Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

tazuna plan

Compares the result of Building the Manifests declared in tazuna.yaml against the state of the live cluster, and outputs, field by field, how things would change if you apply. It performs only read access to the cluster and changes nothing.

tazuna plan [-f tazuna.yaml] [--tags ...]

Behavior

  1. Load tazuna.yaml.
  2. Filter by --tags.
  3. Render each Manifest with its corresponding Manager’s Build().
  4. Convert the rendered result into a set of client.Objects.
  5. Fetch each object from the cluster by GVK / namespace / name.
  6. Objects that could not be fetched (NotFound) are output as + to be created.
  7. For objects that were fetched, output a unified diff of desired vs live, marked with ~.

Does not evaluate context_matches.

Why a client-side diff

Tazuna’s plan is implemented under the slogan of “server-side dry-run,” but the implementation is a client-side diff. This is the result of the following trade-off.

ApproachProsCons
server-side dry-runReflects admission webhooks / defaultingThe controller-runtime fake client does not fully support dry-run apply
client-side diff (adopted)Reproducible in integration testsWebhook / defaulting results are not visible

Understand it as choosing “a plan that can be tested” even at some cost to accuracy. Fields rewritten by an admission webhook (mutation) and server-side defaulting are not reflected in the plan output.

Output Format

Manifest: nginx
  + Deployment/default/nginx-new (to be created)
  ~ ConfigMap/default/nginx-conf
        spec:
          replicas: 1
    +     replicas: 3

Manifest: cert-manager
  + Issuer/cert-manager/letsencrypt-prod (to be created)
  • + <Kind/ns/name> (to be created) — a resource that does not yet exist on the live cluster
  • ~ <Kind/ns/name> — a resource that exists but has field differences. The indented unified diff from k8s.io/apimachinery/pkg/util/diff.Diff follows directly below.

If there are no differences, only the single line No changes detected. is emitted.

Fields excluded when computing the diff

To avoid noise, the following fields are stripped before comparing live and desired.

  • metadata.resourceVersion / uid / generation
  • metadata.managedFields
  • metadata.creationTimestamp / selfLink
  • status

Skipped Manifests

  • Manifests with an empty name
  • type: genesissecret (being always-sync, it does not fit the concept of a field diff in plan)

Flag

In addition to global flags, the following are accepted.

FlagAliasTypeDefaultDescription
--tags-t[]string[]Limits the plan target to Manifests carrying at least one of the specified tags (OR evaluation).

Examples

tazuna plan
tazuna plan -f tazuna.yaml
tazuna plan -f tazuna.yaml --tags web,batch
tazuna plan -f tazuna.yaml --otlp-endpoint=localhost:4317