All go install commands in kube_codegen.sh fail because the version is not specified

[solidDoWant]

When the kube_codegen.sh script exists outside a go module directory, automatic installation commands from this repo (i.e. defaulter-gen, client-gen, etc.) fails because the tool version is not specified. For example, the gen_client function attempts to install the tools here essentially just runs:

GO111MODULE=on go install k8s.io/code-generator/cmd/defaulter-gen@latest k8s.io/code-generator/cmd/client-gen@latest k8s.io/code-generator/cmd/lister-gen@latest k8s.io/code-generator/cmd/informer-gen@latest k8s.io/code-generator/cmd/deepcopy-gen@latest

At the top of the subshell the working directory is changed to the kube_codegen.sh, which the logic assumes is a Go module directory. If it isn't, the install command fails because the go command requires a version to be specified when running outside of a module directory.

To reproduce:

1. Download the script to a temp directory somewhere
2. Run . /tmp/kube_codegen.sh; kube::codegen::gen_client --output-dir /tmp/generated /tmp/src
3. Observe the go: 'go install' requires a version when current directory is not in a module [...] message logged

Alternatively:

1. Run docker run --rm --env GO111MODULE=on golang:1.23.2 go install k8s.io/code-generator/cmd/defaulter-gen
2. Observe the go: 'go install' requires a version when current directory is not in a module [...] message logged

If somebody can tell me how to plumb the release version number into the script then I can file a PR to fix this.

---

By the way, this line and related install lines in the script can be simplified to:

GO111MODULE=on go install "${BINS[@]/#/k8s.io/code-generator/cmd/}"

which would also fix the quoting issue, and remove the need for the linter exception.

[unmarshall]

Yes i also face the same issue. The current script mandates polluting the go.mod from which the script picks up the versions. Alternatively we have to define empty imports in hack/tools.go which updates the go.sum.

[unmarshall]

Perhaps a simple thing to do would be ask for the k8s API version. The versioning seems to follow the same semantic versioning as the k8s API. If not specified assume the latest as default version. This also maintains backward compatibility.

[unmarshall]

/assign

[thockin]

What are the circumstances that lead to you having this script, which lives in the k8s.io/code-generator repo, but not having the rest of the repo?

What I really mean is that this script is fairly tightly coupled to the tools it executes, and if you give it some back-rev version of the tools, the script may not work, or vice-versa.

[unmarshall]

I did not want to bring in the dependency of k8s.io/code-generator in the go.mod. Instead in my tools.mk i have the following function:

version_gomod = $(shell go list -mod=mod -f '{{ .Version }}' -m $(1))

I use the k8s.io/api dependency to extract the version and use that version for code-generator.

CODE_GENERATOR_VERSION ?= $(call version_gomod,k8s.io/api)

Assumption is that code-generator tags/versions are in-line with k8s API versions

[thockin]

Where does the script come from? Did you copy it I to your own repo?

[unmarshall]

in the same tools.mk i define a target to install client-gen
```GO111MODULE=on go install k8s.io/code-generator/cmd/client-gen@$(CODE_GENERATOR_VERSION)` and this brings in both client-gen and kube_codegen.sh. Once the script is present, its just a matter of sourcing the script into our own bash script and calling functions defined in it.

I have also seen in other repositories developers are just building what they need via go build -o <path> k8s.io/code-generator/cmd/<specific-cmd> and that also brings in kube_codegen.sh

[solidDoWant]

What are the circumstances that lead to you having this script, which lives in the k8s.io/code-generator repo, but not having the rest of the repo?

Why is the rest of this repo needed? The script:

• Uses globally-resolvable references to the go tools, rather than locally (that is, go install k8s.io/code-generator/cmd/conversion-gen instead of go install ./cmd/conversion-gen or go run ./cmd/conversion-gen/main.go
• References files by default that do not exist in this repo (such as the boilerplate ${KUBE_CODEGEN_ROOT}/hack/boilerplate.go.txt file
• Doesn't directly reference any other files in this repo

Maybe the tool is intended to be ran from a copy of this repo, but it's not documented anywhere and it works anywhere outside of what appears to be a logic bug/bad assumption with the script.

Where does the script come from? Did you copy it I to your own repo?

In my case, I'm using it to generate a client that has bindings for this tool, but doesn't actually provide a client itself (CloudNativePG). I have tooling that clones a specific version of that repo, downloads this script, and does essentially . <script path> && kube::codegen::gen_client --output-dir <my repo path> <cnpg repo path>. This works flawlessly, except I need to remove the go install lines due to this bug, and install the tools separately.

[thockin]

@unmarshall

So you are running go install to fetch a specific version of k8s.io/code-generator, but you don't want it in your go.mod, so you hide it and then kind of guess at the version for that one script to re-download the same thing you just downloaded?

I am just trying to be understand - this script is coupled to the specific version of the tools. While neither are particularly fast-changing, they are not meant to be interchangeable.

I understand that we have a non-trivial deps tree, but you ACTUALLY DO depend on them.

Have you considered using a 'tools' directory, with its own go.mod, to isolate those deps without breaking them?

@solidDoWant

The script doesn't use "./" notation mostly for clarity. That doesn't make it less coupled.

My concern here, again, is that the tools may change or the script may change, and unless you are using the same versions, you may have a bumpy ride. I don't INTEND to change all the CLI flags, but I didn't intend to last time, either. And in fact, I DO have some budding ideas on how we might make these tools more robust, and that might necessitate CLI changes.

If you are cloning a specific version of this repo, then you really want the same version of the tools. Why is that version not encoded in a go.mod? Even a child go mod in a subdir (and look, I agree that go tooling here is clunky but it exists).

[solidDoWant]

My concern here, again, is that the tools may change or the script may change, and unless you are using the same versions, you may have a bumpy ride

I think this is a great argument for setting the installed tool versions. With the current behavior, when the script runs go install k8s.io/code-generator/cmd/applyconfiguration-gen (or any other generator command) from within a go module directory, Go installs the latest version. This isn't necessarily the version that corresponds to the running script.

It'd be great if the script was updated to instead do go install k8s.io/code-generator/cmd/applyconfiguration-gen@<version of the calling script>. This approach would both help ensure that the tool versions and script version match, and (as a side effect) would fix the issue with running the script outside of a go module directory.

Even better would be k8s.io/code-generator/cmd/applyconfiguration-gen@<version of calling script>, as this would avoid affecting go.mod files, or the go bin directory.

Why is that version not encoded in a go.mod?

This wouldn't solve the versioning issue, as it would allow the script and go tool versions to drift (for example, when go get -u is ran to update deps).

[thockin]

@solidDoWant

This wouldn't solve the versioning issue, as it would allow the script and go tool versions to drift (for example, when go get -u is ran to update deps).

I think maybe there's a disconnect between how I assume people use this and how you actually use it. I assume people use Go's tooling, even if the only reason is so you are not swimming against the current.

Make a fresh module:

$ pwd
/tmp/testmod

$ ls

$ go mod init hockin.org/thockin/testmod
go: creating new go.mod: module hockin.org/thockin/testmod

$ cat go.mod 
module hockin.org/thockin/testmod

go 1.22.0

Get a back-rev version of code-generator, to emulate an older repo:

$ go get k8s.io/[email protected]
go: downloading k8s.io/code-generator v0.29.13
go: downloading k8s.io/klog/v2 v2.110.1
go: downloading k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01
go: downloading k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00
go: downloading github.com/go-logr/logr v1.3.0
go: downloading google.golang.org/protobuf v1.33.0
go: added github.com/emicklei/go-restful/v3 v3.11.0
go: added github.com/go-logr/logr v1.3.0
go: added github.com/go-openapi/jsonpointer v0.19.6
go: added github.com/go-openapi/jsonreference v0.20.2
go: added github.com/go-openapi/swag v0.22.3
go: added github.com/golang/protobuf v1.5.4
go: added github.com/google/gnostic-models v0.6.8
go: added github.com/google/gofuzz v1.2.0
go: added github.com/josharian/intern v1.0.0
go: added github.com/json-iterator/go v1.1.12
go: added github.com/mailru/easyjson v0.7.7
go: added github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd
go: added github.com/modern-go/reflect2 v1.0.2
go: added github.com/spf13/pflag v1.0.5
go: added golang.org/x/mod v0.14.0
go: added golang.org/x/tools v0.16.1
go: added google.golang.org/protobuf v1.33.0
go: added gopkg.in/yaml.v2 v2.4.0
go: added gopkg.in/yaml.v3 v3.0.1
go: added k8s.io/code-generator v0.29.13
go: added k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01
go: added k8s.io/klog/v2 v2.110.1
go: added k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00
go: added sigs.k8s.io/structured-merge-diff/v4 v4.4.1
go: added sigs.k8s.io/yaml v1.3.0

$ cat go.mod
module hockin.org/thockin/testmod

go 1.22.0

require (
	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
	github.com/go-logr/logr v1.3.0 // indirect
	github.com/go-openapi/jsonpointer v0.19.6 // indirect
	github.com/go-openapi/jsonreference v0.20.2 // indirect
	github.com/go-openapi/swag v0.22.3 // indirect
	github.com/golang/protobuf v1.5.4 // indirect
	github.com/google/gnostic-models v0.6.8 // indirect
	github.com/google/gofuzz v1.2.0 // indirect
	github.com/josharian/intern v1.0.0 // indirect
	github.com/json-iterator/go v1.1.12 // indirect
	github.com/mailru/easyjson v0.7.7 // indirect
	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
	github.com/modern-go/reflect2 v1.0.2 // indirect
	github.com/spf13/pflag v1.0.5 // indirect
	golang.org/x/mod v0.14.0 // indirect
	golang.org/x/tools v0.16.1 // indirect
	google.golang.org/protobuf v1.33.0 // indirect
	gopkg.in/yaml.v2 v2.4.0 // indirect
	gopkg.in/yaml.v3 v3.0.1 // indirect
	k8s.io/code-generator v0.29.13 // indirect
	k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 // indirect
	k8s.io/klog/v2 v2.110.1 // indirect
	k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect
	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
	sigs.k8s.io/yaml v1.3.0 // indirect
)

$ ls
go.mod  go.sum

Vendor your deps at the pinned versions (note, Go's vendoring includes related scripts because this pattern is what the tooling expects people to do, too).

$ cat > tools.go
package main

import _ "k8s.io/code-generator"

$ go mod vendor

$ ls vendor/k8s.io/code-generator/
cmd                 generate-groups.sh           OWNERS             third_party
code-of-conduct.md  generate-internal-groups.sh  pkg                tools.go
CONTRIBUTING.md     kube_codegen.sh              README.md
doc.go              LICENSE                      SECURITY_CONTACTS

Run the tool that we pinned. Note the -? output doesn't say which version (PRs welcome) but it has -i which no longer exists at HEAD.

$ go run k8s.io/code-generator/cmd/applyconfiguration-gen -?
unknown shorthand flag: '?' in -?
Usage of /tmp/go-build1088973750/b001/exe/applyconfiguration-gen:
      --add_dir_header                        If true, adds the file directory to the header of the log messages
      --alsologtostderr                       log to standard error as well as files (no effect when -logtostderr=true)
      --build-tag string                      A Go build tag to use to identify files generated by this command. Should be unique. (default "ignore_autogenerated")
      --external-applyconfigurations string   list of comma separated external apply configurations locations in <type-package>.<type-name>:<applyconfiguration-package> form.For example: k8s.io/api/apps/v1.Deployment:k8s.io/client-go/applyconfigurations/apps/v1 (default "[k8s.io/apimachinery/pkg/apis/meta/v1.TypeMeta:k8s.io/client-go/applyconfigurations/meta/v1,k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta:k8s.io/client-go/applyconfigurations/meta/v1,k8s.io/apimachinery/pkg/apis/meta/v1.OwnerReference:k8s.io/client-go/applyconfigurations/meta/v1]")
  -h, --go-header-file string                 File containing boilerplate header text. The string YEAR will be replaced with the current 4-digit year. (default "/home/thockin/go/src/k8s.io/gengo/boilerplate/boilerplate.go.txt")
  -i, --input-dirs strings                    Comma-separated list of import paths to get input types from.
      --log_backtrace_at traceLocation        when logging hits line file:N, emit a stack trace (default :0)
      --log_dir string                        If non-empty, write log files in this directory (no effect when -logtostderr=true)
      --log_file string                       If non-empty, use this log file (no effect when -logtostderr=true)
      --log_file_max_size uint                Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
      --logtostderr                           log to standard error instead of files (default true)
      --one_output                            If true, only write logs to their native severity level (vs also writing to each lower severity level; no effect when -logtostderr=true)
      --openapi-schema string                 path to the openapi schema containing all the types that apply configurations will be generated for
  -o, --output-base string                    Output base; defaults to $GOPATH/src/ or ./ if $GOPATH is not set. (default "/home/thockin/go/src")
  -O, --output-file-base string               Base name (without .go suffix) for output files.
  -p, --output-package string                 Base package path.
      --skip_headers                          If true, avoid header prefixes in the log messages
      --skip_log_headers                      If true, avoid headers when opening log files (no effect when -logtostderr=true)
      --stderrthreshold severity              logs at or above this threshold go to stderr when writing to files and stderr (no effect when -logtostderr=true or -alsologtostderr=true) (default 2)
      --trim-path-prefix string               If set, trim the specified prefix from --output-package when generating files.
  -v, --v Level                               number for the log level verbosity
      --verify-only                           If true, only verify existing output, do not write anything.
      --vmodule moduleSpec                    comma-separated list of pattern=N settings for file-filtered logging
unknown shorthand flag: '?' in -?
exit status 2

Now update the dep and re-run the tool:

$ go get -u k8s.io/[email protected]
go: downloading k8s.io/code-generator v0.30.0-alpha.3.0.20241206184641-1bfda81f6630
go: k8s.io/[email protected] requires go >= 1.23.0; switching to go1.23.5
go: downloading go1.23.5 (linux/amd64)
go: downloading k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f
go: downloading k8s.io/gengo/v2 v2.0.0-20240911193312-2b36238f13e9
go: downloading k8s.io/klog v1.0.0
go: downloading k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7
go: downloading k8s.io/gengo/v2 v2.0.0-20250106234829-0359904fc2a6
go: downloading k8s.io/gengo v0.0.0-20250106234829-0359904fc2a6
go: downloading github.com/google/gnostic-models v0.6.9
go: downloading golang.org/x/text v0.19.0
go: downloading golang.org/x/text v0.21.0
go: downloading google.golang.org/protobuf v1.35.1
go: downloading google.golang.org/protobuf v1.36.3
go: downloading sigs.k8s.io/structured-merge-diff/v4 v4.4.2
go: downloading sigs.k8s.io/structured-merge-diff/v4 v4.5.0
go: downloading golang.org/x/tools v0.26.0
go: downloading sigs.k8s.io/structured-merge-diff v1.0.2
go: downloading github.com/go-openapi/jsonreference v0.21.0
go: downloading github.com/mailru/easyjson v0.9.0
go: downloading golang.org/x/tools v0.29.0
go: downloading golang.org/x/mod v0.21.0
go: downloading golang.org/x/sync v0.10.0
go: downloading golang.org/x/mod v0.22.0
go: downloading github.com/emicklei/go-restful/v3 v3.12.1
go: downloading github.com/emicklei/go-restful v2.16.0+incompatible
go: upgraded go 1.22.0 => 1.23.0
go: added toolchain go1.23.5
go: upgraded github.com/emicklei/go-restful/v3 v3.11.0 => v3.12.1
go: upgraded github.com/go-logr/logr v1.3.0 => v1.4.2
go: upgraded github.com/go-openapi/jsonpointer v0.19.6 => v0.21.0
go: upgraded github.com/go-openapi/jsonreference v0.20.2 => v0.21.0
go: upgraded github.com/go-openapi/swag v0.22.3 => v0.23.0
go: upgraded github.com/google/gnostic-models v0.6.8 => v0.6.9
go: upgraded github.com/mailru/easyjson v0.7.7 => v0.9.0
go: upgraded golang.org/x/mod v0.14.0 => v0.22.0
go: upgraded golang.org/x/sync v0.5.0 => v0.10.0
go: upgraded golang.org/x/text v0.7.0 => v0.21.0
go: upgraded golang.org/x/tools v0.16.1 => v0.29.0
go: upgraded google.golang.org/protobuf v1.33.0 => v1.36.3
go: upgraded k8s.io/code-generator v0.29.13 => v0.30.0-alpha.3.0.20241206184641-1bfda81f6630
go: added k8s.io/gengo/v2 v2.0.0-20250106234829-0359904fc2a6
go: upgraded k8s.io/klog/v2 v2.110.1 => v2.130.1
go: upgraded k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 => v0.0.0-20241212222426-2c72e554b1e7
go: upgraded sigs.k8s.io/structured-merge-diff/v4 v4.4.1 => v4.5.0
go: upgraded sigs.k8s.io/yaml v1.3.0 => v1.4.0

$ go mod vendor

$ go run k8s.io/code-generator/cmd/applyconfiguration-gen -?
unknown shorthand flag: '?' in -?
Usage of /tmp/go-build3675809947/b001/exe/applyconfiguration-gen:
      --add_dir_header                        If true, adds the file directory to the header of the log messages
      --alsologtostderr                       log to standard error as well as files (no effect when -logtostderr=true)
      --external-applyconfigurations string   list of comma separated external apply configurations locations in <type-package>.<type-name>:<applyconfiguration-package> form.For example: k8s.io/api/apps/v1.Deployment:k8s.io/client-go/applyconfigurations/apps/v1 (default "[k8s.io/apimachinery/pkg/apis/meta/v1.ManagedFieldsEntry:k8s.io/client-go/applyconfigurations/meta/v1,k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta:k8s.io/client-go/applyconfigurations/meta/v1,k8s.io/apimachinery/pkg/apis/meta/v1.OwnerReference:k8s.io/client-go/applyconfigurations/meta/v1,k8s.io/apimachinery/pkg/apis/meta/v1.TypeMeta:k8s.io/client-go/applyconfigurations/meta/v1,k8s.io/apimachinery/pkg/apis/meta/v1.Condition:k8s.io/client-go/applyconfigurations/meta/v1,k8s.io/apimachinery/pkg/apis/meta/v1.DeleteOptions:k8s.io/client-go/applyconfigurations/meta/v1,k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector:k8s.io/client-go/applyconfigurations/meta/v1,k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelectorRequirement:k8s.io/client-go/applyconfigurations/meta/v1]")
      --go-header-file string                 the path to a file containing boilerplate header text; the string "YEAR" will be replaced with the current 4-digit year
      --log_backtrace_at traceLocation        when logging hits line file:N, emit a stack trace (default :0)
      --log_dir string                        If non-empty, write log files in this directory (no effect when -logtostderr=true)
      --log_file string                       If non-empty, use this log file (no effect when -logtostderr=true)
      --log_file_max_size uint                Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
      --logtostderr                           log to standard error instead of files (default true)
      --one_output                            If true, only write logs to their native severity level (vs also writing to each lower severity level; no effect when -logtostderr=true)
      --openapi-schema string                 path to the openapi schema containing all the types that apply configurations will be generated for
      --output-dir string                     the base directory under which to generate results
      --output-pkg string                     the Go import-path of the generated results
      --skip_headers                          If true, avoid header prefixes in the log messages
      --skip_log_headers                      If true, avoid headers when opening log files (no effect when -logtostderr=true)
      --stderrthreshold severity              logs at or above this threshold go to stderr when writing to files and stderr (no effect when -logtostderr=true or -alsologtostderr=true) (default 2)
  -v, --v Level                               number for the log level verbosity
      --vmodule moduleSpec                    comma-separated list of pattern=N settings for file-filtered logging
unknown shorthand flag: '?' in -?
exit status 2

Note the flags are different.

If you don't like all of this in your main go.mod, you can make a tools directory and do this in there, and then your calling scripts can pushd tools or go -C tools.

This is what I assumed people are doing. Clearly I was not quite correct. The question is whether to convince you that you should do it more like this, or whether I should adapt to accomodate a different pattern.

What I don't want to see is people cloning kube_codegen.sh and assuming that their fork will work with the tools at HEAD. I guess it's not my business if you want to "hide" this dependency behind a git clone to /tmp, but I'd like to offer an argument that you'd be better off actually managing it as a dep explicitly.

Any version drift between the script and the tools is a liability.

[solidDoWant]

I see. Most projects I work on usually avoid vendoring due to it's drawbacks (larger repos, larger dep update diffs, multiple sources of truth, licensing issues, etc.) so I hadn't considered it as an option. I'd prefer to avoid this as possible - I don't need (or want) all the sources files of this repo checked into my repo(s). The tool is a dev dependency as well, so I'd prefer to keep it out of my go.mod direct dependencies, too.

The ideal path (for me) would be to be able to download just a single file (which today would be the kube_codegen.sh script itself) in my dev environment, and have it pull in everything else. Something along the lines of curl -fsSL -o /usr/bin/kube_codegen https://raw.githubusercontent.com/kubernetes/code-generator/refs/tags/v0.32.1/kube_codegen.sh. A tarball, deb, rpm, or other package would be another alternative. Then, the tool would be responsible for using whatever versions of other tools (be it applyconfiguration-gen or anything else) that it needs.

The only thing missing this today is that the scripts do not include a release version number in them anywhere, so when they do go install <tool>, they install whatever Go determines is the latest version of the tool.

[thockin]

Opinion time: NOT vendoring is insanity. Upstream repos DO disappear and the module cache is a free public service with a best-effort SLO. None of the alleged downsides of vendoring have really manifested in an project I work with. But I am not here to convince you to vendor.

Given that the script in question doesn't change very often, embedding a version in it is my least favorite idea. If you already know exactly which version you want (v0.32.1 in that curl command) then the best I can offer is to accept that as a param to the script, which is the PR that prompted this discussion.

I really wanted to understand how that came to be, and I guess I do, now.

[unmarshall]

Most projects I work on usually avoid vendoring

That is also true for all repositories in the Gardener project as well. This move was made perhaps last year. The reasoning forced us to look at our dependencies and ensure that we are only dependent upon projects that are a) well maintained b) active c) have contributors from multiple organisations and there are other criteria. No good project will disappear all of a sudden, there is usually an announcement and there is sufficient time for us to either clone the project and maintain it ourselves or move to another alternative project. So projects disappearing is not a strong argument to have vendoring. But as you have said above its an opinion and something that everyone has to decide for themselves. But to assume that people will use vendoring (when the language does not mandate it) is IMHO not a fair assumption.

[thockin]

No good project will disappear all of a sudden

That's not my experience, but OK. I'm not trying to convince you.

But to assume that people will use vendoring

That's fair, though the script pretty clearly assumes a local copy of the whole code-generator repo:

KUBE_CODEGEN_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"

local boilerplate="${KUBE_CODEGEN_ROOT}/hack/boilerplate.go.txt"

cd "${KUBE_CODEGEN_ROOT}"