Support for server side apply

hack/test-all.sh

@@ -7,6 +7,7 @@ set -e -x -u
 export KAPP_BINARY_PATH="$PWD/kapp"
 
 ./hack/test.sh
-./hack/test-e2e.sh
+KAPP_E2E_SSA=0 ./hack/test-e2e.sh
+KAPP_E2E_SSA=1 ./hack/test-e2e.sh
 
 echo ALL SUCCESS

pkg/kapp/clusterapply/add_or_update_change.go

@@ -4,12 +4,13 @@
 package clusterapply
 
 import (
+	"context"
 	"fmt"
+	"k8s.io/apimachinery/pkg/types"
 	"time"
 
 	ctldiff "github.com/k14s/kapp/pkg/kapp/diff"
 	ctlres "github.com/k14s/kapp/pkg/kapp/resources"
-	"github.com/k14s/kapp/pkg/kapp/util"
 	"k8s.io/apimachinery/pkg/api/errors"
 )
 
@@ -26,7 +27,10 @@ const (
 )
 
 type AddOrUpdateChangeOpts struct {
-	DefaultUpdateStrategy string
+	DefaultUpdateStrategy   string
+	ServerSideApply         bool
+	ServerSideForceConflict bool
+	FieldManagerName        string
 }
 
 type AddOrUpdateChange struct {
@@ -131,7 +135,7 @@ func (c AddOrUpdateChange) tryToResolveUpdateConflict(
 		changeSet := c.changeSetFactory.New([]ctlres.Resource{latestExistingRes},
 			[]ctlres.Resource{c.change.AppliedResource()})
 
-		recalcChanges, err := changeSet.Calculate()
+		recalcChanges, err := changeSet.Calculate(context.TODO())
 		if err != nil {
 			return err
 		}
@@ -172,7 +176,7 @@ func (c AddOrUpdateChange) tryToUpdateAfterCreateConflict() error {
 		changeSet := c.changeSetFactory.New([]ctlres.Resource{latestExistingRes},
 			[]ctlres.Resource{c.change.AppliedResource()})
 
-		recalcChanges, err := changeSet.Calculate()
+		recalcChanges, err := changeSet.Calculate(context.TODO())
 		if err != nil {
 			return err
 		}
@@ -218,36 +222,14 @@ func (c AddOrUpdateChange) recordAppliedResource(savedRes ctlres.Resource) error
 		return fmt.Errorf("Calculating change after the save: %s", err)
 	}
 
-	// first time, try using memory copy
-	latestResWithHistory := &savedResWithHistory
-
-	return util.Retry(time.Second, time.Minute, func() (bool, error) {
-		// subsequent times try to retrieve latest copy,
-		// for example, ServiceAccount seems to change immediately
-		if latestResWithHistory == nil {
-			res, err := c.identifiedResources.Get(savedRes)
-			if err != nil {
-				return false, err
-			}
-
-			resWithHistory := c.changeFactory.NewResourceWithHistory(res)
-			latestResWithHistory = &resWithHistory
-		}
-
-		// Record last applied change on the latest version of a resource
-		latestResWithHistoryUpdated, err := latestResWithHistory.RecordLastAppliedResource(applyChange)
-		if err != nil {
-			return true, fmt.Errorf("Recording last applied resource: %s", err)
-		}
-
-		_, err = c.identifiedResources.Update(latestResWithHistoryUpdated)
-		if err != nil {
-			latestResWithHistory = nil // Get again
-			return false, fmt.Errorf("Saving record of last applied resource: %s", err)
-		}
+	// Record last applied change on the latest version of a resource
+	recordHistoryPatch, err := savedResWithHistory.RecordLastAppliedResource(applyChange)
+	if err != nil {
+		return fmt.Errorf("Recording last applied resource: %s", err)
+	}
 
-		return true, nil
-	})
+	_, err = c.identifiedResources.Patch(savedRes, types.MergePatchType, recordHistoryPatch, ctlres.PatchOpts{DryRun: false})
+	return err
 }
 
 type AddPlainStrategy struct {
@@ -263,6 +245,26 @@ func (c AddPlainStrategy) Apply() error {
 		return err
 	}
 
+	// Create is recorded in the metadata.fieldManagers as
+	// Update operation creating distinct field manager from Apply operation,
+	// which means that these fields wont be updateable using SSA.
+	// To fix it, we change operation to be "Apply"
+	// See https://github.com/kubernetes/kubernetes/issues/107417 for details
+	if c.aou.opts.ServerSideApply {
+		createdRes, err = c.aou.identifiedResources.Patch(createdRes, types.JSONPatchType, []byte(`
+[
+	{ "op": "test", "path": "/metadata/managedFields/0/manager", "value": "`+c.aou.opts.FieldManagerName+`" },
+	{ "op": "replace", "path": "/metadata/managedFields/0/operation", "value": "Apply" }
+]
+`), ctlres.PatchOpts{DryRun: false})
+		if err != nil {
+			// TODO: potentially patch can fail if '"op": "test"' fails, which can happen if another
+			// controller changes managedFields. We
+			return err
+		}
+
+	}
+
 	return c.aou.recordAppliedResource(createdRes)
 }
 
@@ -275,13 +277,27 @@ func (c AddOrFallbackOnUpdateStrategy) Op() ClusterChangeApplyStrategyOp {
 	return createStrategyFallbackOnUpdateAnnValue
 }
 
-func (c AddOrFallbackOnUpdateStrategy) Apply() error {
-	createdRes, err := c.aou.identifiedResources.Create(c.newRes)
-	if err != nil {
-		if errors.IsAlreadyExists(err) {
-			return c.aou.tryToUpdateAfterCreateConflict()
+func (c AddOrFallbackOnUpdateStrategy) Apply() (err error) {
+	var createdRes ctlres.Resource
+	if c.aou.opts.ServerSideApply {
+		resBytes, err := c.newRes.AsYAMLBytes()
+		if err != nil {
+			return err
+		}
+
+		// Apply patch is like upsert, combining create + update, no need to fallback on error
+		createdRes, err = c.aou.identifiedResources.Patch(c.newRes, types.ApplyPatchType, resBytes, ctlres.PatchOpts{DryRun: false})
+		if err != nil {
+			return err
+		}
+	} else {
+		createdRes, err = c.aou.identifiedResources.Create(c.newRes)
+		if err != nil {
+			if errors.IsAlreadyExists(err) {
+				return c.aou.tryToUpdateAfterCreateConflict()
+			}
+			return err
 		}
-		return err
 	}
 
 	return c.aou.recordAppliedResource(createdRes)
@@ -295,7 +311,17 @@ type UpdatePlainStrategy struct {
 func (c UpdatePlainStrategy) Op() ClusterChangeApplyStrategyOp { return updateStrategyPlainAnnValue }
 
 func (c UpdatePlainStrategy) Apply() error {
-	updatedRes, err := c.aou.identifiedResources.Update(c.newRes)
+	var updatedRes ctlres.Resource
+	var err error
+
+	if c.aou.opts.ServerSideApply {
+		updatedRes, err = ctlres.WithIdentityAnnotation(c.newRes, func(r ctlres.Resource) (ctlres.Resource, error) {
+			resBytes, _ := r.AsYAMLBytes()
+			return c.aou.identifiedResources.Patch(r, types.ApplyPatchType, resBytes, ctlres.PatchOpts{DryRun: false})
+		})
+	} else {
+		updatedRes, err = c.aou.identifiedResources.Update(c.newRes)
+	}
 	if err != nil {
 		if errors.IsConflict(err) {
 			return c.aou.tryToResolveUpdateConflict(err, func(err error) error { return err })
@@ -323,8 +349,20 @@ func (c UpdateOrFallbackOnReplaceStrategy) Apply() error {
 		return err
 	}
 
-	updatedRes, err := c.aou.identifiedResources.Update(c.newRes)
+	var updatedRes ctlres.Resource
+	var err error
+
+	if c.aou.opts.ServerSideApply {
+		updatedRes, err = ctlres.WithIdentityAnnotation(c.newRes, func(r ctlres.Resource) (ctlres.Resource, error) {
+			resBytes, _ := r.AsYAMLBytes()
+			return c.aou.identifiedResources.Patch(r, types.ApplyPatchType, resBytes, ctlres.PatchOpts{DryRun: false})
+		})
+	} else {
+		updatedRes, err = c.aou.identifiedResources.Update(c.newRes)
+	}
+
 	if err != nil {
+		//TODO: find out if SSA conflicts worth retrying
 		if errors.IsConflict(err) {
 			return c.aou.tryToResolveUpdateConflict(err, replaceIfIsInvalidErrFunc)
 		}

pkg/kapp/clusterapply/delete_change.go

@@ -107,6 +107,6 @@ func (c DeleteOrphanStrategy) Apply() error {
 		return err
 	}
 
-	_, err = c.d.identifiedResources.Patch(c.res, types.JSONPatchType, patchJSON)
+	_, err = c.d.identifiedResources.Patch(c.res, types.JSONPatchType, patchJSON, ctlres.PatchOpts{DryRun: false})
 	return err
 }

pkg/kapp/cmd/app/delete.go

@@ -9,6 +9,7 @@ import (
 	ctlcap "github.com/k14s/kapp/pkg/kapp/clusterapply"
 	cmdcore "github.com/k14s/kapp/pkg/kapp/cmd/core"
 	cmdtools "github.com/k14s/kapp/pkg/kapp/cmd/tools"
+	"github.com/k14s/kapp/pkg/kapp/cmd/tools/ssa"
 	ctlconf "github.com/k14s/kapp/pkg/kapp/config"
 	ctldiff "github.com/k14s/kapp/pkg/kapp/diff"
 	ctldgraph "github.com/k14s/kapp/pkg/kapp/diffgraph"
@@ -59,7 +60,14 @@ func NewDeleteCmd(o *DeleteOptions, flagsFactory cmdcore.FlagsFactory) *cobra.Co
 func (o *DeleteOptions) Run() error {
 	failingAPIServicesPolicy := o.ResourceTypesFlags.FailingAPIServicePolicy()
 
-	app, supportObjs, err := Factory(o.depsFactory, o.AppFlags, o.ResourceTypesFlags, o.logger)
+	// When orphan strategy used, delete operation issues PATCH command to delete labels,
+	// which passes field manager name to K8S API.
+	// This name is not persisted anywhere in managedFields and it's value doesn't really matter, therefore there
+	// is no need to expose --ssa-field-manager CLI flag in the delete command. Set it to something reasonable.
+	ssaFlags := ssa.SSAFlags{
+		FieldManagerName: "kapp-shouldnt-be-seen-anywhere",
+	}
+	app, supportObjs, err := Factory(o.depsFactory, o.AppFlags, o.ResourceTypesFlags, o.logger, &ssaFlags)
 	if err != nil {
 		return err
 	}
@@ -189,10 +197,10 @@ func (o *DeleteOptions) calculateAndPresentChanges(existingResources []ctlres.Re
 	)
 
 	{ // Figure out changes for X existing resources -> 0 new resources
-		changeFactory := ctldiff.NewChangeFactory(nil, nil)
+		changeFactory := ctldiff.NewChangeFactory(nil, nil, supportObjs.IdentifiedResources)
 		changeSetFactory := ctldiff.NewChangeSetFactory(o.DiffFlags.ChangeSetOpts, changeFactory)
 
-		changes, err := changeSetFactory.New(existingResources, nil).Calculate()
+		changes, err := changeSetFactory.New(existingResources, nil).Calculate(nil)
 		if err != nil {
 			return ctlcap.ClusterChangeSet{}, nil, changesSummary{}, err
 		}

pkg/kapp/cmd/app/deploy.go

@@ -4,7 +4,9 @@
 package app
 
 import (
+	"context"
 	"fmt"
+	"github.com/k14s/kapp/pkg/kapp/cmd/tools/ssa"
 	"sort"
 	"strings"
 
@@ -40,18 +42,26 @@ type DeployOptions struct {
 	DeployFlags         DeployFlags
 	ResourceTypesFlags  ResourceTypesFlags
 	LabelFlags          LabelFlags
+	SSAFlags            ssa.SSAFlags
 }
 
 func NewDeployOptions(ui ui.UI, depsFactory cmdcore.DepsFactory, logger logger.Logger) *DeployOptions {
 	return &DeployOptions{ui: ui, depsFactory: depsFactory, logger: logger}
 }
 
+const diffFlagsPrefix = "diff"
+
 func NewDeployCmd(o *DeployOptions, flagsFactory cmdcore.FlagsFactory) *cobra.Command {
 	cmd := &cobra.Command{
 		Use:     "deploy",
 		Aliases: []string{"d", "dep"},
 		Short:   "Deploy app",
-		RunE:    func(_ *cobra.Command, _ []string) error { return o.Run() },
+		RunE: func(_ *cobra.Command, _ []string) error {
+			return o.Run()
+		},
+		PreRunE: func(cmd *cobra.Command, _ []string) error {
+			return o.ValidateAndAdjustFlags(cmd)
+		},
 		Annotations: map[string]string{
 			cmdcore.AppHelpGroup.Key: cmdcore.AppHelpGroup.Value,
 		},
@@ -72,20 +82,29 @@ func NewDeployCmd(o *DeployOptions, flagsFactory cmdcore.FlagsFactory) *cobra.Co
 
 	o.AppFlags.Set(cmd, flagsFactory)
 	o.FileFlags.Set(cmd)
-	o.DiffFlags.SetWithPrefix("diff", cmd)
 	o.ResourceFilterFlags.Set(cmd)
 	o.ApplyFlags.SetWithDefaults("", ApplyFlagsDeployDefaults, cmd)
+	o.DiffFlags.SetWithPrefix(diffFlagsPrefix, cmd)
+
 	o.DeployFlags.Set(cmd)
 	o.ResourceTypesFlags.Set(cmd)
 	o.LabelFlags.Set(cmd)
+	o.SSAFlags.Set(cmd)
 
 	return cmd
 }
 
+func (o *DeployOptions) ValidateAndAdjustFlags(cmd *cobra.Command) error {
+	AdjustApplyFlags(o.SSAFlags, &o.ApplyFlags)
+	return cmdtools.AdjustDiffFlags(o.SSAFlags, &o.DiffFlags, diffFlagsPrefix, cmd)
+}
+
 func (o *DeployOptions) Run() error {
+	ctx := context.Background()
+
 	failingAPIServicesPolicy := o.ResourceTypesFlags.FailingAPIServicePolicy()
 
-	app, supportObjs, err := Factory(o.depsFactory, o.AppFlags, o.ResourceTypesFlags, o.logger)
+	app, supportObjs, err := Factory(o.depsFactory, o.AppFlags, o.ResourceTypesFlags, o.logger, &o.SSAFlags)
 	if err != nil {
 		return err
 	}
@@ -140,7 +159,7 @@ func (o *DeployOptions) Run() error {
 	}
 
 	clusterChangeSet, clusterChangesGraph, hasNoChanges, changeSummary, err :=
-		o.calculateAndPresentChanges(existingResources, newResources, conf, supportObjs)
+		o.calculateAndPresentChanges(ctx, existingResources, newResources, conf, supportObjs)
 	if err != nil {
 		if o.DiffFlags.UI && clusterChangesGraph != nil {
 			return o.presentDiffUI(clusterChangesGraph)
@@ -315,19 +334,19 @@ func (o *DeployOptions) existingResources(newResources []ctlres.Resource,
 	return resourceFilter.Apply(existingResources), o.existingPodResources(existingResources), nil
 }
 
-func (o *DeployOptions) calculateAndPresentChanges(existingResources,
+func (o *DeployOptions) calculateAndPresentChanges(ctx context.Context, existingResources,
 	newResources []ctlres.Resource, conf ctlconf.Conf, supportObjs FactorySupportObjs) (
 	ctlcap.ClusterChangeSet, *ctldgraph.ChangeGraph, bool, string, error) {
 
 	var clusterChangeSet ctlcap.ClusterChangeSet
 
 	{ // Figure out changes for X existing resources -> X new resources
-		changeFactory := ctldiff.NewChangeFactory(conf.RebaseMods(), conf.DiffAgainstLastAppliedFieldExclusionMods())
+		changeFactory := ctldiff.NewChangeFactory(conf.RebaseMods(), conf.DiffAgainstLastAppliedFieldExclusionMods(), supportObjs.IdentifiedResources)
 		changeSetFactory := ctldiff.NewChangeSetFactory(o.DiffFlags.ChangeSetOpts, changeFactory)
 
 		changes, err := ctldiff.NewChangeSetWithVersionedRs(
 			existingResources, newResources, conf.TemplateRules(),
-			o.DiffFlags.ChangeSetOpts, changeFactory).Calculate()
+			o.DiffFlags.ChangeSetOpts, changeFactory).Calculate(ctx)
 		if err != nil {
 			return clusterChangeSet, nil, false, "", err
 		}

pkg/kapp/cmd/app/deploy_flag_help_sections.go

@@ -17,6 +17,10 @@ var (
 		Title:       "Diff Flags:",
 		PrefixMatch: "diff",
 	}
+	SSAFlagGroup = cobrautil.FlagHelpSection{
+		Title:       "Server side apply Flags:",
+		PrefixMatch: "ssa",
+	}
 	ApplyFlagGroup = cobrautil.FlagHelpSection{
 		Title:       "Apply Flags:",
 		PrefixMatch: "apply",
@@ -58,6 +62,7 @@ func setDeployCmdFlags(cmd *cobra.Command) {
 	cmd.SetUsageTemplate(cobrautil.FlagHelpSectionsUsageTemplate([]cobrautil.FlagHelpSection{
 		CommonFlagGroup,
 		DiffFlagGroup,
+		SSAFlagGroup,
 		ApplyFlagGroup,
 		WaitFlagGroup,
 		ResourceFilterFlagGroup,