flux2 icon indicating copy to clipboard operation
flux2 copied to clipboard
verified publisher icon fluxcd

`flux diff` does not show changes applied by a flux Kustomization patch

Open cormacrelf opened this issue 8 months ago • 2 comments

Describe the bug

This git diff, if reconciled in Flux, does in fact change the field on the resource (a postgres cluster), and generally works as expected. However, flux diff only shows a change in the Kustomization resource's patch field, but shows no change in the Cluster resource that it is patching.

diff --git a/clusters/staging/apps.yaml b/clusters/staging/apps.yaml
index 45b5996c87..420c6c314d 100644
--- a/clusters/staging/apps.yaml
+++ b/clusters/staging/apps.yaml
@@ -49,7 +49,7 @@
  sourceRef:
    kind: OCIRepository
    name: whatever
  patches:
    - target:
        group: postgresql.cnpg.io
        kind: Cluster
        name: db
       patch: |-
         - op: replace
           path: /spec/backup/barmanObjectStore/destinationPath
-          value: gs://some-bucket
+          value: gs://some-other-bucket
         - op: replace
           path: /spec/backup/barmanObjectStore/serverName
           value: &BACKUP_TO ...

Gives

$ flux diff kustomization flux-system --path clusters/staging --recursive --local-sources GitRepository/flux-system/flux-system=. --local-sources OCIRepository/myapp/myapp=./apps/base/whatever

✓  Kustomization diffing...
► Kustomization/whatever drifted

metadata.generation
  ± value change
    - 18
    + 19

spec.patches.0.patch
  ± value change in multiline text (one insert, one deletion)
    -   value: gs://some-bucket
    +   value: gs://some-other-bucket

⚠️ identified at least one change, exiting with non-zero exit code

This is wrong. I can edit the Cluster resource where it's defined, and that shows up in flux diff, but without the patches applied.

diff --git a/apps/base/myapp/db.yaml b/apps/base/myapp/db.yaml
index 41408bfdd0..8c786be9e4 100644
--- a/apps/base/myapp/db.yaml
+++ b/apps/base/myapp/db.yaml
@@ -77,7 +77,7 @@
-    resizeInUseVolumes: true
+    resizeInUseVolumes: false # NOT changed in kustomization

@@ -105,7 +105,7 @@
     barmanObjectStore: &barmanObjectStore
-      destinationPath: gs://original-bucket
+      destinationPath: gs://changed-at-definition # and also in kustomization
       googleCredentials:
         gkeEnvironment: true

diff --git a/clusters/staging/apps.yaml b/clusters/staging/apps.yaml
index 45b5996c87..1d5909f725 100644
--- a/clusters/staging/apps.yaml
+++ b/clusters/staging/apps.yaml
@@ -49,7 +49,7 @@
       patch: |-
         - op: replace
           path: /spec/backup/barmanObjectStore/destinationPath
-          value: gs://some-bucket
+          value: gs://some-other-bucket
         - op: replace
           path: /spec/backup/barmanObjectStore/serverName
           value: &BACKUP_TO ...

This gives

✓  Kustomization diffing...
► Kustomization/whatever drifted

metadata.generation
  ± value change
    - 18
    + 19

spec.patches.0.patch
  ± value change in multiline text (one insert, one deletion)
    -   value: gs://some-bucket
    +   value: gs://some-other-bucket


📁 Kustomization/myapp/myapp changed
► Cluster/myapp/db drifted

metadata.generation
  ± value change
    - 4
    + 5

spec.externalClusters.db.barmanObjectStore.destinationPath
  ± value change
    - gs://original-bucket
    + gs://changed-at-definition

spec.storage.resizeInUseVolumes
  ± value change
    - true
    + false

While we can definitely diff the resource, the patch is still not being simulated over the top.

Steps to reproduce

  1. Install flux with a flux Kustomization resource and some patches over any resource owned by the kustomization
  2. Reconcile
  3. Change the Kustomization's patches section
  4. flux diff

Expected behavior

flux diff kustomization should apply the patches and show a diff for what effect they have. This is really valuable because I personally make a lot of mistakes writing RFC6902, and it would be nice if Flux could tell me if it's going to have the desired effect. Moreover telling me nothing changed on the resource is just wrong and really confusing.

Screenshots and recordings

No response

OS / Distro

Linux

Flux version

2.5.0

This also happens in 2.5.1 despite https://github.com/fluxcd/flux2/pull/5176

Flux check

n/a

Git provider

No response

Container Registry provider

No response

Additional context

No response

Code of Conduct

  • [x] I agree to follow this project's Code of Conduct

cormacrelf avatar Apr 10 '25 01:04 cormacrelf

This may be a bug in the recursive implementation. If you run flux diff ks apps --kustomization-file apps.yaml does it print the correct diff?

stefanprodan avatar Apr 10 '25 07:04 stefanprodan

hello,

this is still an issue in flux 2.6.4

I tried to do the diff directly on the kustomization file with the patches (but still need to use the recursive flag though) and it doesn't show any diff whereas my patch is ok and working if push it.

deadlybore avatar Oct 09 '25 14:10 deadlybore