Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unable to strategic merge or JSON6902 patch from a file in kustomize.toolkit.fluxcd.io/v1beta2 #893

Open
SebSa opened this issue Jun 19, 2023 · 1 comment

Comments

@SebSa
Copy link

SebSa commented Jun 19, 2023

At https://github.com/fluxcd/flux2-multi-tenancy/blob/0b99b5c408124e4e362d5290731067bd87b33e85/production/kustomization.yaml#LL5C3-L6C24 there is an example in a kustomize.config.k8s.io/v1beta1 kustomization resource of a Strategic merge patch being declared but specifying the content of that patch in another file.

At https://github.com/fluxcd/flux2-kustomize-helm-example/blob/a1778cbbe130adf0d7baabb4b453f39e38948641/clusters/staging/infrastructure.yaml#LL34C1-L41C26 there is an example of a kustomize.toolkit.fluxcd.io/v1 kustomization resource from the flux CRD, doing the same type of patching except it's inline.

I'm trying to do the same thing as the first example, except with a kustomize.toolkit.fluxcd.io/v1beta2 kustomization resource (I know they're different) :

infrastructure.yaml:

apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
  name: infra-configs
  namespace: flux-system
spec:
  dependsOn:
    - name: infra-controllers
  interval: 1h
  retryInterval: 1m
  timeout: 5m
  sourceRef:
    kind: GitRepository
    name: flux-system
  path: ./infrastructure/configs
  prune: true
  patches:
  - path: secrets.patch.json
    target:
      kind: SecretStore
      name: keyvault
  - path: clusterIssuer.patch.json
    target:
      kind: ClusterIssuer
      name: letsencrypt

clusterIssuer.patch.json:

[
    {
        "op": "replace",
        "path": "/spec/acme/server",
        "value": "https://acme-staging-v02.api.letsencrypt.org/directory"
    }
]

secrets.patch.json:

[
    {
        "op": "replace",
        "path": "/spec/provider/id",
        "value": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
    },
    {
        "op": "replace",
        "path": "/spec/provider/uri",
        "value": "https://xxxxxxxxxxxxxxxxxxxxxx.com/"
    }
]

But this doesn't work, because the schema for kustomize.toolkit.fluxcd.io/v1beta2 doesn't seem to support specifying patches via the content of a file, it only supports inline. Is this the case? If so, why?

We have been using file based patches extensively for our kustomize.config.k8s.io/v1beta1 kustomization resources, because that is what was recommended in the flux examples, and in this way it is straightforward enough to have terraform commit files to a repo with dynamically generated values in this patch format and include the file by it's name in the patch operations. But now that we're trying to apply the same strategy to the CRD, the inline format is obtuse for this use case.

I doubt I'm the only one who's encountered this incongruency, so I'd like to ask if support for this use case, namely specifying patches via the content of a file, could be added or for any sane workarounds?

@Antvirf
Copy link

Antvirf commented Jun 29, 2023

Fully agree, would have a need for this use case as well. 'Standard' patches (e.g. ingress annotations adding protection/authentication/options) can add a lot of boilerplate that's unnecessary and could be referenced centrally.

The patching in kustomize-controller is managed by the patch package from fluxcd/pkg. I was able to find this PR affecting the docs which cleaned up mentions of path-based patching in flux kustomizations. It seems like the feature itself has never been there.

Will try to have a look at some point to see if this is something I can do but would be great to hear from the maintainers if there's a specific reason it hasn't been done, or rather just not done as of now given prioritisation of other things.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants