【Kubernetes】Strategic Merge Patchについてざっくり理解する

community/contributors/devel/sig-api-machinery/strategic-merge-patch.md at main · kubernetes/community

Kubernetes community content. Contribute to kubernetes/community development by creating an account on GitHub.

patchesStrategicMerge

Patch resources using the strategic merge patch standard.

Server Side Apply Is Great And You Should Be Using It

Server-side apply (SSA) has now been GA for a few releases, and I have found myself in a number of conversations, recommending that people / teams in various situations use it. So I’d like to write down some of those reasons. Obvious (and not-so-obvious) benefits of SSA A list of improvements / niceties you get from switching from various things to Server-side apply! Versus client-side-apply (that is, plain kubectl apply): The system gives you conflicts when you accidentally fight with another actor over the value of a field! When combined with --dry-run, there’s no chance of accidentally running a client-side dry run instead of a server side dry run. Versus hand-rolling patches: The SSA patch format is extremely natural to write, with no weird syntax. It’s just a regular object, but you can (and should) omit any field you don’t care about. The old patch format (“strategic merge patch”) was ad-hoc and still has some bugs; JSON-patch and JSON merge-patch fail to handle some cases that are common in the Kubernetes API, namely lists with items that should be recursively merged based on a “name” or other identifying field. There’s also now great go-language library support for building apply calls programmatically! You can use SSA to explicitly delete fields you don’t “own” by setting them to null, which makes it a feature-complete replacement for all of the old patch formats. Versus shelling out to kubectl: You can use the apply API call from any language without shelling out to kubectl! As stated above, the Go library has dedicated mechanisms to make this easy now. Versus GET-modify-PUT: (This one is more complicated and you can skip it if you've never written a controller!) To use GET-modify-PUT correctly, you have to handle and retry a write failure in the case that someone else has modified the object in any way between your GET and PUT. This is an “optimistic concurrency failure” when it happens. SSA offloads this task to the server– you only have to retry if there’s a conflict, and the conflicts you can get are all meaningful, like when you’re actually trying to take a field away from another actor in the system. To put it another way, if 10 actors do a GET-modify-PUT cycle at the same time, 9 will get an optimistic concurrency failure and have to retry, then 8, etc, for up to 50 total GET-PUT attempts in the worst case (that’s .5N^2 GET and PUT calls for N actors making simultaneous changes). If the actors are using SSA instead, and the changes don’t actually conflict over specific fields, then all the changes can go in in any order. Additionally, SSA changes can often be done without a GET call at all. That’s only N apply requests for N actors, which is a drastic improvement! How can I use SSA? Users Use kubectl apply --server-side! Soon we (SIG API Machinery) hope to make this the default and remove the “client side” apply completely!

kyaml is not respecting `$patch replace|retainKeys` directives · Issue #2037 · kubernetes-sigs/kustomize

tree: . ├── base │ ├── kafka.yaml │ └── kustomization.yaml └── overlays ├── kustomization.yaml ├── output.yaml └── patch.yaml base content: # kustomization.yaml resources: - kafka.yaml # kafka.yaml...

kustomize/kyaml/yaml/merge2/smpdirective.go at master · kubernetes-sigs/kustomize

Customization of kubernetes YAML configurations. Contribute to kubernetes-sigs/kustomize development by creating an account on GitHub.