Skip to content

Fix: gke-deploy now applies namespace updates (labels, annotations)#1115

Open
64johnlee wants to merge 5 commits into
GoogleCloudPlatform:masterfrom
64johnlee:fix/namespace-label-updates
Open

Fix: gke-deploy now applies namespace updates (labels, annotations)#1115
64johnlee wants to merge 5 commits into
GoogleCloudPlatform:masterfrom
64johnlee:fix/namespace-label-updates

Conversation

@64johnlee

Copy link
Copy Markdown

Summary

gke-deploy had a bug where it would only apply Namespace objects if they didn't exist in the cluster. After initial creation, any updates to namespace labels, annotations, or other metadata were silently ignored. This broke GitOps workflows where namespace metadata evolves over time.

Root Cause

The kubectl apply call for namespaces was inside an if !exists conditional block (lines 409-418 in deployer.go). This meant:

  1. If namespace doesn't exist → apply it (create)
  2. If namespace already exists → skip apply (no updates)
  3. Subsequent changes to labels/annotations are never reflected

Solution

Unindent the kubectl apply call outside the if !exists block, so namespace manifests are always applied. This allows kubectl apply's idempotent behavior and strategic merge patching to:

  • Create missing namespaces (warning still shown)
  • Update labels/annotations on existing namespaces
  • Preserve other namespace fields (quotas, network policies, etc.)

Changes

  • gke-deploy/deployer/deployer.go — unindent lines 411-417 outside the if !exists block
  • No new code, no behavior changes except now applying all namespace manifests

Example

Before (broken):

# First deploy: creates namespace
apiVersion: v1
kind: Namespace
metadata:
  name: prod
  labels:
    environment: production

# Update manifest to add more labels
apiVersion: v1
kind: Namespace
metadata:
  name: prod
  labels:
    environment: production
    team: platform  # <-- This update was silently ignored

After (fixed):

All namespace metadata updates are now applied via kubectl apply's strategic merge patching

Verification

🤖 Generated with Claude Code

64johnlee and others added 5 commits June 6, 2026 23:17
The google-cloud-sdk installer requires the python command to be available.
The Dockerfile.appengine was installing python3 but not the python package,
which is needed as a symlink/alias for SDK compatibility.

Fixes GoogleCloudPlatform#1056

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The docker builder was installing both docker-compose (v1.29.2, legacy) and
docker-compose-plugin (v2.x+, modern), causing version conflicts and unpredictable
behavior. The legacy v1 package is no longer maintained and should not be used.

This change removes docker-compose and keeps only docker-compose-plugin,
which is actively maintained by Docker and compatible with all supported
Docker versions (19.03, 20.10, 24.0).

Fixes GoogleCloudPlatform#1042

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The gcr.io/cloud-builders/go builder is no longer actively maintained and does
not support current Go versions. This adds a prominent deprecation notice at the
top of the README directing users to migrate to the official golang image, which
is actively maintained by the Docker community.

Fixes GoogleCloudPlatform#1067

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
When deploying Kubernetes resources with custom API groups (e.g., Traefik CRDs
with apiVersion: traefik.io/v1alpha1), gke-deploy was only using the Kind field
and discarding the API group. This caused kubectl to resolve to the server's
preferred version instead of the declared version, resulting in deployment
verification failures for custom resources.

Changes:
- Added ObjectGroupVersionKind() function in resource.go that returns the
  full "kind.group" format needed for kubectl commands
- Updated deployer.Apply() to use ObjectGroupVersionKind when calling
  kubectl for custom resources with API groups
- Core API resources (without groups) continue to work unchanged

Fixes GoogleCloudPlatform#962

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Fixes a bug where gke-deploy would only apply Namespace objects if they
didn't exist. After initial creation, any updates to namespace labels or
annotations were silently ignored.

Root cause: The kubectl apply call was inside an 'if !exists' conditional block,
preventing updates to existing namespaces. This broke GitOps workflows where
namespace metadata evolves over time.

Solution: Always call kubectl apply for namespace manifests, not just on creation.
The warning message for missing namespaces is preserved. kubectl apply's
idempotent behavior and strategic merge patching automatically handles:
- Creating missing namespaces
- Updating labels/annotations on existing namespaces
- Preserving other namespace fields (quotas, network policies, etc)

Fixes GoogleCloudPlatform#873

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@google-cla

google-cla Bot commented Jun 6, 2026

Copy link
Copy Markdown

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant