kustomize-controller icon indicating copy to clipboard operation
kustomize-controller copied to clipboard

Published 20 hours ago verified publisher icon fluxcd

Unable to strategic merge or JSON6902 patch from a file in kustomize.toolkit.fluxcd.io/v1beta2

Open SebSa opened this issue 1 year ago • 1 comments

At https://github.com/fluxcd/flux2-multi-tenancy/blob/0b99b5c408124e4e362d5290731067bd87b33e85/production/kustomization.yaml#LL5C3-L6C24 there is an example in a kustomize.config.k8s.io/v1beta1 kustomization resource of a Strategic merge patch being declared but specifying the content of that patch in another file.

At https://github.com/fluxcd/flux2-kustomize-helm-example/blob/a1778cbbe130adf0d7baabb4b453f39e38948641/clusters/staging/infrastructure.yaml#LL34C1-L41C26 there is an example of a kustomize.toolkit.fluxcd.io/v1 kustomization resource from the flux CRD, doing the same type of patching except it's inline.

I'm trying to do the same thing as the first example, except with a kustomize.toolkit.fluxcd.io/v1beta2 kustomization resource (I know they're different) :

infrastructure.yaml:

apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
  name: infra-configs
  namespace: flux-system
spec:
  dependsOn:
    - name: infra-controllers
  interval: 1h
  retryInterval: 1m
  timeout: 5m
  sourceRef:
    kind: GitRepository
    name: flux-system
  path: ./infrastructure/configs
  prune: true
  patches:
  - path: secrets.patch.json
    target:
      kind: SecretStore
      name: keyvault
  - path: clusterIssuer.patch.json
    target:
      kind: ClusterIssuer
      name: letsencrypt

clusterIssuer.patch.json:

[
    {
        "op": "replace",
        "path": "/spec/acme/server",
        "value": "https://acme-staging-v02.api.letsencrypt.org/directory"
    }
]

secrets.patch.json:

[
    {
        "op": "replace",
        "path": "/spec/provider/id",
        "value": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
    },
    {
        "op": "replace",
        "path": "/spec/provider/uri",
        "value": "https://xxxxxxxxxxxxxxxxxxxxxx.com/"
    }
]

But this doesn't work, because the schema for kustomize.toolkit.fluxcd.io/v1beta2 doesn't seem to support specifying patches via the content of a file, it only supports inline. Is this the case? If so, why?

We have been using file based patches extensively for our kustomize.config.k8s.io/v1beta1 kustomization resources, because that is what was recommended in the flux examples, and in this way it is straightforward enough to have terraform commit files to a repo with dynamically generated values in this patch format and include the file by it's name in the patch operations. But now that we're trying to apply the same strategy to the CRD, the inline format is obtuse for this use case.

I doubt I'm the only one who's encountered this incongruency, so I'd like to ask if support for this use case, namely specifying patches via the content of a file, could be added or for any sane workarounds?

SebSa avatar Jun 19 '23 14:06 SebSa