terraform-provider-flux icon indicating copy to clipboard operation
terraform-provider-flux copied to clipboard

Published 20 hours ago verified publisher icon fluxcd

`patchesStrategicMerge` deprecated in Flux 2

Open tobiasehlert opened this issue 1 year ago • 5 comments

Hi,

I'm looking for a way to add customizations to my kustomize.yaml file generated by this Terraform provider.

Starting with v0.18 of Flux 2, the kustomize.toolkit.fluxcd.io/v1beta2 API was updated and in combination with that, the .spec.patchesStrategicMerge was deprecated in favour of .spec.patches.

How can we run this Terraform provider so that we can use the .spec.patches instead of .spec.patchesStrategicMerge?

Here is the link to the discussion about upgrade of Flux to the Kustomize v1beta2 API: https://github.com/fluxcd/flux2/discussions/1916#discussion-3616377

I know there is another issue open (#231) that talks about a similar thing, but created a separate one due to the deprecation part.

As for my case, I'd like to drop some particular value (that makes Flux to fail in OpenShift) and to increase the memory settings of the containers.

Here is what I'd like to see as a result:

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
  - gotk-components.yaml
  - gotk-sync.yaml
patches:
  - patch: |
      apiVersion: apps/v1
      kind: Deployment
      metadata:
        name: all
      spec:
        template:
          spec:
            containers:
              - name: manager
                securityContext:
                  runAsUser: 65534
                  seccompProfile:
                    $patch: delete
    target:
      kind: Deployment
      labelSelector: app.kubernetes.io/part-of=flux

  - target:
      kind: Deployment
      name: helm-controller
    patch: |
      apiVersion: apps/v1
      kind: Deployment
      metadata:
        name: ignored
      spec:
        template:
          spec:
            containers:
            - name: manager
              resources:
                limits:
                  memory: 3Gi
                requests:
                  memory: 1Gi

tobiasehlert avatar Oct 14 '22 07:10 tobiasehlert

It is not possible to do any customisation at install time with Terrafrom, you'll have to use the CLI. cc @phillebaba

stefanprodan avatar Oct 14 '22 07:10 stefanprodan

hi @stefanprodan and @phillebaba,

Today we are using both the flux_install datasource and flux_sync datasource to get Flux up and running.

In the flux_sync datasource, there is a possibility to customize the generated kustomize.yaml file, but the only supported option right now is the patchesStrategicMerge.

I get the patchesStrategicMerge in place after following the customize-flux guide.

What would have been nice maybe is to have another input that makes an append to the end of kustomize.yaml content possible. That way the users could append a patches for instance.

I don't know if that's the best way forward, but that would at least be a option that would work in my scenario and probably for the people asking for customizations in #231 as well :)

Kind regards, Tobias

tobiasehlert avatar Oct 14 '22 08:10 tobiasehlert

Tjena @tobiasehlert :) I am busy working on the next bootstrap resource that is going to replace the datasource right now, but I should have some time to have a look at this during the weekend and see if I can come up with a good alternative solution.

phillebaba avatar Oct 14 '22 08:10 phillebaba

Tjena @tobiasehlert :) I am busy working on the next bootstrap resource that is going to replace the datasource right now, but I should have some time to have a look at this during the weekend and see if I can come up with a good alternative solution.

Wunderbar @phillebaba 😄

As an option (which I rather not want to go with) would be to use the terraform helm provider and set my memory values.. but I'd definitely rather see patches being added here.

Looking forward to your findings 👍

tobiasehlert avatar Oct 14 '22 08:10 tobiasehlert

.spec.patchesStrategicMerge was deprecated in favour of .spec.patches.

This has nothing to do with Kustomize config files, there is no spec in there. The deprecation refers to Flux CRD.

stefanprodan avatar Oct 14 '22 11:10 stefanprodan

Any thoughts about this one over the weekend @phillebaba? :)

tobiasehlert avatar Oct 19 '22 12:10 tobiasehlert

It feels like we need to add some documentation around what types of patches are allowed and what else is possible.

There are some surprising differences between kustomization.yaml and the Flux patches API that make it particularly difficult to locate a correct reference when you're trying to implement Kustomization patches. I think we could use a document that covers all the allowed possibilities side by side.

It would be good for this doc to cover what has been deprecated and when/why also, so that when people find old docs that refer to these, there is an unambiguous source that tells which docs to ignore.

I'm going to add an issue to fluxcd/website about this, (I'll try to remember to link it back here when I do)

kingdonb avatar Oct 19 '22 12:10 kingdonb

In the flux_sync datasource, there is a possibility to customize the generated kustomize.yaml file, but the only supported option right now is the patchesStrategicMerge.

I get the patchesStrategicMerge in place after following the customize-flux guide.

What would have been nice maybe is to have another input that makes an append to the end of kustomize.yaml content possible. That way the users could append a patches for instance.

Will this suffice during the wait? https://github.com/fluxcd/terraform-provider-flux/issues/282#issuecomment-1290205138

audunsolemdal avatar Oct 25 '22 08:10 audunsolemdal