flux2: Kustomizations without a base do not apply

Describe the bug

according to the FAQ we should be able to patch arbitrary pre-installed resources using kustomize objects.

I have not been able to patch any using the (limited) instructions in the FAQ.

Steps to reproduce

  1. install flux
  2. create kustomization with patchesStrategicMerge
  3. reconcile kustomization

Expected behavior

resource patched with provided patch

Screenshots and recordings

kustomization:

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
patches:
- path: weave-liveness.yaml
  target:
    kind: DaemonSet
    name: weave-net
    namespace: kube-system

weave-liveness.yaml:

apiVersion: apps/v1
kind: DaemonSet
metadata:
  annotations:
    kustomize.fluxcd.toolkit.io/ssa: merge
  name: weave-net
  namespace: kube-system
spec:
  template:
    spec:
      containers:
      - name: weave
        livenessProbe:
          exec:
            command:
            - /bin/sh
            - -c
            - /home/weave/weave --local status connections | grep fastdp
          initialDelaySeconds: 20
          periodSeconds: 5

no errors, but also no change / no output.

# kubectl get kustomizations.kustomize.toolkit.fluxcd.io -n flux-system weave-net
NAME        AGE   READY   STATUS
weave-net   22h   True    Applied revision: main/ca160ca0ec5d1ef98cb6fc368d09e6e09195f1ab

OS / Distro

centos 7.7

Flux version

v0.28.4

Flux check

flux check

► checking prerequisites ✔ Kubernetes 1.23.3 >=1.20.6-0 ► checking controllers ✔ helm-controller: deployment ready ► car:5000/helm-controller:v0.18.2 ✔ image-automation-controller: deployment ready ► car:5000/image-automation-controller:v0.21.2 ✔ image-reflector-controller: deployment ready ► car:5000/image-reflector-controller:v0.17.1 ✔ kustomize-controller: deployment ready ► car:5000/kustomize-controller:v0.22.2 ✔ notification-controller: deployment ready ► car:5000/notification-controller:v0.23.1 ✔ source-controller: deployment ready ► car:5000/source-controller:v0.22.4 ✔ all checks passed

Git provider

No response

Container Registry provider

No response

Additional context

No response

Code of Conduct

  • I agree to follow this project’s Code of Conduct

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Reactions: 1
  • Comments: 20 (8 by maintainers)

Most upvoted comments

Adding the patch in the helmrelease under postRenderers sorted my problem. Thank you for your help!

+2
lunderhage on May 5, 2022

are you suggesting i add the strategic merge formatted patch under ‘resources’?

Yes, you may need to add the pod label selectors too, like in the CoreDNS example.

is there a kustomize setting I’m missing here?

I think the namespace is injected at apply time. You can use a patch and target the service by name only. On my Istio cluster this works fine:

  postRenderers:
    - kustomize:
        patches:
          - patch: |
              kind: Service
              apiVersion: v1
              metadata:
                name: istio-gateway
              spec:
                externalIPs:
                  - 10.124.14.56
            target:
              kind: Service
              name: istio-gateway

Note that I’m using a different chart called gateway, so you need to map the name to your service.

+1
stefanprodan on May 5, 2022

@lunderhage @daveoy to patch any resource in a HelmRelease you can use postRenderers, docs here: https://fluxcd.io/docs/components/helm/helmreleases/#post-renderers

+1
stefanprodan on May 5, 2022

I have this exact problem trying to patch a deployment which ofc is a result of applying a helmrelease.

So yes this is actually my next question. I figured the answer to this issue would illuminate that.

+1
daveoy on May 4, 2022
Read more comments on GitHub
← flux2: Kustomization and HelmRelease objects are stuck if they fail to apply on first install
flux2: Kustomize controller does not detect changes on a ressource →