kubectl-neat
kubectl-neat copied to clipboard
NeatEmpty may be too agressive
NeatEmpty will look for empty resources and clean up their entire hierarchy if necessary. This was originally designed to handle the fact the Neaters may leave fields empty after they finish working, however it may not always work for the benefit of the user. consider the following common CRD in Istio:
apiVersion: "authentication.istio.io/v1alpha1"
kind: "Policy"
metadata:
name: "default"
namespace: "foo"
spec:
peers:
- mtls: {}
NeatEmpty
will end up deleting .spec
altogether.
Similar thing might happen with emptyDir
volumes:
See this configuration example from official docs (https://kubernetes.io/docs/concepts/storage/volumes/#emptydir-configuration-example):
apiVersion: v1
kind: Pod
metadata:
name: test-pd
spec:
containers:
- image: k8s.gcr.io/test-webserver
name: test-container
volumeMounts:
- mountPath: /cache
name: cache-volume
volumes:
- name: cache-volume
emptyDir: {}
I'm getting this issue with cert-manager where an issuer is configured to be self signed. kneat Removes the spec altogether which deletes essential information
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
annotations:
creationTimestamp: "2023-05-02T14:14:49Z"
generation: 1
name: letsencrypt-staging
namespace: test-top-kuard
resourceVersion: "8869238"
spec:
selfSigned: {}
It deletes the spec.selfSigned field altogether.