Description
Description of the problem
When matching pods (and possibly other types of objects) a typical issue is that the patch will contain unnecessary $setElementOrder directives, most probably caused by the automatically generated Volumes and VolumeMounts of the service account token.
Current mitigation
Right now this is mitigated by actually applying the patch locally and checking it against the current version to see if it is a false positive or not.
It is possibly a bug or a limitation in the package k8s.io/apimachinery/pkg/util/strategicpatch but would need more investigation to find out.
How to reproduce
Remove the code responsible for double checking the patch and run the integration tests go test -integration -v to see pod matches with original to fail with the following unwanted patch:
{"spec":{"$setElementOrder/volumes":[{"name":"empty"}]}}
The original pod spec:
&v1.Pod{
ObjectMeta: standardObjectMeta(),
Spec: v1.PodSpec{
Containers: []v1.Container{
{
Name: "test-container", Image: "test-image",
},
},
Volumes: []v1.Volume{
{
Name: "empty",
VolumeSource: v1.VolumeSource{
EmptyDir: &v1.EmptyDirVolumeSource{},
},
},
},
},
})