Does Config Sync use Server-Side Apply?
robertomlsoares opened this issue · 4 comments
Hi! We're using the latest version of OSS Config Sync in our clusters, and I noticed that the objects applied in the cluster by Config Sync don't have the metadata.managedFields in their state.
Furthermore, I couldn't find any clear docs about SSA within Config Sync, e.g. if it's configurable, what's the default behaviour, etc. I did find this piece of code: https://github.com/GoogleContainerTools/kpt-config-sync/blob/main/pkg/applier/kpt_applier.go#L435, which seems to indicate that Config Sync does use SSA. But if this configuration is used for all applies issued by Config Sync, it just adds to my confusion due to the lack of metadata.managedFields in the applied objects.
Could anyone help shed some light on this? Thanks!
Yes, Config Sync use SSA.
When you look at the configuration, are you providing the --show-managed-fields=true flag to kubectl? By default kubectl hides the managed fields from the output.
For clarification, all the user objects (from git/helm/oci) are applied with SSA, but there are some other Config Sync components that use the standard GET/UPDATE flow.
For example, we just converted one of them (the reconciler Deployment) to SSA in #269, but others, like the ServiceAccount, Secrets, and [Cluster]RoleBinding used by each reconciler haven't been upgraded to use SSA yet.
If ensuring ALL objects use SSA is important to you, let us know, and why.
But if this configuration is used for all applies issued by Config Sync, it just adds to my confusion due to the lack of metadata.managedFields in the applied objects.
Which objects specifically are missing metadata.managedFields?
Hi all! Sorry for the delay in responding, I was OOO. @mortent that worked, thank you! I can see the managed fields when providing that flag. I think I missed this change in behaviour in different versions of kubectl, sorry for the false positive and thanks for the help.