, and object kind. If for some reason your API was changing the OpenAPI schema it serves, changing details like whether a resource is namespaced or not, I could see this order jumping around.

from kubecfg.

derrickburns avatar derrickburns commented on June 12, 2024

Here is my example:

{ 
   foo: [ manifest1, manifest2 ],
   bar: [ manifest3, manifest4],
   baz: [ manifest5 ]
}

where

manifest3 has:

apiVersion: cert-manager.io/v1alpha2	
kind: Certificate

manifest4 has:

apiVersion: gateway.solo.io/v1
kind: VirtualService

All manifests are in the same namespace. All names are distinct.

Issues: manifest3 and manifest4 were swapped when re-running kubecfg.

from kubecfg.

derrickburns avatar derrickburns commented on June 12, 2024

Screen Shot 2020-04-20 at 12 12 36 PM

from kubecfg.

seh avatar seh commented on June 12, 2024

Thank you for the detailed example. What is the name of the VirtualService? Did it change between these two invocations?

from kubecfg.

derrickburns avatar derrickburns commented on June 12, 2024

The names didn't change (otherwise the change would have appeared in the diff).

from kubecfg.

seh avatar seh commented on June 12, 2024

What is the name of the VirtualService?

from kubecfg.

derrickburns avatar derrickburns commented on June 12, 2024

Here is the entire file:

---
apiVersion: helm.fluxcd.io/v1
kind: HelmRelease
metadata:
  labels:
    app: pomerium
  name: pomerium
  namespace: pomerium
spec:
  chart:
    name: pomerium
    repository: https://helm.pomerium.io
    version: 5.0.3
  releaseName: pomerium
  values:
    annotations:
      configmap.reloader.stakater.com/reload: pomerium
      secret.reloader.stakater.com/reload: pomerium
    authenticate:
      idp:
        serviceAccount: true
    config:
      existingSecret: pomerium
      policy:
      - allow_websockets: true
        allowed_groups:
        - [email protected]
        allowed_users: []
        from: https://dev-portal.dev.tidepool.org
        to: http://dev-portal.gloo-system.svc.cluster.local:8080
      - allow_websockets: true
        allowed_groups:
        - [email protected]
        allowed_users: []
        from: https://apiserver.dev.tidepool.org
        to: http://apiserver-ui.gloo-system.svc.cluster.local:8080
      - allow_websockets: true
        allowed_groups:
        - [email protected]
        allowed_users: []
        from: https://envoy-admin.dev.tidepool.org
        to: http://gateway-proxy.gloo-system.svc.cluster.local:19000
      - allow_websockets: true
        allowed_groups:
        - [email protected]
        allowed_users: []
        from: https://glooe-monitoring.dev.tidepool.org
        to: http://glooe-grafana.gloo-system.svc.cluster.local
      - allow_websockets: true
        allowed_groups:
        - [email protected]
        allowed_users: []
        from: https://glooe-metrics.dev.tidepool.org
        to: http://glooe-prometheus-server.gloo-system.svc.cluster.local
      - allow_websockets: true
        allowed_groups:
        - [email protected]
        allowed_users: []
        from: https://goldilocks.dev.tidepool.org
        to: http://goldilocks-dashboard.goldilocks.svc.cluster.local
      - allow_websockets: true
        allowed_groups:
        - [email protected]
        allowed_users: []
        from: https://linkerd-web.dev.tidepool.org
        to: http://linkerd-web.linkerd.svc.cluster.local:8084
      - allow_websockets: true
        allowed_groups:
        - [email protected]
        allowed_users: []
        from: https://grafana.dev.tidepool.org
        to: http://monitoring-prometheus-operator-grafana.monitoring.svc.cluster.local
      - allow_websockets: true
        allowed_groups:
        - [email protected]
        allowed_users: []
        from: https://tracing.dev.tidepool.org
        to: http://jaeger-query.tracing.svc.cluster.local:16686
      rootDomain: dev.tidepool.org
    extraEnv:
      log_level: debug
    forwardAuth:
      enabled: false
    ingress:
      enabled: false
    service:
      type: ClusterIP
---
apiVersion: gateway.solo.io/v1
kind: VirtualService
metadata:
  labels:
    protocol: http
    type: pomerium
  name: proxy-http
  namespace: pomerium
spec:
  displayName: proxy-http
  virtualHost:
    domains:
    - dev-portal.dev.tidepool.org
    - apiserver.dev.tidepool.org
    - envoy-admin.dev.tidepool.org
    - glooe-monitoring.dev.tidepool.org
    - glooe-metrics.dev.tidepool.org
    - goldilocks.dev.tidepool.org
    - linkerd-web.dev.tidepool.org
    - grafana.dev.tidepool.org
    - tracing.dev.tidepool.org
    routes:
    - matchers:
      - prefix: /
      redirectAction:
        httpsRedirect: true
---
apiVersion: gateway.solo.io/v1
kind: VirtualService
metadata:
  labels:
    protocol: https
    type: pomerium
  name: proxy-https
  namespace: pomerium
spec:
  displayName: proxy-https
  sslConfig:
    secretRef:
      name: pomerium-tls
      namespace: pomerium
    sniDomains:
    - dev-portal.dev.tidepool.org
    - apiserver.dev.tidepool.org
    - envoy-admin.dev.tidepool.org
    - glooe-monitoring.dev.tidepool.org
    - glooe-metrics.dev.tidepool.org
    - goldilocks.dev.tidepool.org
    - linkerd-web.dev.tidepool.org
    - grafana.dev.tidepool.org
    - tracing.dev.tidepool.org
  virtualHost:
    domains:
    - dev-portal.dev.tidepool.org
    - apiserver.dev.tidepool.org
    - envoy-admin.dev.tidepool.org
    - glooe-monitoring.dev.tidepool.org
    - glooe-metrics.dev.tidepool.org
    - goldilocks.dev.tidepool.org
    - linkerd-web.dev.tidepool.org
    - grafana.dev.tidepool.org
    - tracing.dev.tidepool.org
    routes:
    - matchers:
      - prefix: /
      options:
        headerManipulation:
          requestHeadersToRemove:
          - Origin
        upgrades:
        - websocket:
            enabled: true
      routeAction:
        single:
          upstream:
            name: pomerium-proxy
            namespace: pomerium
---
apiVersion: gateway.solo.io/v1
kind: VirtualService
metadata:
  labels:
    protocol: https
    type: pomerium
  name: authorize
  namespace: pomerium
spec:
  displayName: authorize
  sslConfig:
    secretRef:
      name: pomerium-tls
      namespace: pomerium
    sniDomains:
    - authorize.dev.tidepool.org
  virtualHost:
    domains:
    - authorize.dev.tidepool.org
    routes:
    - matchers:
      - prefix: /
      routeAction:
        single:
          upstream:
            name: pomerium-authorize
            namespace: pomerium
---
apiVersion: gateway.solo.io/v1
kind: VirtualService
metadata:
  labels:
    protocol: https
    type: pomerium
  name: authenticate
  namespace: pomerium
spec:
  displayName: authenticate
  sslConfig:
    secretRef:
      name: pomerium-tls
      namespace: pomerium
    sniDomains:
    - authenticate.dev.tidepool.org
  virtualHost:
    domains:
    - authenticate.dev.tidepool.org
    routes:
    - matchers:
      - prefix: /
      routeAction:
        single:
          upstream:
            name: pomerium-authenticate
            namespace: pomerium
---
apiVersion: gloo.solo.io/v1
kind: Upstream
metadata:
  labels:
    app: pomerium-proxy
  name: pomerium-proxy
  namespace: pomerium
spec:
  discoveryMetadata: {}
  kube:
    selector:
      app.kubernetes.io/instance: pomerium
      app.kubernetes.io/name: pomerium-proxy
    serviceName: pomerium-proxy
    serviceNamespace: pomerium
    servicePort: 443
  sslConfig:
    secretRef:
      name: pomerium-proxy-tls
      namespace: pomerium
---
apiVersion: gloo.solo.io/v1
kind: Upstream
metadata:
  labels:
    app: pomerium-authenticate
  name: pomerium-authenticate
  namespace: pomerium
spec:
  discoveryMetadata: {}
  kube:
    selector:
      app.kubernetes.io/instance: pomerium
      app.kubernetes.io/name: pomerium-authenticate
    serviceName: pomerium-authenticate
    serviceNamespace: pomerium
    servicePort: 443
  sslConfig:
    secretRef:
      name: pomerium-authenticate-tls
      namespace: pomerium
---
apiVersion: gloo.solo.io/v1
kind: Upstream
metadata:
  labels:
    app: pomerium-authorize
  name: pomerium-authorize
  namespace: pomerium
spec:
  discoveryMetadata: {}
  kube:
    selector:
      app.kubernetes.io/instance: pomerium
      app.kubernetes.io/name: pomerium-authorize
    serviceName: pomerium-authorize
    serviceNamespace: pomerium
    servicePort: 443
  sslConfig:
    secretRef:
      name: pomerium-authorize-tls
      namespace: pomerium
---
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  name: authenticate.dev.tidepool.org
  namespace: pomerium
spec:
  commonName: authenticate.dev.tidepool.org
  dnsNames:
  - authenticate.dev.tidepool.org
  - authorize.dev.tidepool.org
  - dev-portal.dev.tidepool.org
  - apiserver.dev.tidepool.org
  - envoy-admin.dev.tidepool.org
  - glooe-monitoring.dev.tidepool.org
  - glooe-metrics.dev.tidepool.org
  - goldilocks.dev.tidepool.org
  - linkerd-web.dev.tidepool.org
  - grafana.dev.tidepool.org
  - tracing.dev.tidepool.org
  issuerRef:
    kind: ClusterIssuer
    name: letsencrypt-production
  secretName: pomerium-tls

from kubecfg.

seh avatar seh commented on June 12, 2024

Ah, now I see what's wrong: only the delete and update subcommands sort the objects. In your case, presumably running show, you're falling prey to the the JSON reader's use of map iteration, which we know is deliberately unspecified and variable.

Thank you for providing the additional detail along the way.

from kubecfg.

derrickburns avatar derrickburns commented on June 12, 2024

Yes, I am using the show subcommand. I implement GitOps. I use kubecfg to generate the manifests.

from kubecfg.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.