kubectl-neat icon indicating copy to clipboard operation
kubectl-neat copied to clipboard

Published 20 hours ago verified publisher icon itaysk

NeatEmpty may be too agressive

Open itaysk opened this issue 4 years ago • 2 comments

NeatEmpty will look for empty resources and clean up their entire hierarchy if necessary. This was originally designed to handle the fact the Neaters may leave fields empty after they finish working, however it may not always work for the benefit of the user. consider the following common CRD in Istio:

apiVersion: "authentication.istio.io/v1alpha1"
kind: "Policy"
metadata:
  name: "default"
  namespace: "foo"
spec:
  peers:
  - mtls: {}

NeatEmpty will end up deleting .spec altogether.

itaysk avatar Nov 09 '19 18:11 itaysk

Similar thing might happen with emptyDir volumes: See this configuration example from official docs (https://kubernetes.io/docs/concepts/storage/volumes/#emptydir-configuration-example):

apiVersion: v1
kind: Pod
metadata:
  name: test-pd
spec:
  containers:
  - image: k8s.gcr.io/test-webserver
    name: test-container
    volumeMounts:
    - mountPath: /cache
      name: cache-volume
  volumes:
  - name: cache-volume
    emptyDir: {}

curusarn avatar Apr 19 '21 20:04 curusarn

I'm getting this issue with cert-manager where an issuer is configured to be self signed. kneat Removes the spec altogether which deletes essential information

apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  annotations:
  creationTimestamp: "2023-05-02T14:14:49Z"
  generation: 1
  name: letsencrypt-staging
  namespace: test-top-kuard
  resourceVersion: "8869238"
spec:
  selfSigned: {}

It deletes the spec.selfSigned field altogether.

buckleyGI avatar May 07 '23 16:05 buckleyGI