Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kubectl returns kind: ValidatingAdmissionPolicyList for empty list of policies #1593

Open
ilia1243 opened this issue Apr 26, 2024 · 15 comments · May be fixed by kubernetes/kubernetes#124568
Open

kubectl returns kind: ValidatingAdmissionPolicyList for empty list of policies #1593

ilia1243 opened this issue Apr 26, 2024 · 15 comments · May be fixed by kubernetes/kubernetes#124568
Assignees
@xyz-li
Labels
kind/bug Categorizes issue or PR as related to a bug. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. sig/cli Categorizes an issue or PR as relevant to SIG CLI.

Comments

@ilia1243
Copy link

What happened?

There is a cosmetic inconsistency of kubectl get validatingadmissionpolicies -o yaml output for empty and non-empty list of validating admission policies.

If there are no policies:

apiVersion: v1
items:
- apiVersion: admissionregistration.k8s.io/v1
  kind: ValidatingAdmissionPolicyList
  metadata:
    resourceVersion: "3817"
kind: List
metadata:
  resourceVersion: ""

If there is at least one policy:

apiVersion: v1
items:
- apiVersion: admissionregistration.k8s.io/v1
  kind: ValidatingAdmissionPolicy
  ...
kind: List
metadata:
  resourceVersion: ""

What did you expect to happen?

If there are no validating admission policies, kubectl get validatingadmissionpolicies -o yaml is expected to output:

apiVersion: v1
items: []
kind: List
metadata:
  resourceVersion: ""

How can we reproduce it (as minimally and precisely as possible)?

Run kubectl get validatingadmissionpolicies -o yaml provided that there are no validating admission policies in the cluster.

Anything else we need to know?

No response

Kubernetes version

$ kubectl version
Client Version: v1.30.0
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.30.0

Cloud provider

bare-metal

OS version

# On Linux:
$ cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.1 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.1 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy
$ uname -a
Linux k8s-control-plane-1 5.15.0-50-generic kubernetes/kubernetes#56-Ubuntu SMP Tue Sep 20 13:23:26 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

Install tools

kubeadm

Container runtime (CRI) and version (if applicable)

containerd=1.6.12-0ubuntu1~22.04.3

Related plugins (CNI, CSI, ...) and versions (if applicable)

Calico v3.27.0
@ilia1243 ilia1243 added the kind/bug Categorizes issue or PR as related to a bug. label Apr 26, 2024
@k8s-ci-robot k8s-ci-robot added needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Apr 26, 2024
@k8s-ci-robot
Copy link
Contributor

This issue is currently awaiting triage.

If a SIG or subproject determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@neolit123
Copy link
Member

/sig cli

@k8s-ci-robot k8s-ci-robot added sig/cli Categorizes an issue or PR as relevant to SIG CLI. and removed needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Apr 26, 2024
@sftim
Copy link
Contributor

sftim commented Apr 26, 2024

/transfer kubectl

@k8s-ci-robot k8s-ci-robot transferred this issue from kubernetes/kubernetes Apr 26, 2024
@xyz-li
Copy link

xyz-li commented Apr 26, 2024
edited

Please assign this to me.
I think this is a bug of apiserver
kubectl get --raw /apis/admissionregistration.k8s.io/v1/validatingadmissionpolicies
{ "kind": "ValidatingAdmissionPolicyList", "apiVersion": "admissionregistration.k8s.io/v1", "metadata": { "resourceVersion": "30603" } }
kubectl get --raw /api/v1/nodes | jq .

{ "kind": "NodeList", "apiVersion": "v1", "metadata": { "resourceVersion": "30721" }, "items": [] }

@xyz-li
Copy link

xyz-li commented Apr 26, 2024

/assign

@sftim
Copy link
Contributor

sftim commented Apr 26, 2024

Could be 2 bugs, because kubectl shouldn't interpret a missing items as the parent JSON document.

@xyz-li xyz-li linked a pull request Apr 26, 2024 that will close this issue
Open
@xyz-li
Copy link

xyz-li commented Apr 26, 2024

This may be the cause. If there is no item fields, kubectl won't treat the response as a list.
https://github.com/kubernetes/kubernetes/blob/bae83009d36fc9729482404dddc3b03ab751f08e/staging/src/k8s.io/apimachinery/pkg/apis/meta/v1/unstructured/unstructured.go#L54C1-L61C2

@ardaguclu
Copy link
Member

I'm not sure it is a bug. But this seems to be coming from server side printing https://github.com/kubernetes/kubernetes/blob/d0e78ef70e954f0233cc2e917b7c85cb957d36cd/pkg/printers/internalversion/printers.go#L567-L583

@ardaguclu
Copy link
Member

I think this list printing mechanism https://github.com/kubernetes/kubernetes/blob/d0e78ef70e954f0233cc2e917b7c85cb957d36cd/pkg/printers/internalversion/printers.go#L1731-L1741 in server side printing is identical with the other resource type's list printing.
I don't think there is any bug in here.

/close

@k8s-ci-robot
Copy link
Contributor

@ardaguclu: Closing this issue.

In response to this:

I think this list printing mechanism https://github.com/kubernetes/kubernetes/blob/d0e78ef70e954f0233cc2e917b7c85cb957d36cd/pkg/printers/internalversion/printers.go#L1731-L1741 in server side printing is identical with the other resource type's list printing.
I don't think there is any bug in here.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@xyz-li
Copy link

xyz-li commented May 9, 2024
edited

I think this list printing mechanism https://github.com/kubernetes/kubernetes/blob/d0e78ef70e954f0233cc2e917b7c85cb957d36cd/pkg/printers/internalversion/printers.go#L1731-L1741 in server side printing is identical with the other resource type's list printing. I don't think there is any bug in here.

/close

@ardaguclu

Server side printing is OK.
But what happens if you get the YAML output of validatingadmissionpolicies?
When there is no validatingadmissionpolicie in the apiserver, the response kubectl miss the field "items" and the output is incorrect.
This is definitely a bug.

# kubectl get validatingadmissionpolicies -oyaml
apiVersion: v1
items:
- apiVersion: admissionregistration.k8s.io/v1
  kind: ValidatingAdmissionPolicyList
  metadata:
    resourceVersion: "39450"
kind: List
metadata:
  resourceVersion: ""

@ardaguclu
Copy link
Member

Could you please check the other list types and if there is any mismatch between them?. If there is any, I agree with you that this is a bug.

@xyz-li
Copy link

xyz-li commented May 9, 2024 

#kubectl get no -oyaml
apiVersion: v1
items: []
kind: List
metadata:
  resourceVersion: ""

#kubectl get po -oyaml
apiVersion: v1
items: []
kind: List
metadata:
  resourceVersion: ""


#kubectl get secret -oyaml
apiVersion: v1
items: []
kind: List
metadata:
  resourceVersion: ""

@ardaguclu
Copy link
Member

Thanks for the check.

/reopen

@k8s-ci-robot k8s-ci-robot reopened this May 9, 2024
@k8s-ci-robot
Copy link
Contributor

@ardaguclu: Reopened this issue.

In response to this:

Thanks for the check.

/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@xyz-li xyz-li

Labels
kind/bug Categorizes issue or PR as related to a bug. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. sig/cli Categorizes an issue or PR as relevant to SIG CLI.
Projects
SIG CLI
Status: In Progress
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

api: fix ValidatingAdmissionPolicyList json tag xyz-li/kubernetes
6 participants
@neolit123 @xyz-li @ilia1243 @ardaguclu @k8s-ci-robot @sftim