Quarkus: Kubernetes - multiple problems in generated kubernetes.yml after merging

Created on 20 Oct 2020  路  16Comments  路  Source: quarkusio/quarkus

I want to add a securityContext to the Deployment and leave all else unchanged. but I run into some snags with the generated kubernetes.yml.

Steps to reproduce -- Following this guide: https://quarkus.io/guides/deploying-to-kubernetes

  • Generate a new application, quarkus 1.8.3-FINAL, extension: Kubernetes (and Jib which is not relevant)
  • Copy kubernetes1.yml or kubernetes2.yml to src/main/kubernetes/kubernetes.yml
  • Run mvn clean package

Try kubernetes1.yml

  • This is a direct copy paste from the guide

PROBLEM 1:
Crashes with NPE, stack trace in kubernetes1-stacktrace.txt

Try kubernetes2.yml and check target/kubernetes/kubernetes.yml

PROBLEM 2:
This disappears completely: supplementalGroups: [5555]
Note: The surrounding RunAsUser/RunAsGroup dont disappear
Note: This is example code from https://docs.openshift.com/container-platform/3.11/install_config/persistent_storage/persistent_storage_nfs.html#nfs-supplemental-groups

PROBLEM 3:
I want only to add a securityContext under spec/template/spec/containers/ and keep
the quarkus generated data. But almost everything disappears
an extra wrinkle is metadata/labels/* where the version number is removed and must be maintained manually.
Hence, the selector of the 'Service' object does not point to the DeploymentConfig when the project
version number is modified.
Workaround:
In application.properties: define quarkus.openshift.version=999.999 so it wont modify

PROBLEM 4:
Uncomment # error to cause a syntax error.
The error message talks about line 13 not 20
This means line numbers are counted starting from the current resource at line 8

PROBLEM 5:
Our org is running openshift 3.11. It identifies applications based on the 'app' label which is not
defined by quarkus.

Workaround:
    In application.properties: define quarkus.openshift.labels.app=application name

PROBLEM 6:
Minor problem - If I change the name of the Deployment, I get 2 deployments (correct) but the name
of the service account changes too (strange). Hence, the first Deployment now refers to a non-existant
service account

kubernetes1.yml.txt
kubernetes2.yml.txt
kubernetes1-stacktrace.txt

arekubernetes kinbug triagout-of-date
Source
picture hyperman1

Most helpful comment

Thanks for the detailed report. I will have a look asap.

picture iocanel on 20 Oct 2020
👍2

All 16 comments

/cc @geoand

quarkusbot picture quarkusbot on 20 Oct 2020

cc @iocanel

geoand picture geoand on 20 Oct 2020

Thanks for the detailed report. I will have a look asap.

iocanel picture iocanel on 20 Oct 2020
👍2

Thanks. Let me know if you want this split up in multiple reports.

hyperman1 picture hyperman1 on 20 Oct 2020

Problem1: The NPE, is due to the fact that the port doesn't have a name which is considered mandatory. I will address that asap.

iocanel picture iocanel on 20 Oct 2020

Problem 2: Is misconfiguration from the user side. The securityContext under the Container DOES NOT have any property related to supplementalGroups. There is however a securityContext under the PodSpec that does.

If configuration is moved under there, its expected to work.

iocanel picture iocanel on 21 Oct 2020

@iocanel Thanks for looking in this.
Re problem2: You are correct. I would suggest giving an error message instead of silently dropping unrecognized items. I indeed still make many junior mistakes, and it helps if the build points them out.

hyperman1 picture hyperman1 on 22 Oct 2020

@iocanel Thanks for looking in this.
Re problem2: You are correct. I would suggest giving an error message instead of silently dropping unrecognized items. I indeed still make many junior mistakes, and it helps if the build points them out.

It makes sense. I'll have a look at it!

iocanel picture iocanel on 22 Oct 2020

Probelm 5: Created https://github.com/quarkusio/quarkus/pull/12884

iocanel picture iocanel on 22 Oct 2020

@iocanel Thanks for looking in this.
Re problem2: You are correct. I would suggest giving an error message instead of silently dropping unrecognized items. I indeed still make many junior mistakes, and it helps if the build points them out.

It makes sense. I'll have a look at it!

It's not trivial to implement this feature and it needs to be addressed way up in the dependency chain, so I don't see it happening any time soon.

iocanel picture iocanel on 27 Oct 2020

Problem 4: Each resource in the document is serialized one by one. So the numbers reported by Jackson will always refer to the relative line of the current resource.

The only way we could possibly deal with it is to catch Jackson exceptions and manually calucalate the line numbers.
I would create a separate issue just for this one and then close this issue.
cc @hyperman1

iocanel picture iocanel on 27 Oct 2020

@iocanel re problem 4 there is an other solution: Add blank/comment dummy lines on top until the line numbers match.

hyperman1 picture hyperman1 on 27 Oct 2020

re closing this issue.: What about problem 3 and especially the missing version

hyperman1 picture hyperman1 on 27 Oct 2020

@iocanel re problem 4 there is an other solution: Add blank/comment dummy lines on top until the line numbers match.

Love it! Will try it ASAP!

iocanel picture iocanel on 28 Oct 2020

I will close this, as I feel that we addressed all issues.

iocanel picture iocanel on 24 Nov 2020

OK, thanks

hyperman1 picture hyperman1 on 24 Nov 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

dansiviter picture dansiviter  路  3Comments
enbohm picture enbohm  路  3Comments
rodrigofujioka picture rodrigofujioka  路  3Comments
rsvoboda picture rsvoboda  路  3Comments
MossabTN picture MossabTN  路  3Comments