Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Remove FieldSelector from non-namespaced resources #2190

Merged
merged 2 commits into from
Sep 12, 2023

Conversation

dgrisonnet
Copy link
Member

This PR takes over the initial work started by @mrueg in #2189 and fix the additional cluster-scoped resources that were missing.

What this PR does / why we need it:

This should resolve the issue with namespace-denylist as discovered in #2187

Regression introduced in c3c5528

I'm not sure if the fix is complete or other resources are affected. I'm also not sure if this is the right fix or we should simply keep the field selector but fail if the field doesn't exist.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #2187

mrueg and others added 2 commits September 12, 2023 09:34
This should resolve the issue with namespace-denylist as discovered in kubernetes#2187

Regression introduced in kubernetes@c3c5528

Signed-off-by: Manuel Rüger <manuel@rueg.eu>
Signed-off-by: Damien Grisonnet <dgrisonn@redhat.com>
@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Sep 12, 2023
@k8s-ci-robot k8s-ci-robot added the needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. label Sep 12, 2023
@k8s-ci-robot
Copy link
Contributor

This issue is currently awaiting triage.

If kube-state-metrics contributors determine this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Sep 12, 2023
@dgrisonnet
Copy link
Member Author

For reference, the list of cluster-scoped resources in a cluster can be gathered by running:

{ for api in $(k get --raw /apis | jq -r '.groups[].preferredVersion.groupVersion') ; do k get --raw /apis/$api | jq '.resources[] | select(.namespaced == false) | select(.name | test("^\\w+$")) | .kind' ; done & k get --raw /api/v1 | jq '.resources[] | select(.namespaced == false) | select(.name | test("^\\w+$")) | .kind' } | sort | uniq

which in a simple kind cluster yields:

"APIService"
"CertificateSigningRequest"
"ClusterRole"
"ClusterRoleBinding"
"ComponentStatus"
"CSIDriver"
"CSINode"
"CustomResourceDefinition"
"FlowSchema"
"IngressClass"
"MutatingWebhookConfiguration"
"Namespace"
"Node"
"PersistentVolume"
"PriorityClass"
"PriorityLevelConfiguration"
"RuntimeClass"
"SelfSubjectAccessReview"
"SelfSubjectReview"
"SelfSubjectRulesReview"
"StorageClass"
"SubjectAccessReview"
"TokenReview"
"ValidatingWebhookConfiguration"
"VolumeAttachment

@mrueg
Copy link
Member

mrueg commented Sep 12, 2023

Thanks for taking over!

/lgtm

/hold

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 12, 2023
@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 12, 2023
@rexagod
Copy link
Member

rexagod commented Sep 12, 2023

(owing to @dgrisonnet's neat one-liner above) I can see that all kinds supported in KSM from the listed pool have been addressed. Kudos for swift patch, @mrueg and @dgrisonnet!

/lgtm

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dgrisonnet, mrueg, rexagod

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [dgrisonnet,mrueg,rexagod]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@rexagod
Copy link
Member

rexagod commented Sep 12, 2023

/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 12, 2023
@k8s-ci-robot k8s-ci-robot merged commit 76f42c1 into kubernetes:main Sep 12, 2023
@zombar
Copy link

zombar commented Sep 28, 2023

Any ideas as to a timeframe when this will be included in a release?

This issue would manifest as an unpleasant surprise to those that are blindly upgrading their clusters as 'watch' and 'get' actions for any non-namespaced resources will fail due to API validation.

The issue manifests itself as a fairly innocent log entry:

E0928 09:10:20.987352       1 reflector.go:148] pkg/mod/k8s.io/client-go@v0.27.5/tools/cache/reflector.go:231: Failed to watch *v1.Node: failed to list *v1.Node: field label not supported: metadata.namespace

But in this case we would receive no related node metrics at all.

PersistentVolumes are also cluster scoped resources and KSM produces metrics from those resources that are useful to all so I might be tempted to get this fix out sooner rather than later.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Argument namespaces-denylist produces an error with v2.10.0
5 participants