kustomize: nameref does not work with nested bases

cat <<'EOF' > example/kustomization.yaml
bases:
- base

secretGenerator:
- commands:
    HELLO: printf 'world'
EOF

cat <<'EOF' > example/base/kustomization.yaml
bases:
- otherbase
EOF

cat <<'EOF' > example/base/otherbase/kustomization.yaml
resources:
- deployment.yaml
EOF

cat <<'EOF' > example/base/otherbase/deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: example
spec:
  template:
    spec:
      containers:
      - name: example
        image: example
        envFrom:
        - secretRef:
            name: example
EOF

The output looks like this

apiVersion: v1
data:
  HELLO: d29ybGQ=
kind: Secret
metadata:
  name: example-c89hbk9m56
type: Opaque
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: example
spec:
  template:
    spec:
      containers:
      - envFrom:
        - secretRef:
            name: example
        image: example
        name: example

It should look like this

apiVersion: v1
data:
  HELLO: d29ybGQ=
kind: Secret
metadata:
  name: example-c89hbk9m56
type: Opaque
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: example
spec:
  template:
    spec:
      containers:
      - envFrom:
        - secretRef:
            name: example-c89hbk9m56
        image: example
        name: example

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Reactions: 4
  • Comments: 19 (10 by maintainers)

Most upvoted comments

@Liujingfang1 Ok you are correct. The issue is not the nested bases, it breaks when you add a namePrefix.

cat <<'EOF' > kustomization.yaml
apiVersion: v1beta1
kind: Kustomization

bases:
- base

secretGenerator:
- commands:
    HELLO: printf 'world'
  name: example
EOF

cat <<'EOF' > base/kustomization.yaml
apiVersion: v1beta1
kind: Kustomization

namePrefix: foo-

resources:
- deployment.yaml
EOF

cat <<'EOF' > base/deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: example
spec:
  template:
    spec:
      containers:
      - name: example
        image: example
        envFrom:
        - secretRef:
            name: example
EOF
+5
sethpollack on Jan 13, 2019

The reference to the secret appears in a base that does not define the secret. If you create the secret in example/base/otherbase/kustomization.yaml and merge it (search for “behavior: merge”) in example/kustomization.yaml I believe your code will work.

+2
jcassee on Dec 30, 2018

@valer-cara I think that PR. If we use your example, without the PR the configMapRef is wrong and does not contain the hash. With the PR the configMapRef is correct.

$HOME/bin/kustomize.3.0.3 build .

apiVersion: v1
data:
  password: "123456"
kind: ConfigMap
metadata:
  name: yyy-bkfmbb8t66
---
apiVersion: v1
data:
  password: MTIzNDU2OTk5OTk=
kind: Secret
metadata:
  annotations: {}
  labels: {}
  name: lalala-xxx-ctd2ckb7h7
type: Opaque
---
kind: Deployment
metadata:
  name: lalala-foobar
spec:
  template:
    spec:
      containers:
      - envFrom:
        - secretRef:
            name: lalala-xxx-ctd2ckb7h7
        - configMapRef:
            name: yyy
        image: busybox
        name: foobar

$HOME/bin/kustomize.PR1378 build .

apiVersion: v1
data:
  password: "123456"
kind: ConfigMap
metadata:
  name: yyy-bkfmbb8t66
---
apiVersion: v1
data:
  password: MTIzNDU2OTk5OTk=
kind: Secret
metadata:
  annotations: {}
  labels: {}
  name: lalala-xxx-ctd2ckb7h7
type: Opaque
---
kind: Deployment
metadata:
  name: lalala-foobar
spec:
  template:
    spec:
      containers:
      - envFrom:
        - secretRef:
            name: lalala-xxx-ctd2ckb7h7
        - configMapRef:
            name: yyy-bkfmbb8t66
        image: busybox
        name: foobar
+1
jbrette on Jul 22, 2019
Read more comments on GitHub
← kustomize: Name in a configMapRef is not updated to include the hash as a suffix (nor a prefix)
kustomize: Namespace generated is missing document separator →