Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable kubectl-get to strip managed fields #96878

Merged
merged 1 commit into from Feb 17, 2021
Merged

Enable kubectl-get to strip managed fields #96878

merged 1 commit into from Feb 17, 2021

Conversation

knight42
Copy link
Member

@knight42 knight42 commented Nov 26, 2020
edited

What type of PR is this?

/kind feature

What this PR does / why we need it:

Enable kubectl get to strip managed fields to make the output less verbose.

Which issue(s) this PR fixes:

xref #90066

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

kubectl: `kubectl get` will omit managed fields by default now. Users could set `--show-managed-fields` to true to show managedFields when the output format is either `json` or `yaml`.

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/feature Categorizes issue or PR as related to a new feature. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Nov 26, 2020
@k8s-ci-robot k8s-ci-robot added sig/cli Categorizes an issue or PR as relevant to SIG CLI. and removed do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Nov 26, 2020
@knight42
Copy link
Member Author

/assign @soltysh

@knight42 knight42 mentioned this pull request Nov 26, 2020
Closed
@knight42 knight42 force-pushed the feat/kubectl-strip-managed-fields branch from 1100ee5 to c5588ed Compare November 26, 2020 08:07
@luisdavim
Copy link

This helps but doesn't fix #90066

@knight42
Copy link
Member Author

@luisdavim okay, I have updated this PR's description so that #90066 won't be closed.

@kwiesmueller
Copy link
Member

I think I'd rather prefer an additional format for the -o flag than this flag.
edit is already fixed and only get should be remaining, this flag here is very generic.

There were a few suggestions already, something like -o simpleyaml.

Providing a format that does not show managedFields is keeping the current formats like they are.

We should not drop any fields on get without it being an active decision by the user, as currently people are used to get giving them a full dump of the object.

Also I think we should try to solve this on the Server-Side and then use the flag in the client.

@knight42
Copy link
Member Author

currently people are used to get giving them a full dump of the object.

@kwiesmueller I think this is a good point, thanks for pointing it out.

And if there is anything I could do now please let me know, I am willing to help! e.g. adding a new format simpleyaml

/hold

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Nov 26, 2020
@kwiesmueller
Copy link
Member

Right now, the task is unassigned. If you'd like to help, the best thing would be to stop by in the wg-api-expression Slack channel.

I think we still need to discuss what the final solution will be, but help is always appreciated.

As far as I remember there still is the question if we're able to filter the field at the server (some possible limitations with watch etc.).

@soltysh
Copy link
Contributor

soltysh commented Nov 26, 2020

SSA will be brought into discussion during next-week's SIG-CLI, we'll go over this PR as well and we'll try to make the final call.
Thanks @knight42 for holding with it for now :)

@julianvmodesto
Copy link
Contributor

Given that we're planning for a server-side header to hide managed fields, it does seem like a dedicated flag would make sense and it's smaller than defining behavior for a flag like -oshort.

But we should update the KEP with the server-side header and the kubectl flag plan since we want to get this in for this release.

@apelisse
Copy link
Member

/wg api-expression

@k8s-ci-robot k8s-ci-robot added the wg/api-expression Categorizes an issue or PR as relevant to WG API Expression. label Jan 28, 2021
@dougsland
Copy link
Member

/cc

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 16, 2021
@apelisse
Copy link
Member

/retest

@k8s-ci-robot k8s-ci-robot merged commit e2f018d into kubernetes:master Feb 17, 2021
@k8s-ci-robot k8s-ci-robot added this to the v1.21 milestone Feb 17, 2021
dougsland
dougsland reviewed Feb 17, 2021
View reviewed changes
Copy link
Member

@dougsland dougsland left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Little bit late in the game but LGTM
/lgtm

@knight42 knight42 deleted the feat/kubectl-strip-managed-fields branch February 17, 2021 04:54
@vasu1124 vasu1124 mentioned this pull request Feb 23, 2021
Closed
@mauriciovasquezbernal mauriciovasquezbernal mentioned this pull request Mar 16, 2021
Merged
mauriciovasquezbernal added a commit to kinvolk/cilium that referenced this pull request Mar 16, 2021
@mauriciovasquezbernal
Documentation: fix key rotation command in encryption guide
537bf79 
"kubectl get secret -n kube-system cilium-ipsec-keys" outputs two lines
with "keys:", one is the real key data and other is a "managedField":

$ kubectl get secret -n kube-system cilium-ipsec-keys -o yaml | grep keys:
  keys: MyByZmM0MTA2KGdjbShhZXMpKSA3ZTE1YmZlNmQyZjczNGUzZmQ0YTEzM2FlZDU2MGQwMjEzZjBjNmRmIDEyOA==
        f:keys: {}

It makes the whole command to get the key id to fail:

$ KEYID=$(kubectl get secret -n kube-system cilium-ipsec-keys -o yaml|grep keys: | awk '{print $2}' | base64 -d | awk '{print $1}')
base64: invalid input

This will be fixed in next Kubernetes release
(kubernetes/kubernetes#96878), in the meanwhile
just use a regular expression in awk to match "keys:" at the begining.

Fixes: 4ea52ae ("cilium: encryption, docs key updates")

Signed-off-by: Mauricio Vásquez <mauricio@accuknox.com>
Signed-off-by: Mauricio Vásquez <mauricio@kinvolk.io>
joestringer pushed a commit to cilium/cilium that referenced this pull request Mar 17, 2021
@mauriciovasquezbernal @joestringer
Documentation: fix key rotation command in encryption guide
458c623 
"kubectl get secret -n kube-system cilium-ipsec-keys" outputs two lines
with "keys:", one is the real key data and other is a "managedField":

$ kubectl get secret -n kube-system cilium-ipsec-keys -o yaml | grep keys:
  keys: MyByZmM0MTA2KGdjbShhZXMpKSA3ZTE1YmZlNmQyZjczNGUzZmQ0YTEzM2FlZDU2MGQwMjEzZjBjNmRmIDEyOA==
        f:keys: {}

It makes the whole command to get the key id to fail:

$ KEYID=$(kubectl get secret -n kube-system cilium-ipsec-keys -o yaml|grep keys: | awk '{print $2}' | base64 -d | awk '{print $1}')
base64: invalid input

This will be fixed in next Kubernetes release
(kubernetes/kubernetes#96878), in the meanwhile
just use a regular expression in awk to match "keys:" at the begining.

Fixes: 4ea52ae ("cilium: encryption, docs key updates")

Signed-off-by: Mauricio Vásquez <mauricio@accuknox.com>
Signed-off-by: Mauricio Vásquez <mauricio@kinvolk.io>
jrajahalme pushed a commit to cilium/cilium that referenced this pull request Mar 19, 2021
@mauriciovasquezbernal @jrajahalme
Documentation: fix key rotation command in encryption guide
b6d58a7 
[ upstream commit 458c623 ]

"kubectl get secret -n kube-system cilium-ipsec-keys" outputs two lines
with "keys:", one is the real key data and other is a "managedField":

$ kubectl get secret -n kube-system cilium-ipsec-keys -o yaml | grep keys:
  keys: MyByZmM0MTA2KGdjbShhZXMpKSA3ZTE1YmZlNmQyZjczNGUzZmQ0YTEzM2FlZDU2MGQwMjEzZjBjNmRmIDEyOA==
        f:keys: {}

It makes the whole command to get the key id to fail:

$ KEYID=$(kubectl get secret -n kube-system cilium-ipsec-keys -o yaml|grep keys: | awk '{print $2}' | base64 -d | awk '{print $1}')
base64: invalid input

This will be fixed in next Kubernetes release
(kubernetes/kubernetes#96878), in the meanwhile
just use a regular expression in awk to match "keys:" at the begining.

Fixes: 4ea52ae ("cilium: encryption, docs key updates")

Signed-off-by: Mauricio Vásquez <mauricio@accuknox.com>
Signed-off-by: Mauricio Vásquez <mauricio@kinvolk.io>
Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
jrajahalme pushed a commit to cilium/cilium that referenced this pull request Mar 19, 2021
@mauriciovasquezbernal @jrajahalme
Documentation: fix key rotation command in encryption guide
89d360f 
[ upstream commit 458c623 ]

"kubectl get secret -n kube-system cilium-ipsec-keys" outputs two lines
with "keys:", one is the real key data and other is a "managedField":

$ kubectl get secret -n kube-system cilium-ipsec-keys -o yaml | grep keys:
  keys: MyByZmM0MTA2KGdjbShhZXMpKSA3ZTE1YmZlNmQyZjczNGUzZmQ0YTEzM2FlZDU2MGQwMjEzZjBjNmRmIDEyOA==
        f:keys: {}

It makes the whole command to get the key id to fail:

$ KEYID=$(kubectl get secret -n kube-system cilium-ipsec-keys -o yaml|grep keys: | awk '{print $2}' | base64 -d | awk '{print $1}')
base64: invalid input

This will be fixed in next Kubernetes release
(kubernetes/kubernetes#96878), in the meanwhile
just use a regular expression in awk to match "keys:" at the begining.

Fixes: 4ea52ae ("cilium: encryption, docs key updates")

Signed-off-by: Mauricio Vásquez <mauricio@accuknox.com>
Signed-off-by: Mauricio Vásquez <mauricio@kinvolk.io>
Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
jrajahalme pushed a commit to cilium/cilium that referenced this pull request Mar 19, 2021
@mauriciovasquezbernal @jrajahalme
Documentation: fix key rotation command in encryption guide
d2b7c90 
[ upstream commit 458c623 ]

"kubectl get secret -n kube-system cilium-ipsec-keys" outputs two lines
with "keys:", one is the real key data and other is a "managedField":

$ kubectl get secret -n kube-system cilium-ipsec-keys -o yaml | grep keys:
  keys: MyByZmM0MTA2KGdjbShhZXMpKSA3ZTE1YmZlNmQyZjczNGUzZmQ0YTEzM2FlZDU2MGQwMjEzZjBjNmRmIDEyOA==
        f:keys: {}

It makes the whole command to get the key id to fail:

$ KEYID=$(kubectl get secret -n kube-system cilium-ipsec-keys -o yaml|grep keys: | awk '{print $2}' | base64 -d | awk '{print $1}')
base64: invalid input

This will be fixed in next Kubernetes release
(kubernetes/kubernetes#96878), in the meanwhile
just use a regular expression in awk to match "keys:" at the begining.

Fixes: 4ea52ae ("cilium: encryption, docs key updates")

Signed-off-by: Mauricio Vásquez <mauricio@accuknox.com>
Signed-off-by: Mauricio Vásquez <mauricio@kinvolk.io>
Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
joestringer pushed a commit to cilium/cilium that referenced this pull request Mar 22, 2021
@mauriciovasquezbernal @joestringer
Documentation: fix key rotation command in encryption guide
7e84854 
[ upstream commit 458c623 ]

"kubectl get secret -n kube-system cilium-ipsec-keys" outputs two lines
with "keys:", one is the real key data and other is a "managedField":

$ kubectl get secret -n kube-system cilium-ipsec-keys -o yaml | grep keys:
  keys: MyByZmM0MTA2KGdjbShhZXMpKSA3ZTE1YmZlNmQyZjczNGUzZmQ0YTEzM2FlZDU2MGQwMjEzZjBjNmRmIDEyOA==
        f:keys: {}

It makes the whole command to get the key id to fail:

$ KEYID=$(kubectl get secret -n kube-system cilium-ipsec-keys -o yaml|grep keys: | awk '{print $2}' | base64 -d | awk '{print $1}')
base64: invalid input

This will be fixed in next Kubernetes release
(kubernetes/kubernetes#96878), in the meanwhile
just use a regular expression in awk to match "keys:" at the begining.

Fixes: 4ea52ae ("cilium: encryption, docs key updates")

Signed-off-by: Mauricio Vásquez <mauricio@accuknox.com>
Signed-off-by: Mauricio Vásquez <mauricio@kinvolk.io>
Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
joestringer pushed a commit to cilium/cilium that referenced this pull request Mar 22, 2021
@mauriciovasquezbernal @joestringer
Documentation: fix key rotation command in encryption guide
fc45ce8 
[ upstream commit 458c623 ]

"kubectl get secret -n kube-system cilium-ipsec-keys" outputs two lines
with "keys:", one is the real key data and other is a "managedField":

$ kubectl get secret -n kube-system cilium-ipsec-keys -o yaml | grep keys:
  keys: MyByZmM0MTA2KGdjbShhZXMpKSA3ZTE1YmZlNmQyZjczNGUzZmQ0YTEzM2FlZDU2MGQwMjEzZjBjNmRmIDEyOA==
        f:keys: {}

It makes the whole command to get the key id to fail:

$ KEYID=$(kubectl get secret -n kube-system cilium-ipsec-keys -o yaml|grep keys: | awk '{print $2}' | base64 -d | awk '{print $1}')
base64: invalid input

This will be fixed in next Kubernetes release
(kubernetes/kubernetes#96878), in the meanwhile
just use a regular expression in awk to match "keys:" at the begining.

Fixes: 4ea52ae ("cilium: encryption, docs key updates")

Signed-off-by: Mauricio Vásquez <mauricio@accuknox.com>
Signed-off-by: Mauricio Vásquez <mauricio@kinvolk.io>
Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
jrajahalme pushed a commit to cilium/cilium that referenced this pull request Mar 25, 2021
@mauriciovasquezbernal @jrajahalme
Documentation: fix key rotation command in encryption guide
89699b0 
[ upstream commit 458c623 ]

"kubectl get secret -n kube-system cilium-ipsec-keys" outputs two lines
with "keys:", one is the real key data and other is a "managedField":

$ kubectl get secret -n kube-system cilium-ipsec-keys -o yaml | grep keys:
  keys: MyByZmM0MTA2KGdjbShhZXMpKSA3ZTE1YmZlNmQyZjczNGUzZmQ0YTEzM2FlZDU2MGQwMjEzZjBjNmRmIDEyOA==
        f:keys: {}

It makes the whole command to get the key id to fail:

$ KEYID=$(kubectl get secret -n kube-system cilium-ipsec-keys -o yaml|grep keys: | awk '{print $2}' | base64 -d | awk '{print $1}')
base64: invalid input

This will be fixed in next Kubernetes release
(kubernetes/kubernetes#96878), in the meanwhile
just use a regular expression in awk to match "keys:" at the begining.

Fixes: 4ea52ae ("cilium: encryption, docs key updates")

Signed-off-by: Mauricio Vásquez <mauricio@accuknox.com>
Signed-off-by: Mauricio Vásquez <mauricio@kinvolk.io>
Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
aanm pushed a commit to cilium/cilium that referenced this pull request Mar 29, 2021
@mauriciovasquezbernal @aanm
Documentation: fix key rotation command in encryption guide
6aeae69 
[ upstream commit 458c623 ]

"kubectl get secret -n kube-system cilium-ipsec-keys" outputs two lines
with "keys:", one is the real key data and other is a "managedField":

$ kubectl get secret -n kube-system cilium-ipsec-keys -o yaml | grep keys:
  keys: MyByZmM0MTA2KGdjbShhZXMpKSA3ZTE1YmZlNmQyZjczNGUzZmQ0YTEzM2FlZDU2MGQwMjEzZjBjNmRmIDEyOA==
        f:keys: {}

It makes the whole command to get the key id to fail:

$ KEYID=$(kubectl get secret -n kube-system cilium-ipsec-keys -o yaml|grep keys: | awk '{print $2}' | base64 -d | awk '{print $1}')
base64: invalid input

This will be fixed in next Kubernetes release
(kubernetes/kubernetes#96878), in the meanwhile
just use a regular expression in awk to match "keys:" at the begining.

Fixes: 4ea52ae ("cilium: encryption, docs key updates")

Signed-off-by: Mauricio Vásquez <mauricio@accuknox.com>
Signed-off-by: Mauricio Vásquez <mauricio@kinvolk.io>
Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
@alexec
Copy link

alexec commented Apr 1, 2021

This is awesome. I hate managed fields.

@curusarn
Copy link

Is this going to be backported to older kubectl versions?

solsson added a commit to Yolean/ystack that referenced this pull request Jun 27, 2021
@solsson
kubectl 1.21+ has the fix for managedFields and a fresh Kustomize
b029123 
- kubernetes-sigs/kustomize#1500 (comment)
- kubernetes/kubernetes#96878
@pacoxu pacoxu mentioned this pull request Jul 8, 2021
Closed
@wallrj wallrj mentioned this pull request Aug 12, 2021
Closed
@iam-veeramalla
Copy link

I am using kubectl -> 1.22.1

When I run the below commands, I still see the managed fields.
kubectl get service foo -o yaml
kubectl get --show-managed-feilds=false service foo -o yaml

@apelisse
Copy link
Member

@iam-veeramalla If you have a bug please open a separate issue.

@navry
Copy link

navry commented Nov 18, 2021

@iam-veeramalla you have typo there, show-managed-fields instead of show-managed-feilds

@iam-veeramalla
Copy link

@iam-veeramalla you have typo there, show-managed-fields instead of show-managed-feilds

My bad .. thanks

@soltysh soltysh mentioned this pull request Feb 4, 2022
Merged
@soltysh soltysh mentioned this pull request Dec 19, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dougsland dougsland dougsland left review comments

@soltysh soltysh soltysh approved these changes

@deads2k deads2k Awaiting requested review from deads2k

@apelisse apelisse Awaiting requested review from apelisse

Assignees

@soltysh soltysh

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/kubectl area/test cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/feature Categorizes issue or PR as related to a new feature. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/backlog Higher priority than priority/awaiting-more-evidence. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/cli Categorizes an issue or PR as relevant to SIG CLI. sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on. wg/api-expression Categorizes an issue or PR as relevant to WG API Expression.
Projects
None yet
Milestone
v1.21
Development

Successfully merging this pull request may close these issues.

None yet