kustomize-controller icon indicating copy to clipboard operation
kustomize-controller copied to clipboard

Published 20 hours ago verified publisher icon fluxcd

Constant rewriting of the CRD

Open tropnikovvl opened this issue 2 months ago • 4 comments

Hello!

Using Flux, I deployed the external-secrets operator and its CRD.

The fact is that the external-secrets operator stores the caBundle directly in the CRD and therefore Flux constantly overwrites it.

Question: is it possible to add some manifest fields to those ignored by Kustomization?

 {"level":"info","ts":"2024-04-16T11:13:17.992Z","msg":"server-side apply for cluster definitions completed","controller":"kustomization","controllerGroup":"kustomize.toolkit.fluxcd.io","controllerKind":"Kustomization","Kustomization":{"name":"crds-stack","namespace":"flux-system"},"namespace":"flux-system","name":"crds-stack","reconcileID":"c2167182-e883-4189-814e-7d895b0da69f","output":{"CustomResourceDefinition/clustersecretstores.external-secrets.io":"configured","CustomResourceDefinition/externalsecrets.external-secrets.io":"configured","CustomResourceDefinition/secretstores.external-secrets.io":"configured"}}

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
  - https://raw.githubusercontent.com/external-secrets/external-secrets/v0.9.14/deploy/crds/bundle.yaml

 apiVersion: apiextensions.k8s.io/v1                                                                                                                                                                                                                                                                                                                                      
 kind: CustomResourceDefinition                                                                                                                                                                                                                                                                                                                                           
 metadata:                                                                                                                                                                                                                                                                                                                                                                
   annotations:                                                                                                                                                                                                                                                                                                                                                           
     controller-gen.kubebuilder.io/version: v0.14.0                                                                                                                                                                                                                                                                                                                       
   creationTimestamp: "2024-04-10T09:58:54Z"                                                                                                                                                                                                                                                                                                                              
   generation: 190                                                                                                                                                                                                                                                                                                                                                        
   labels:                                                                                                                                                                                                                                                                                                                                                                
     kustomize.toolkit.fluxcd.io/name: crds-stack                                                                                                                                                                                                                                                                                                                         
     kustomize.toolkit.fluxcd.io/namespace: flux-system                                                                                                                                                                                                                                                                                                                   
   name: clustersecretstores.external-secrets.io                                                                                                                                                                                                                                                                                                                          
   resourceVersion: "1265682"                                                                                                                                                                                                                                                                                                                                             
   uid: 89ad4f41-1a9c-4bd8-951a-b38ae52dbca5                                                                                                                                                                                                                                                                                                                              
 spec:                                                                                                                                                                                                                                                                                                                                                                    
   conversion:                                                                                                                                                                                                                                                                                                                                                            
     strategy: Webhook                                                                                                                                                                                                                                                                                                                                                    
     webhook:                                                                                                                                                                                                                                                                                                                                                             
       clientConfig:                                                                                                                                                                                                                                                                                                                                                      
         caBundle: long caBundle                                                                                                                                                                          
         service:                                                                                                                                                                                                                                                                                                                                                         
           name: external-secrets-webhook                                                                                                                                                                                                                                                                                                                                 
           namespace: external-secrets                                                                                                                                                                                                                                                                                                                                    
           path: /convert                                                                                                                                                                                                                                                                                                                                                 
           port: 443                                                                                                                                                                                                                                                                                                                                                      
       conversionReviewVersions:                                                                                                                                                                                                                                                                                                                                          
       - v1                                                                                                                                                                                                                                                                                                                                                               
   group: external-secrets.io                                                                                                                                                                                                                                                                                                                                             
   names:                                                                                                                                                                                                                                                                                                                                                                 
     categories:                                                                                                                                                                                                                                                                                                                                                          
     - externalsecrets                                                                                                                                                                                                                                                                                                                                                    
     kind: ClusterSecretStore                                                                                                                                                                                                                                                                                                                                             
     listKind: ClusterSecretStoreList                                                                                                                                                                                                                                                                                                                                     
     plural: clustersecretstores                                                                                                                                                                                                                                                                                                                                          
     shortNames:                                                                                                                                                                                                                                                                                                                                                          
     - css                                                                                                                                                                                                                                                                                                                                                                
     singular: clustersecretstore                                                                                                                                                                                                                                                                                                                                         
   scope: Cluster

tropnikovvl avatar Apr 16 '24 12:04 tropnikovvl