Cluster scoped resources with namespace fields (incorrectly) set never go healthy

[ecordell]

I've noticed an issue when using Kustomizer: if I have a cluster-scoped resource (i.e. a ClusterRole) that incorrectly specifies a namespace, the inventory of objects that kustomizer passes to flux/ssa never succeeds. The object will have an Unknown status, because Kustomizer built an inventory object with a namespace: flux/ssa correctly tracks the status of a bad ClusterRole object (it sets namespace: ""), but Kustomizer still believes they're Unknown. The tracked object list will have two copies in the set: one with a namespace (status: Unknown, and one without a namespace (status: Current, or whatever it may be).

It's not a huge problem: I can just fix the manifests themselves. But it took me a while to track this down, so I figured I'd write down the issue. It could be fixed in Kustomizer by looking up whether the object should be cluster-scoped or not before building the set of objects.

Also: thanks for Kustomizer! It nicely fills a gap in kube tooling.