Skip to content

Instantly share code, notes, and snippets.

@uhthomas

uhthomas/applyset.md

Created April 10, 2026 22:16
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save uhthomas/47401e8d1418422fcf88c52086c77961 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save uhthomas/47401e8d1418422fcf88c52086c77961 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
applyset.md

So, I ended up making a custom resource specifically for the ApplySet, but actually getting it to work is tricky.

kubectl can't create the custom resource

So, unlike with ConfigMaps and Secrets, kubectl cannot create the custom resource.

error: custom resource ApplySet parents cannot be created automatically

Missing tooling annotation

The annotation applyset.kubernetes.io/tooling must be set to kubectl/v1.27.1:

error: ApplySet parent object "applysets.starjunk.net/automata" already exists and is missing required annotation "applyset.kubernetes.io/tooling"

Missing ApplySet ID label

So, now I have to replicate this by hand?...

Sure, here's a go.dev/play.

error: ApplySet parent object "applysets.starjunk.net/automata" exists and does not have required label applyset.kubernetes.io/id

Missing contains-group-resources annotation

The value of this annotation will be tedious to replicate by hand. Fortunately, it can be blank.

error: parsing ApplySet annotation on "applysets.starjunk.net/automata": kubectl requires the "applyset.kubernetes.io/contains-group-resources" annotation to be set on all ApplySet parent objects

Server-Side conflicts

It looks like because I had to create those fields manually, and I did so with server-side apply, there are now conflicts which need to be resolved. The fix is to defermanagement of those fields to kubectl, see here.

error: Apply failed with 1 conflict: conflict with "kubectl-applyset": .metadata.annotations.applyset.kubernetes.io/tooling
statefulset.apps/vault serverside-applied
Please review the fields above--they currently have other managers. Here
are the ways you can resolve this warning:
* If you intend to manage all of these fields, please re-run the apply
  command with the `--force-conflicts` flag.
* If you do not intend to manage all of the fields, please edit your
  manifest to remove references to the fields that should keep their
  current managers.
* You may co-own fields by updating your manifest to match the existing
  value; in this case, you'll become the manager if the other manager(s)
  stop managing the field (remove it from their configuration).
See https://kubernetes.io/docs/reference/using-api/server-side-apply/#conflicts

After that was all said and done, it looks like this now works as expected!

https://github.com/uhthomas/automata/actions/runs/4942497931

I really hope my feedback is helpful. Let me know if there's anything I can do to help.

TL;DR:

❯ kubectl patch applysets.starjunk.net automata --type merge -p '{
        "metadata": {
                "annotations": {
                        "applyset.kubernetes.io/tooling": "kubectl/v1.31.1",
                        "applyset.kubernetes.io/contains-group-resources": "",
                        "applyset.kubernetes.io/contains-group-kinds": ""
                },
                "labels": {
                        "applyset.kubernetes.io/id": "applyset-xjZyH1FmMYtP-oSkfLUgubxDYIbsrD-IuDRLmezicIo-v1"
                }
        }
}'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment