0.28.0 regression on big environments

[fculpo]

Starting with 0.28.0, diffing or applying a big environment renders yaml objects on stdout and get stuck.
Need to Ctrl-C to get back to prompt.

> tk apply environments/envX/monitoring/prometheus/main.jsonnet

...[lots of objects]...

---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  labels:
    app.kubernetes.io/component: prometheus
    app.kubernetes.io/instance: k8s
    app.kubernetes.io/name: prometheus
    app.kubernetes.io/part-of: kube-prometheus
    app.kubernetes.io/version: 2.46.0
    tanka.dev/environment: 8c60c9becc8f74d7314b2175a3f9b7c76812ff0644cb03e2
  name: prometheus-k8s
  namespace: monitoring
spec:
  endpoints:
  - interval: 30s
    port: web
  - interval: 30s
    port: reloader-web
  selector:
    matchLabels:
      app.kubernetes.io/component: prometheus
      app.kubernetes.io/instance: k8s
      app.kubernetes.io/name: prometheus
      app.kubernetes.io/part-of: kube-prometheus
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/name: prometheus-operator
    app.kubernetes.io/part-of: kube-prometheus
    app.kubernetes.io/version: 0.67.1
    tanka.dev/environment: 8c60c9becc8f74d7314b2175a3f9b7c76812ff0644cb03e2
  name: prometheus-operator
  namespace: monitoring
spec:
  endpoints:
  - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
    honorLabels: true
    port: https
    scheme: https
    tlsConfig:
      insecureSkipVerify: true
  selector:
    matchLabels:
      app.kubernetes.io/component: controller
      app.kubernetes.io/name: prometheus-operator
      app.kubernetes.io/part-of: kube-prometheus
      app.kubernetes.io/version: 0.67.1

^C <- stuck here, needs Ctrl-C

"Smaller" envs works fine

[zerok]

Hi :) Do you perhaps have a complete example that would could use to reproduce this issue? From what version were you updating?

[fculpo]

We have a lot of sensitive infos in this env, hard to share the actual jsonnet code.

I think repro could be done via a custom env rendering a lot of objects, I will try to create one with big loops.

[zerok]

Thank you :) That's what I meant to suggest and not your production environment 🙂

[fculpo]

main.jsonnet

local k = import 'k.libsonnet';
local role = k.rbac.v1.role;
local roleBinding = k.rbac.v1.roleBinding;
local policyRule = k.rbac.v1.policyRule;
local configMap = k.core.v1.configMap;

local namespace = 'monitoring';

{
  roles:
    [
      role.new('repro-role-' + i) +
      role.metadata.withNamespace(namespace) +
      role.withRules([
        policyRule.withApiGroups([''])
        + policyRule.withResources(['pods/portforward'])
        + policyRule.withVerbs(['create']),
        policyRule.withApiGroups([''])
        + policyRule.withResources(['pods', 'services'])
        + policyRule.withVerbs(['get', 'list']),
      ])
      for i in std.range(0, 100)
    ],

  roleBindings:
    [
      roleBinding.new('repro-rolebinding-' + i) +
      roleBinding.metadata.withNamespace(namespace) +
      roleBinding.bindRole($.roles[i]) +
      roleBinding.withSubjects([
        {
          kind: 'Group',
          name: 'repro',
        },
      ])
      for i in std.range(0, 100)
    ],

  configmaps: [
    configMap.new('repro-cm' + i) +
    configMap.metadata.withNamespace(namespace) +
    configMap.withData({
      'data.yaml': importstr 'data.yaml',
    })
    for i in std.range(0, 100)
  ],
}

data.yaml

apiVersion: monitoring.coreos.com/v1alpha1
kind: AlertmanagerConfig
metadata:
  name: alertmanager
  namespace: monitoring
  labels:
    config: alertmanager
spec:
  inhibitRules:
    - equal:
        - namespace
      sourceMatch:
        - name: alertname
          value: InfoInhibitor
      targetMatch:
        - name: severity
          value: info
    - equal:
        - severity
      sourceMatch:
        - name: alertname
          value: KubeAggregatedAPIErrors
      targetMatch:
        - name: alertname
          value: SealedSecretsUnsealErrorHigh
  route:
    groupBy: ["namespace", "severity", "alertname", "cluster"]
    groupWait: 30s
    groupInterval: 5m
    repeatInterval: 1h
    receiver: default
    routes:
      - receiver: watchdog
        matchers:
          - name: alertname
            value: Watchdog
        repeatInterval: 5m
        groupWait: 0s
        groupInterval: 1m
      - receiver: "null"
        matchers:
          - name: alertname
            value: InfoInhibitor
  receivers:
    - name: "null"

output:

> tk-0.28 apply environments/dw/monitoring/repro/main.jsonnet

...[lots of objects]...
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  labels:
    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
  name: repro-rolebinding-98
  namespace: monitoring
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: repro-role-98
subjects:
- kind: Group
  name: repro
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  labels:
    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
  name: repro-rolebinding-99
  namespace: monitoring
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: repro-role-99
subjects:
- kind: Group
  name: repro

^C

[fculpo]

Same repro with 0.27.1 properly pass through kubectl and get an actual diff

[fculpo]

0.28.0 output with range(0,5) instead range(0,100):

Still lots of yaml objects on stdout but diff goes through, and I can apply

...
Still ...[lots of yaml objects on stdout]...
...
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  labels:
    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
  name: repro-rolebinding-5
  namespace: monitoring
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: repro-role-5
subjects:
- kind: Group
  name: repro

diff -u -N /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-1318863847/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-0 /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2050750940/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-0
--- /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-1318863847/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-0  2024-09-03 10:13:53
+++ /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2050750940/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-0        2024-09-03 10:13:53
@@ -0,0 +1,24 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  creationTimestamp: "2024-09-03T08:13:53Z"
+  labels:
+    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
+  name: repro-role-0
+  namespace: monitoring
+  uid: 6d0e45ff-2bad-49f9-8dc4-15c20be76c29
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods/portforward
+  verbs:
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - services
+  verbs:
+  - get
+  - list
diff -u -N /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-1318863847/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-1 /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2050750940/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-1
--- /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-1318863847/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-1  2024-09-03 10:13:53
+++ /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2050750940/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-1        2024-09-03 10:13:53
@@ -0,0 +1,24 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  creationTimestamp: "2024-09-03T08:13:53Z"
+  labels:
+    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
+  name: repro-role-1
+  namespace: monitoring
+  uid: 9a1b248b-d3e9-4620-8944-cfbe381199ee
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods/portforward
+  verbs:
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - services
+  verbs:
+  - get
+  - list
diff -u -N /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-1318863847/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-2 /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2050750940/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-2
--- /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-1318863847/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-2  2024-09-03 10:13:53
+++ /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2050750940/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-2        2024-09-03 10:13:53
@@ -0,0 +1,24 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  creationTimestamp: "2024-09-03T08:13:53Z"
+  labels:
+    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
+  name: repro-role-2
+  namespace: monitoring
+  uid: 07931ba3-af0b-48c5-9490-3543dd4f3325
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods/portforward
+  verbs:
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - services
+  verbs:
+  - get
+  - list
diff -u -N /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-1318863847/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-3 /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2050750940/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-3
--- /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-1318863847/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-3  2024-09-03 10:13:53
+++ /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2050750940/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-3        2024-09-03 10:13:53
@@ -0,0 +1,24 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  creationTimestamp: "2024-09-03T08:13:53Z"
+  labels:
+    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
+  name: repro-role-3
+  namespace: monitoring
+  uid: f12f2f3c-a716-4eb9-b798-807466526335
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods/portforward
+  verbs:
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - services
+  verbs:
+  - get
+  - list
diff -u -N /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-1318863847/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-4 /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2050750940/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-4
--- /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-1318863847/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-4  2024-09-03 10:13:54
+++ /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2050750940/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-4        2024-09-03 10:13:54
@@ -0,0 +1,24 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  creationTimestamp: "2024-09-03T08:13:54Z"
+  labels:
+    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
+  name: repro-role-4
+  namespace: monitoring
+  uid: 48a35b8e-1ba7-40d4-8f70-f3ca3130704f
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods/portforward
+  verbs:
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - services
+  verbs:
+  - get
+  - list
diff -u -N /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-1318863847/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-5 /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2050750940/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-5
--- /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-1318863847/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-5  2024-09-03 10:13:54
+++ /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2050750940/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-5        2024-09-03 10:13:54
@@ -0,0 +1,24 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  creationTimestamp: "2024-09-03T08:13:54Z"
+  labels:
+    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
+  name: repro-role-5
+  namespace: monitoring
+  uid: bf472c49-ba6c-4a26-bdad-41921b19e4d8
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods/portforward
+  verbs:
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - services
+  verbs:
+  - get
+  - list
diff -u -N /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-1318863847/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-0 /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2050750940/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-0
--- /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-1318863847/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-0    2024-09-03 10:13:54
+++ /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2050750940/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-0  2024-09-03 10:13:54
@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  creationTimestamp: "2024-09-03T08:13:54Z"
+  labels:
+    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
+  name: repro-rolebinding-0
+  namespace: monitoring
+  uid: 3f552ab1-7b37-48f6-a7e9-70faddddb79f
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: repro-role-0
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: Group
+  name: repro
diff -u -N /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-1318863847/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-1 /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2050750940/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-1
--- /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-1318863847/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-1    2024-09-03 10:13:54
+++ /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2050750940/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-1  2024-09-03 10:13:54
@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  creationTimestamp: "2024-09-03T08:13:54Z"
+  labels:
+    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
+  name: repro-rolebinding-1
+  namespace: monitoring
+  uid: 0582cd52-aa30-4105-95f5-f42c755c61a5
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: repro-role-1
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: Group
+  name: repro
diff -u -N /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-1318863847/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-2 /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2050750940/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-2
--- /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-1318863847/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-2    2024-09-03 10:13:54
+++ /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2050750940/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-2  2024-09-03 10:13:54
@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  creationTimestamp: "2024-09-03T08:13:54Z"
+  labels:
+    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
+  name: repro-rolebinding-2
+  namespace: monitoring
+  uid: 72d34db2-099d-4c49-bc3d-93140829771b
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: repro-role-2
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: Group
+  name: repro
diff -u -N /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-1318863847/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-3 /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2050750940/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-3
--- /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-1318863847/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-3    2024-09-03 10:13:55
+++ /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2050750940/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-3  2024-09-03 10:13:55
@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  creationTimestamp: "2024-09-03T08:13:55Z"
+  labels:
+    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
+  name: repro-rolebinding-3
+  namespace: monitoring
+  uid: 21bc497d-50a4-4be5-abbe-b8dd32ab34bf
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: repro-role-3
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: Group
+  name: repro
diff -u -N /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-1318863847/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-4 /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2050750940/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-4
--- /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-1318863847/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-4    2024-09-03 10:13:55
+++ /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2050750940/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-4  2024-09-03 10:13:55
@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  creationTimestamp: "2024-09-03T08:13:55Z"
+  labels:
+    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
+  name: repro-rolebinding-4
+  namespace: monitoring
+  uid: 1e18ebca-2135-4eda-81f3-973ac002dbbb
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: repro-role-4
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: Group
+  name: repro
diff -u -N /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-1318863847/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-5 /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2050750940/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-5
--- /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-1318863847/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-5    2024-09-03 10:13:55
+++ /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2050750940/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-5  2024-09-03 10:13:55
@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  creationTimestamp: "2024-09-03T08:13:55Z"
+  labels:
+    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
+  name: repro-rolebinding-5
+  namespace: monitoring
+  uid: e22b2afb-d036-41e4-a0f8-17604e6c5f42
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: repro-role-5
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: Group
+  name: repro
diff -u -N /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-1318863847/v1.ConfigMap.monitoring.repro-cm0 /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2050750940/v1.ConfigMap.monitoring.repro-cm0
--- /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-1318863847/v1.ConfigMap.monitoring.repro-cm0  2024-09-03 10:13:52
+++ /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2050750940/v1.ConfigMap.monitoring.repro-cm0        2024-09-03 10:13:52
@@ -0,0 +1,56 @@
+apiVersion: v1
+data:
+  data.yaml: |
+    apiVersion: monitoring.coreos.com/v1alpha1
+    kind: AlertmanagerConfig
+    metadata:
+      name: alertmanager
+      namespace: monitoring
+      labels:
+        config: alertmanager
+    spec:
+      inhibitRules:
+        - equal:
+            - namespace
+          sourceMatch:
+            - name: alertname
+              value: InfoInhibitor
+          targetMatch:
+            - name: severity
+              value: info
+        - equal:
+            - severity
+          sourceMatch:
+            - name: alertname
+              value: KubeAggregatedAPIErrors
+          targetMatch:
+            - name: alertname
+              value: SealedSecretsUnsealErrorHigh
+      route:
+        groupBy: ["namespace", "severity", "alertname", "cluster"]
+        groupWait: 30s
+        groupInterval: 5m
+        repeatInterval: 1h
+        receiver: default
+        routes:
+          - receiver: watchdog
+            matchers:
+              - name: alertname
+                value: Watchdog
+            repeatInterval: 5m
+            groupWait: 0s
+            groupInterval: 1m
+          - receiver: "null"
+            matchers:
+              - name: alertname
+                value: InfoInhibitor
+      receivers:
+        - name: "null"
+kind: ConfigMap
+metadata:
+  creationTimestamp: "2024-09-03T08:13:52Z"
+  labels:
+    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
+  name: repro-cm0
+  namespace: monitoring
+  uid: e52bc418-32bd-4444-b0c4-e258edec90fe
diff -u -N /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-1318863847/v1.ConfigMap.monitoring.repro-cm1 /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2050750940/v1.ConfigMap.monitoring.repro-cm1
--- /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-1318863847/v1.ConfigMap.monitoring.repro-cm1  2024-09-03 10:13:52
+++ /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2050750940/v1.ConfigMap.monitoring.repro-cm1        2024-09-03 10:13:52
@@ -0,0 +1,56 @@
+apiVersion: v1
+data:
+  data.yaml: |
+    apiVersion: monitoring.coreos.com/v1alpha1
+    kind: AlertmanagerConfig
+    metadata:
+      name: alertmanager
+      namespace: monitoring
+      labels:
+        config: alertmanager
+    spec:
+      inhibitRules:
+        - equal:
+            - namespace
+          sourceMatch:
+            - name: alertname
+              value: InfoInhibitor
+          targetMatch:
+            - name: severity
+              value: info
+        - equal:
+            - severity
+          sourceMatch:
+            - name: alertname
+              value: KubeAggregatedAPIErrors
+          targetMatch:
+            - name: alertname
+              value: SealedSecretsUnsealErrorHigh
+      route:
+        groupBy: ["namespace", "severity", "alertname", "cluster"]
+        groupWait: 30s
+        groupInterval: 5m
+        repeatInterval: 1h
+        receiver: default
+        routes:
+          - receiver: watchdog
+            matchers:
+              - name: alertname
+                value: Watchdog
+            repeatInterval: 5m
+            groupWait: 0s
+            groupInterval: 1m
+          - receiver: "null"
+            matchers:
+              - name: alertname
+                value: InfoInhibitor
+      receivers:
+        - name: "null"
+kind: ConfigMap
+metadata:
+  creationTimestamp: "2024-09-03T08:13:52Z"
+  labels:
+    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
+  name: repro-cm1
+  namespace: monitoring
+  uid: 0d8f17b3-3a80-48ee-8e87-c65986ebabdd
diff -u -N /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-1318863847/v1.ConfigMap.monitoring.repro-cm2 /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2050750940/v1.ConfigMap.monitoring.repro-cm2
--- /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-1318863847/v1.ConfigMap.monitoring.repro-cm2  2024-09-03 10:13:52
+++ /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2050750940/v1.ConfigMap.monitoring.repro-cm2        2024-09-03 10:13:52
@@ -0,0 +1,56 @@
+apiVersion: v1
+data:
+  data.yaml: |
+    apiVersion: monitoring.coreos.com/v1alpha1
+    kind: AlertmanagerConfig
+    metadata:
+      name: alertmanager
+      namespace: monitoring
+      labels:
+        config: alertmanager
+    spec:
+      inhibitRules:
+        - equal:
+            - namespace
+          sourceMatch:
+            - name: alertname
+              value: InfoInhibitor
+          targetMatch:
+            - name: severity
+              value: info
+        - equal:
+            - severity
+          sourceMatch:
+            - name: alertname
+              value: KubeAggregatedAPIErrors
+          targetMatch:
+            - name: alertname
+              value: SealedSecretsUnsealErrorHigh
+      route:
+        groupBy: ["namespace", "severity", "alertname", "cluster"]
+        groupWait: 30s
+        groupInterval: 5m
+        repeatInterval: 1h
+        receiver: default
+        routes:
+          - receiver: watchdog
+            matchers:
+              - name: alertname
+                value: Watchdog
+            repeatInterval: 5m
+            groupWait: 0s
+            groupInterval: 1m
+          - receiver: "null"
+            matchers:
+              - name: alertname
+                value: InfoInhibitor
+      receivers:
+        - name: "null"
+kind: ConfigMap
+metadata:
+  creationTimestamp: "2024-09-03T08:13:52Z"
+  labels:
+    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
+  name: repro-cm2
+  namespace: monitoring
+  uid: 464bd67c-0419-425a-9ce4-9d4e56ec98ee
diff -u -N /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-1318863847/v1.ConfigMap.monitoring.repro-cm3 /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2050750940/v1.ConfigMap.monitoring.repro-cm3
--- /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-1318863847/v1.ConfigMap.monitoring.repro-cm3  2024-09-03 10:13:52
+++ /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2050750940/v1.ConfigMap.monitoring.repro-cm3        2024-09-03 10:13:52
@@ -0,0 +1,56 @@
+apiVersion: v1
+data:
+  data.yaml: |
+    apiVersion: monitoring.coreos.com/v1alpha1
+    kind: AlertmanagerConfig
+    metadata:
+      name: alertmanager
+      namespace: monitoring
+      labels:
+        config: alertmanager
+    spec:
+      inhibitRules:
+        - equal:
+            - namespace
+          sourceMatch:
+            - name: alertname
+              value: InfoInhibitor
+          targetMatch:
+            - name: severity
+              value: info
+        - equal:
+            - severity
+          sourceMatch:
+            - name: alertname
+              value: KubeAggregatedAPIErrors
+          targetMatch:
+            - name: alertname
+              value: SealedSecretsUnsealErrorHigh
+      route:
+        groupBy: ["namespace", "severity", "alertname", "cluster"]
+        groupWait: 30s
+        groupInterval: 5m
+        repeatInterval: 1h
+        receiver: default
+        routes:
+          - receiver: watchdog
+            matchers:
+              - name: alertname
+                value: Watchdog
+            repeatInterval: 5m
+            groupWait: 0s
+            groupInterval: 1m
+          - receiver: "null"
+            matchers:
+              - name: alertname
+                value: InfoInhibitor
+      receivers:
+        - name: "null"
+kind: ConfigMap
+metadata:
+  creationTimestamp: "2024-09-03T08:13:52Z"
+  labels:
+    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
+  name: repro-cm3
+  namespace: monitoring
+  uid: 045c6ee3-3310-462a-a181-5d0e231ae445
diff -u -N /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-1318863847/v1.ConfigMap.monitoring.repro-cm4 /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2050750940/v1.ConfigMap.monitoring.repro-cm4
--- /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-1318863847/v1.ConfigMap.monitoring.repro-cm4  2024-09-03 10:13:53
+++ /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2050750940/v1.ConfigMap.monitoring.repro-cm4        2024-09-03 10:13:53
@@ -0,0 +1,56 @@
+apiVersion: v1
+data:
+  data.yaml: |
+    apiVersion: monitoring.coreos.com/v1alpha1
+    kind: AlertmanagerConfig
+    metadata:
+      name: alertmanager
+      namespace: monitoring
+      labels:
+        config: alertmanager
+    spec:
+      inhibitRules:
+        - equal:
+            - namespace
+          sourceMatch:
+            - name: alertname
+              value: InfoInhibitor
+          targetMatch:
+            - name: severity
+              value: info
+        - equal:
+            - severity
+          sourceMatch:
+            - name: alertname
+              value: KubeAggregatedAPIErrors
+          targetMatch:
+            - name: alertname
+              value: SealedSecretsUnsealErrorHigh
+      route:
+        groupBy: ["namespace", "severity", "alertname", "cluster"]
+        groupWait: 30s
+        groupInterval: 5m
+        repeatInterval: 1h
+        receiver: default
+        routes:
+          - receiver: watchdog
+            matchers:
+              - name: alertname
+                value: Watchdog
+            repeatInterval: 5m
+            groupWait: 0s
+            groupInterval: 1m
+          - receiver: "null"
+            matchers:
+              - name: alertname
+                value: InfoInhibitor
+      receivers:
+        - name: "null"
+kind: ConfigMap
+metadata:
+  creationTimestamp: "2024-09-03T08:13:53Z"
+  labels:
+    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
+  name: repro-cm4
+  namespace: monitoring
+  uid: b6cf4f41-b1d9-40ae-bbec-4f3ab782bfca
diff -u -N /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-1318863847/v1.ConfigMap.monitoring.repro-cm5 /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2050750940/v1.ConfigMap.monitoring.repro-cm5
--- /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-1318863847/v1.ConfigMap.monitoring.repro-cm5  2024-09-03 10:13:53
+++ /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2050750940/v1.ConfigMap.monitoring.repro-cm5        2024-09-03 10:13:53
@@ -0,0 +1,56 @@
+apiVersion: v1
+data:
+  data.yaml: |
+    apiVersion: monitoring.coreos.com/v1alpha1
+    kind: AlertmanagerConfig
+    metadata:
+      name: alertmanager
+      namespace: monitoring
+      labels:
+        config: alertmanager
+    spec:
+      inhibitRules:
+        - equal:
+            - namespace
+          sourceMatch:
+            - name: alertname
+              value: InfoInhibitor
+          targetMatch:
+            - name: severity
+              value: info
+        - equal:
+            - severity
+          sourceMatch:
+            - name: alertname
+              value: KubeAggregatedAPIErrors
+          targetMatch:
+            - name: alertname
+              value: SealedSecretsUnsealErrorHigh
+      route:
+        groupBy: ["namespace", "severity", "alertname", "cluster"]
+        groupWait: 30s
+        groupInterval: 5m
+        repeatInterval: 1h
+        receiver: default
+        routes:
+          - receiver: watchdog
+            matchers:
+              - name: alertname
+                value: Watchdog
+            repeatInterval: 5m
+            groupWait: 0s
+            groupInterval: 1m
+          - receiver: "null"
+            matchers:
+              - name: alertname
+                value: InfoInhibitor
+      receivers:
+        - name: "null"
+kind: ConfigMap
+metadata:
+  creationTimestamp: "2024-09-03T08:13:53Z"
+  labels:
+    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
+  name: repro-cm5
+  namespace: monitoring
+  uid: d7608f7a-c87b-4ad6-9397-c280ab068032

Applying to namespace 'monitoring' of cluster 'xxx-monitoring' at 'https://xxx.net/-/kubernetes-agent/k8s-proxy' using context 'xxx-monitoring'.
Please type 'yes' to confirm: 

[fculpo]

0.28.0 with range(0,1) (small env)

❯ tk-0.28 apply environments/dw/monitoring/repro/main.jsonnet

apiVersion: v1
data:
  data.yaml: |
    apiVersion: monitoring.coreos.com/v1alpha1
    kind: AlertmanagerConfig
    metadata:
      name: alertmanager
      namespace: monitoring
      labels:
        config: alertmanager
    spec:
      inhibitRules:
        - equal:
            - namespace
          sourceMatch:
            - name: alertname
              value: InfoInhibitor
          targetMatch:
            - name: severity
              value: info
        - equal:
            - severity
          sourceMatch:
            - name: alertname
              value: KubeAggregatedAPIErrors
          targetMatch:
            - name: alertname
              value: SealedSecretsUnsealErrorHigh
      route:
        groupBy: ["namespace", "severity", "alertname", "cluster"]
        groupWait: 30s
        groupInterval: 5m
        repeatInterval: 1h
        receiver: default
        routes:
          - receiver: watchdog
            matchers:
              - name: alertname
                value: Watchdog
            repeatInterval: 5m
            groupWait: 0s
            groupInterval: 1m
          - receiver: "null"
            matchers:
              - name: alertname
                value: InfoInhibitor
      receivers:
        - name: "null"
kind: ConfigMap
metadata:
  labels:
    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
  name: repro-cm0
  namespace: monitoring
---
apiVersion: v1
data:
  data.yaml: |
    apiVersion: monitoring.coreos.com/v1alpha1
    kind: AlertmanagerConfig
    metadata:
      name: alertmanager
      namespace: monitoring
      labels:
        config: alertmanager
    spec:
      inhibitRules:
        - equal:
            - namespace
          sourceMatch:
            - name: alertname
              value: InfoInhibitor
          targetMatch:
            - name: severity
              value: info
        - equal:
            - severity
          sourceMatch:
            - name: alertname
              value: KubeAggregatedAPIErrors
          targetMatch:
            - name: alertname
              value: SealedSecretsUnsealErrorHigh
      route:
        groupBy: ["namespace", "severity", "alertname", "cluster"]
        groupWait: 30s
        groupInterval: 5m
        repeatInterval: 1h
        receiver: default
        routes:
          - receiver: watchdog
            matchers:
              - name: alertname
                value: Watchdog
            repeatInterval: 5m
            groupWait: 0s
            groupInterval: 1m
          - receiver: "null"
            matchers:
              - name: alertname
                value: InfoInhibitor
      receivers:
        - name: "null"
kind: ConfigMap
metadata:
  labels:
    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
  name: repro-cm1
  namespace: monitoring
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  labels:
    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
  name: repro-role-0
  namespace: monitoring
rules:
- apiGroups:
  - ""
  resources:
  - pods/portforward
  verbs:
  - create
- apiGroups:
  - ""
  resources:
  - pods
  - services
  verbs:
  - get
  - list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  labels:
    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
  name: repro-role-1
  namespace: monitoring
rules:
- apiGroups:
  - ""
  resources:
  - pods/portforward
  verbs:
  - create
- apiGroups:
  - ""
  resources:
  - pods
  - services
  verbs:
  - get
  - list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  labels:
    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
  name: repro-rolebinding-0
  namespace: monitoring
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: repro-role-0
subjects:
- kind: Group
  name: repro
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  labels:
    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
  name: repro-rolebinding-1
  namespace: monitoring
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: repro-role-1
subjects:
- kind: Group
  name: repro

diff -u -N /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-2777913305/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-0 /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-1501629453/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-0
--- /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-2777913305/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-0  2024-09-03 10:17:51
+++ /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-1501629453/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-0        2024-09-03 10:17:51
@@ -0,0 +1,24 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  creationTimestamp: "2024-09-03T08:17:51Z"
+  labels:
+    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
+  name: repro-role-0
+  namespace: monitoring
+  uid: a613b1e0-823f-4485-96da-ef9b17ed575c
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods/portforward
+  verbs:
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - services
+  verbs:
+  - get
+  - list
diff -u -N /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-2777913305/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-1 /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-1501629453/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-1
--- /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-2777913305/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-1  2024-09-03 10:17:51
+++ /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-1501629453/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-1        2024-09-03 10:17:51
@@ -0,0 +1,24 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  creationTimestamp: "2024-09-03T08:17:51Z"
+  labels:
+    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
+  name: repro-role-1
+  namespace: monitoring
+  uid: c7a9e649-9011-44f7-9a9a-b7bff85de74d
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods/portforward
+  verbs:
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - services
+  verbs:
+  - get
+  - list
diff -u -N /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-2777913305/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-0 /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-1501629453/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-0
--- /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-2777913305/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-0    2024-09-03 10:17:51
+++ /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-1501629453/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-0  2024-09-03 10:17:51
@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  creationTimestamp: "2024-09-03T08:17:51Z"
+  labels:
+    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
+  name: repro-rolebinding-0
+  namespace: monitoring
+  uid: 2499f2ec-37d8-4680-b950-9bf4f5cd1271
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: repro-role-0
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: Group
+  name: repro
diff -u -N /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-2777913305/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-1 /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-1501629453/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-1
--- /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-2777913305/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-1    2024-09-03 10:17:51
+++ /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-1501629453/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-1  2024-09-03 10:17:51
@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  creationTimestamp: "2024-09-03T08:17:51Z"
+  labels:
+    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
+  name: repro-rolebinding-1
+  namespace: monitoring
+  uid: 9c0df761-68c3-4374-8d8e-9a858f157665
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: repro-role-1
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: Group
+  name: repro
diff -u -N /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-2777913305/v1.ConfigMap.monitoring.repro-cm0 /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-1501629453/v1.ConfigMap.monitoring.repro-cm0
--- /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-2777913305/v1.ConfigMap.monitoring.repro-cm0  2024-09-03 10:17:50
+++ /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-1501629453/v1.ConfigMap.monitoring.repro-cm0        2024-09-03 10:17:50
@@ -0,0 +1,56 @@
+apiVersion: v1
+data:
+  data.yaml: |
+    apiVersion: monitoring.coreos.com/v1alpha1
+    kind: AlertmanagerConfig
+    metadata:
+      name: alertmanager
+      namespace: monitoring
+      labels:
+        config: alertmanager
+    spec:
+      inhibitRules:
+        - equal:
+            - namespace
+          sourceMatch:
+            - name: alertname
+              value: InfoInhibitor
+          targetMatch:
+            - name: severity
+              value: info
+        - equal:
+            - severity
+          sourceMatch:
+            - name: alertname
+              value: KubeAggregatedAPIErrors
+          targetMatch:
+            - name: alertname
+              value: SealedSecretsUnsealErrorHigh
+      route:
+        groupBy: ["namespace", "severity", "alertname", "cluster"]
+        groupWait: 30s
+        groupInterval: 5m
+        repeatInterval: 1h
+        receiver: default
+        routes:
+          - receiver: watchdog
+            matchers:
+              - name: alertname
+                value: Watchdog
+            repeatInterval: 5m
+            groupWait: 0s
+            groupInterval: 1m
+          - receiver: "null"
+            matchers:
+              - name: alertname
+                value: InfoInhibitor
+      receivers:
+        - name: "null"
+kind: ConfigMap
+metadata:
+  creationTimestamp: "2024-09-03T08:17:50Z"
+  labels:
+    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
+  name: repro-cm0
+  namespace: monitoring
+  uid: 15f4a0a0-9b12-45bb-910c-9feec630c812
diff -u -N /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-2777913305/v1.ConfigMap.monitoring.repro-cm1 /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-1501629453/v1.ConfigMap.monitoring.repro-cm1
--- /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-2777913305/v1.ConfigMap.monitoring.repro-cm1  2024-09-03 10:17:50
+++ /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-1501629453/v1.ConfigMap.monitoring.repro-cm1        2024-09-03 10:17:50
@@ -0,0 +1,56 @@
+apiVersion: v1
+data:
+  data.yaml: |
+    apiVersion: monitoring.coreos.com/v1alpha1
+    kind: AlertmanagerConfig
+    metadata:
+      name: alertmanager
+      namespace: monitoring
+      labels:
+        config: alertmanager
+    spec:
+      inhibitRules:
+        - equal:
+            - namespace
+          sourceMatch:
+            - name: alertname
+              value: InfoInhibitor
+          targetMatch:
+            - name: severity
+              value: info
+        - equal:
+            - severity
+          sourceMatch:
+            - name: alertname
+              value: KubeAggregatedAPIErrors
+          targetMatch:
+            - name: alertname
+              value: SealedSecretsUnsealErrorHigh
+      route:
+        groupBy: ["namespace", "severity", "alertname", "cluster"]
+        groupWait: 30s
+        groupInterval: 5m
+        repeatInterval: 1h
+        receiver: default
+        routes:
+          - receiver: watchdog
+            matchers:
+              - name: alertname
+                value: Watchdog
+            repeatInterval: 5m
+            groupWait: 0s
+            groupInterval: 1m
+          - receiver: "null"
+            matchers:
+              - name: alertname
+                value: InfoInhibitor
+      receivers:
+        - name: "null"
+kind: ConfigMap
+metadata:
+  creationTimestamp: "2024-09-03T08:17:50Z"
+  labels:
+    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
+  name: repro-cm1
+  namespace: monitoring
+  uid: b1fc534a-dec9-46ce-83b5-3cfb0e571d61

Applying to namespace 'monitoring' of cluster 'dw-monitoring' at 'https://xxx.net/-/kubernetes-agent/k8s-proxy' using context 'dw-monitoring'.
Please type 'yes' to confirm: 

0.27.1 with range(0,1)

❯ tk apply environments/dw/monitoring/repro/main.jsonnet
diff -u -N /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-528423508/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-0 /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2241350218/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-0
--- /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-528423508/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-0   2024-09-03 10:18:38
+++ /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2241350218/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-0        2024-09-03 10:18:38
@@ -0,0 +1,24 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  creationTimestamp: "2024-09-03T08:18:38Z"
+  labels:
+    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
+  name: repro-role-0
+  namespace: monitoring
+  uid: 6e47012e-fa5f-4975-ba52-8d1d0f58d513
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods/portforward
+  verbs:
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - services
+  verbs:
+  - get
+  - list
diff -u -N /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-528423508/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-1 /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2241350218/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-1
--- /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-528423508/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-1   2024-09-03 10:18:38
+++ /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2241350218/rbac.authorization.k8s.io.v1.Role.monitoring.repro-role-1        2024-09-03 10:18:38
@@ -0,0 +1,24 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  creationTimestamp: "2024-09-03T08:18:38Z"
+  labels:
+    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
+  name: repro-role-1
+  namespace: monitoring
+  uid: a64ae4bc-e1d4-4fc0-916c-aa8494b5a277
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods/portforward
+  verbs:
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - services
+  verbs:
+  - get
+  - list
diff -u -N /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-528423508/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-0 /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2241350218/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-0
--- /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-528423508/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-0     2024-09-03 10:18:38
+++ /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2241350218/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-0  2024-09-03 10:18:38
@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  creationTimestamp: "2024-09-03T08:18:38Z"
+  labels:
+    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
+  name: repro-rolebinding-0
+  namespace: monitoring
+  uid: c0f9c18e-db84-4f64-af84-05b55621ac8c
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: repro-role-0
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: Group
+  name: repro
diff -u -N /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-528423508/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-1 /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2241350218/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-1
--- /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-528423508/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-1     2024-09-03 10:18:38
+++ /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2241350218/rbac.authorization.k8s.io.v1.RoleBinding.monitoring.repro-rolebinding-1  2024-09-03 10:18:38
@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  creationTimestamp: "2024-09-03T08:18:38Z"
+  labels:
+    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
+  name: repro-rolebinding-1
+  namespace: monitoring
+  uid: 2b91db44-d3e3-4712-b0a4-11abbd6f1f0b
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: repro-role-1
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: Group
+  name: repro
diff -u -N /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-528423508/v1.ConfigMap.monitoring.repro-cm0 /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2241350218/v1.ConfigMap.monitoring.repro-cm0
--- /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-528423508/v1.ConfigMap.monitoring.repro-cm0   2024-09-03 10:18:37
+++ /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2241350218/v1.ConfigMap.monitoring.repro-cm0        2024-09-03 10:18:37
@@ -0,0 +1,56 @@
+apiVersion: v1
+data:
+  data.yaml: |
+    apiVersion: monitoring.coreos.com/v1alpha1
+    kind: AlertmanagerConfig
+    metadata:
+      name: alertmanager
+      namespace: monitoring
+      labels:
+        config: alertmanager
+    spec:
+      inhibitRules:
+        - equal:
+            - namespace
+          sourceMatch:
+            - name: alertname
+              value: InfoInhibitor
+          targetMatch:
+            - name: severity
+              value: info
+        - equal:
+            - severity
+          sourceMatch:
+            - name: alertname
+              value: KubeAggregatedAPIErrors
+          targetMatch:
+            - name: alertname
+              value: SealedSecretsUnsealErrorHigh
+      route:
+        groupBy: ["namespace", "severity", "alertname", "cluster"]
+        groupWait: 30s
+        groupInterval: 5m
+        repeatInterval: 1h
+        receiver: default
+        routes:
+          - receiver: watchdog
+            matchers:
+              - name: alertname
+                value: Watchdog
+            repeatInterval: 5m
+            groupWait: 0s
+            groupInterval: 1m
+          - receiver: "null"
+            matchers:
+              - name: alertname
+                value: InfoInhibitor
+      receivers:
+        - name: "null"
+kind: ConfigMap
+metadata:
+  creationTimestamp: "2024-09-03T08:18:37Z"
+  labels:
+    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
+  name: repro-cm0
+  namespace: monitoring
+  uid: 8c771bbe-2383-4a0d-93fa-ed91558a92da
diff -u -N /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-528423508/v1.ConfigMap.monitoring.repro-cm1 /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2241350218/v1.ConfigMap.monitoring.repro-cm1
--- /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/LIVE-528423508/v1.ConfigMap.monitoring.repro-cm1   2024-09-03 10:18:37
+++ /var/folders/_b/d3w0wm9n4lg_53hv1rgsgv3c0000gn/T/MERGED-2241350218/v1.ConfigMap.monitoring.repro-cm1        2024-09-03 10:18:37
@@ -0,0 +1,56 @@
+apiVersion: v1
+data:
+  data.yaml: |
+    apiVersion: monitoring.coreos.com/v1alpha1
+    kind: AlertmanagerConfig
+    metadata:
+      name: alertmanager
+      namespace: monitoring
+      labels:
+        config: alertmanager
+    spec:
+      inhibitRules:
+        - equal:
+            - namespace
+          sourceMatch:
+            - name: alertname
+              value: InfoInhibitor
+          targetMatch:
+            - name: severity
+              value: info
+        - equal:
+            - severity
+          sourceMatch:
+            - name: alertname
+              value: KubeAggregatedAPIErrors
+          targetMatch:
+            - name: alertname
+              value: SealedSecretsUnsealErrorHigh
+      route:
+        groupBy: ["namespace", "severity", "alertname", "cluster"]
+        groupWait: 30s
+        groupInterval: 5m
+        repeatInterval: 1h
+        receiver: default
+        routes:
+          - receiver: watchdog
+            matchers:
+              - name: alertname
+                value: Watchdog
+            repeatInterval: 5m
+            groupWait: 0s
+            groupInterval: 1m
+          - receiver: "null"
+            matchers:
+              - name: alertname
+                value: InfoInhibitor
+      receivers:
+        - name: "null"
+kind: ConfigMap
+metadata:
+  creationTimestamp: "2024-09-03T08:18:37Z"
+  labels:
+    tanka.dev/environment: 98e42bf3acb98facff6140923eeaef3de75c40f773d945a6
+  name: repro-cm1
+  namespace: monitoring
+  uid: c4d432a7-b94f-493b-8584-f77560fd36ab

Applying to namespace 'monitoring' of cluster 'dw-monitoring' at 'https://xxx.net/-/kubernetes-agent/k8s-proxy' using context 'dw-monitoring'.
Please type 'yes' to confirm:

[fculpo]

Conclusion:

0.28.0 prints yaml objects on stdout (same shell env) and may get stuck if too much going on
0.27.1 does not print and goes through even if lots of objects.

[fculpo]

Sorry, lots of edits to suppress some URLs

[zerok]

Hah, found the debug code that caused the extra stdout printing. Sorry about that 🙂 I'm still trying to reproduce the performance regression.

[fculpo]

I did not noticed performance regression, the stdout may be the source of it all

[zerok]

#1151 was just merged. Could you perhaps please try if this resolves your issue? Then I'd cut a patch release 🙂

[fculpo]

LGTM, 0.28.1 it is ?

❯ tk apply environments/dw/monitoring/prometheus/main.jsonnet --force
Warning: There are no differences. Your apply may not do anything at all.
Applying to namespace 'monitoring' of cluster 'dw-monitoring' at 'https:/xxx.net/-/kubernetes-agent/k8s-proxy' using context 'dw-monitoring'.
Please type 'yes' to confirm: 

[zerok]

Thank you :) Yes, it will most likely be 0.28.1. Cutting that release in a few minutes.

[zerok]

Release is out 🙂 Closing this issue then.