kustomize-controller
kustomize-controller copied to clipboard
Unable to strategic merge or JSON6902 patch from a file in kustomize.toolkit.fluxcd.io/v1beta2
At https://github.com/fluxcd/flux2-multi-tenancy/blob/0b99b5c408124e4e362d5290731067bd87b33e85/production/kustomization.yaml#LL5C3-L6C24 there is an example in a kustomize.config.k8s.io/v1beta1
kustomization
resource of a Strategic merge patch being declared but specifying the content of that patch in another file.
At https://github.com/fluxcd/flux2-kustomize-helm-example/blob/a1778cbbe130adf0d7baabb4b453f39e38948641/clusters/staging/infrastructure.yaml#LL34C1-L41C26 there is an example of a kustomize.toolkit.fluxcd.io/v1
kustomization
resource from the flux CRD, doing the same type of patching except it's inline.
I'm trying to do the same thing as the first example, except with a kustomize.toolkit.fluxcd.io/v1beta2
kustomization
resource (I know they're different) :
infrastructure.yaml:
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: infra-configs
namespace: flux-system
spec:
dependsOn:
- name: infra-controllers
interval: 1h
retryInterval: 1m
timeout: 5m
sourceRef:
kind: GitRepository
name: flux-system
path: ./infrastructure/configs
prune: true
patches:
- path: secrets.patch.json
target:
kind: SecretStore
name: keyvault
- path: clusterIssuer.patch.json
target:
kind: ClusterIssuer
name: letsencrypt
clusterIssuer.patch.json:
[
{
"op": "replace",
"path": "/spec/acme/server",
"value": "https://acme-staging-v02.api.letsencrypt.org/directory"
}
]
secrets.patch.json:
[
{
"op": "replace",
"path": "/spec/provider/id",
"value": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
{
"op": "replace",
"path": "/spec/provider/uri",
"value": "https://xxxxxxxxxxxxxxxxxxxxxx.com/"
}
]
But this doesn't work, because the schema for kustomize.toolkit.fluxcd.io/v1beta2
doesn't seem to support specifying patches via the content of a file, it only supports inline. Is this the case? If so, why?
We have been using file based patches extensively for our kustomize.config.k8s.io/v1beta1
kustomization
resources, because that is what was recommended in the flux examples, and in this way it is straightforward enough to have terraform commit files to a repo with dynamically generated values in this patch format and include the file by it's name in the patch operations. But now that we're trying to apply the same strategy to the CRD, the inline format is obtuse for this use case.
I doubt I'm the only one who's encountered this incongruency, so I'd like to ask if support for this use case, namely specifying patches via the content of a file, could be added or for any sane workarounds?