New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable kubectl-get to strip managed fields #96878
Enable kubectl-get to strip managed fields #96878
Conversation
/assign @soltysh |
1100ee5
to
c5588ed
Compare
This helps but doesn't fix #90066 |
@luisdavim okay, I have updated this PR's description so that #90066 won't be closed. |
I think I'd rather prefer an additional format for the -o flag than this flag. There were a few suggestions already, something like Providing a format that does not show managedFields is keeping the current formats like they are. We should not drop any fields on get without it being an active decision by the user, as currently people are used to get giving them a full dump of the object. Also I think we should try to solve this on the Server-Side and then use the flag in the client. |
@kwiesmueller I think this is a good point, thanks for pointing it out. And if there is anything I could do now please let me know, I am willing to help! e.g. adding a new format /hold |
Right now, the task is unassigned. If you'd like to help, the best thing would be to stop by in the wg-api-expression Slack channel. I think we still need to discuss what the final solution will be, but help is always appreciated. As far as I remember there still is the question if we're able to filter the field at the server (some possible limitations with watch etc.). |
SSA will be brought into discussion during next-week's SIG-CLI, we'll go over this PR as well and we'll try to make the final call. |
Given that we're planning for a server-side header to hide managed fields, it does seem like a dedicated flag would make sense and it's smaller than defining behavior for a flag like -oshort. But we should update the KEP with the server-side header and the kubectl flag plan since we want to get this in for this release. |
/wg api-expression |
staging/src/k8s.io/cli-runtime/pkg/genericclioptions/json_yaml_flags.go
Outdated
Show resolved
Hide resolved
/cc |
/retest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Little bit late in the game but LGTM
/lgtm
"kubectl get secret -n kube-system cilium-ipsec-keys" outputs two lines with "keys:", one is the real key data and other is a "managedField": $ kubectl get secret -n kube-system cilium-ipsec-keys -o yaml | grep keys: keys: MyByZmM0MTA2KGdjbShhZXMpKSA3ZTE1YmZlNmQyZjczNGUzZmQ0YTEzM2FlZDU2MGQwMjEzZjBjNmRmIDEyOA== f:keys: {} It makes the whole command to get the key id to fail: $ KEYID=$(kubectl get secret -n kube-system cilium-ipsec-keys -o yaml|grep keys: | awk '{print $2}' | base64 -d | awk '{print $1}') base64: invalid input This will be fixed in next Kubernetes release (kubernetes/kubernetes#96878), in the meanwhile just use a regular expression in awk to match "keys:" at the begining. Fixes: 4ea52ae ("cilium: encryption, docs key updates") Signed-off-by: Mauricio Vásquez <mauricio@accuknox.com> Signed-off-by: Mauricio Vásquez <mauricio@kinvolk.io>
"kubectl get secret -n kube-system cilium-ipsec-keys" outputs two lines with "keys:", one is the real key data and other is a "managedField": $ kubectl get secret -n kube-system cilium-ipsec-keys -o yaml | grep keys: keys: MyByZmM0MTA2KGdjbShhZXMpKSA3ZTE1YmZlNmQyZjczNGUzZmQ0YTEzM2FlZDU2MGQwMjEzZjBjNmRmIDEyOA== f:keys: {} It makes the whole command to get the key id to fail: $ KEYID=$(kubectl get secret -n kube-system cilium-ipsec-keys -o yaml|grep keys: | awk '{print $2}' | base64 -d | awk '{print $1}') base64: invalid input This will be fixed in next Kubernetes release (kubernetes/kubernetes#96878), in the meanwhile just use a regular expression in awk to match "keys:" at the begining. Fixes: 4ea52ae ("cilium: encryption, docs key updates") Signed-off-by: Mauricio Vásquez <mauricio@accuknox.com> Signed-off-by: Mauricio Vásquez <mauricio@kinvolk.io>
[ upstream commit 458c623 ] "kubectl get secret -n kube-system cilium-ipsec-keys" outputs two lines with "keys:", one is the real key data and other is a "managedField": $ kubectl get secret -n kube-system cilium-ipsec-keys -o yaml | grep keys: keys: MyByZmM0MTA2KGdjbShhZXMpKSA3ZTE1YmZlNmQyZjczNGUzZmQ0YTEzM2FlZDU2MGQwMjEzZjBjNmRmIDEyOA== f:keys: {} It makes the whole command to get the key id to fail: $ KEYID=$(kubectl get secret -n kube-system cilium-ipsec-keys -o yaml|grep keys: | awk '{print $2}' | base64 -d | awk '{print $1}') base64: invalid input This will be fixed in next Kubernetes release (kubernetes/kubernetes#96878), in the meanwhile just use a regular expression in awk to match "keys:" at the begining. Fixes: 4ea52ae ("cilium: encryption, docs key updates") Signed-off-by: Mauricio Vásquez <mauricio@accuknox.com> Signed-off-by: Mauricio Vásquez <mauricio@kinvolk.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
[ upstream commit 458c623 ] "kubectl get secret -n kube-system cilium-ipsec-keys" outputs two lines with "keys:", one is the real key data and other is a "managedField": $ kubectl get secret -n kube-system cilium-ipsec-keys -o yaml | grep keys: keys: MyByZmM0MTA2KGdjbShhZXMpKSA3ZTE1YmZlNmQyZjczNGUzZmQ0YTEzM2FlZDU2MGQwMjEzZjBjNmRmIDEyOA== f:keys: {} It makes the whole command to get the key id to fail: $ KEYID=$(kubectl get secret -n kube-system cilium-ipsec-keys -o yaml|grep keys: | awk '{print $2}' | base64 -d | awk '{print $1}') base64: invalid input This will be fixed in next Kubernetes release (kubernetes/kubernetes#96878), in the meanwhile just use a regular expression in awk to match "keys:" at the begining. Fixes: 4ea52ae ("cilium: encryption, docs key updates") Signed-off-by: Mauricio Vásquez <mauricio@accuknox.com> Signed-off-by: Mauricio Vásquez <mauricio@kinvolk.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
[ upstream commit 458c623 ] "kubectl get secret -n kube-system cilium-ipsec-keys" outputs two lines with "keys:", one is the real key data and other is a "managedField": $ kubectl get secret -n kube-system cilium-ipsec-keys -o yaml | grep keys: keys: MyByZmM0MTA2KGdjbShhZXMpKSA3ZTE1YmZlNmQyZjczNGUzZmQ0YTEzM2FlZDU2MGQwMjEzZjBjNmRmIDEyOA== f:keys: {} It makes the whole command to get the key id to fail: $ KEYID=$(kubectl get secret -n kube-system cilium-ipsec-keys -o yaml|grep keys: | awk '{print $2}' | base64 -d | awk '{print $1}') base64: invalid input This will be fixed in next Kubernetes release (kubernetes/kubernetes#96878), in the meanwhile just use a regular expression in awk to match "keys:" at the begining. Fixes: 4ea52ae ("cilium: encryption, docs key updates") Signed-off-by: Mauricio Vásquez <mauricio@accuknox.com> Signed-off-by: Mauricio Vásquez <mauricio@kinvolk.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
[ upstream commit 458c623 ] "kubectl get secret -n kube-system cilium-ipsec-keys" outputs two lines with "keys:", one is the real key data and other is a "managedField": $ kubectl get secret -n kube-system cilium-ipsec-keys -o yaml | grep keys: keys: MyByZmM0MTA2KGdjbShhZXMpKSA3ZTE1YmZlNmQyZjczNGUzZmQ0YTEzM2FlZDU2MGQwMjEzZjBjNmRmIDEyOA== f:keys: {} It makes the whole command to get the key id to fail: $ KEYID=$(kubectl get secret -n kube-system cilium-ipsec-keys -o yaml|grep keys: | awk '{print $2}' | base64 -d | awk '{print $1}') base64: invalid input This will be fixed in next Kubernetes release (kubernetes/kubernetes#96878), in the meanwhile just use a regular expression in awk to match "keys:" at the begining. Fixes: 4ea52ae ("cilium: encryption, docs key updates") Signed-off-by: Mauricio Vásquez <mauricio@accuknox.com> Signed-off-by: Mauricio Vásquez <mauricio@kinvolk.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
[ upstream commit 458c623 ] "kubectl get secret -n kube-system cilium-ipsec-keys" outputs two lines with "keys:", one is the real key data and other is a "managedField": $ kubectl get secret -n kube-system cilium-ipsec-keys -o yaml | grep keys: keys: MyByZmM0MTA2KGdjbShhZXMpKSA3ZTE1YmZlNmQyZjczNGUzZmQ0YTEzM2FlZDU2MGQwMjEzZjBjNmRmIDEyOA== f:keys: {} It makes the whole command to get the key id to fail: $ KEYID=$(kubectl get secret -n kube-system cilium-ipsec-keys -o yaml|grep keys: | awk '{print $2}' | base64 -d | awk '{print $1}') base64: invalid input This will be fixed in next Kubernetes release (kubernetes/kubernetes#96878), in the meanwhile just use a regular expression in awk to match "keys:" at the begining. Fixes: 4ea52ae ("cilium: encryption, docs key updates") Signed-off-by: Mauricio Vásquez <mauricio@accuknox.com> Signed-off-by: Mauricio Vásquez <mauricio@kinvolk.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
[ upstream commit 458c623 ] "kubectl get secret -n kube-system cilium-ipsec-keys" outputs two lines with "keys:", one is the real key data and other is a "managedField": $ kubectl get secret -n kube-system cilium-ipsec-keys -o yaml | grep keys: keys: MyByZmM0MTA2KGdjbShhZXMpKSA3ZTE1YmZlNmQyZjczNGUzZmQ0YTEzM2FlZDU2MGQwMjEzZjBjNmRmIDEyOA== f:keys: {} It makes the whole command to get the key id to fail: $ KEYID=$(kubectl get secret -n kube-system cilium-ipsec-keys -o yaml|grep keys: | awk '{print $2}' | base64 -d | awk '{print $1}') base64: invalid input This will be fixed in next Kubernetes release (kubernetes/kubernetes#96878), in the meanwhile just use a regular expression in awk to match "keys:" at the begining. Fixes: 4ea52ae ("cilium: encryption, docs key updates") Signed-off-by: Mauricio Vásquez <mauricio@accuknox.com> Signed-off-by: Mauricio Vásquez <mauricio@kinvolk.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
[ upstream commit 458c623 ] "kubectl get secret -n kube-system cilium-ipsec-keys" outputs two lines with "keys:", one is the real key data and other is a "managedField": $ kubectl get secret -n kube-system cilium-ipsec-keys -o yaml | grep keys: keys: MyByZmM0MTA2KGdjbShhZXMpKSA3ZTE1YmZlNmQyZjczNGUzZmQ0YTEzM2FlZDU2MGQwMjEzZjBjNmRmIDEyOA== f:keys: {} It makes the whole command to get the key id to fail: $ KEYID=$(kubectl get secret -n kube-system cilium-ipsec-keys -o yaml|grep keys: | awk '{print $2}' | base64 -d | awk '{print $1}') base64: invalid input This will be fixed in next Kubernetes release (kubernetes/kubernetes#96878), in the meanwhile just use a regular expression in awk to match "keys:" at the begining. Fixes: 4ea52ae ("cilium: encryption, docs key updates") Signed-off-by: Mauricio Vásquez <mauricio@accuknox.com> Signed-off-by: Mauricio Vásquez <mauricio@kinvolk.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
This is awesome. I hate managed fields. |
Is this going to be backported to older kubectl versions? |
I am using kubectl -> 1.22.1 When I run the below commands, I still see the managed fields. |
@iam-veeramalla If you have a bug please open a separate issue. |
@iam-veeramalla you have typo there, |
My bad .. thanks |
What type of PR is this?
/kind feature
What this PR does / why we need it:
Enable
kubectl get
to strip managed fields to make the output less verbose.Which issue(s) this PR fixes:
xref #90066
Special notes for your reviewer:
Does this PR introduce a user-facing change?:
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: