kustomize: [Question] Is a var required when names are ambiguous?
I’m using the same component in two resources but need to refer to hashed Secret and ConfigMap name from both resources in my project. Do I need to use a var to get the correct Secret/ConfigMap name + hash if the name reference is ambiguous or am I missing something?
Example:
I’ve tried to boil my issue down to a bare minimum. xql-zero & xql-one inherit from xql, app references xql-zero and xql-one
A rough Helm Chart equivalent would be:
apiVersion: "v2"
description: Helm Chart for "app"
name: app
version: 0.0.1
appVersion: "0.0.1-initial"
dependencies:
- name: xql
version: 0.0.1
alias: xql-zero
- name: xql
version: 0.0.1
alias: xql-one
Ex:
Note: XQL_ONE_PASSWORD and XQL_ZERO_PASSWORD, which are not referenced using vars, have a keyref name of xql-secret while XQL_ZERO_ARG and XQL_ONE_ARG, which use vars, have hashed names: project-xql-zero-xql-secret-6khmtc56hm
XQL_ONE_ARG (with var):
- name: XQL_ONE_ARG
valueFrom:
secretKeyRef:
name: $(PROJECT_XQL_ONE_SECRET_NAME) # Defined below in "INPUT"
key: arg
XQL_ONE_PASSWORD (without var):
- name: XQL_ONE_PASSWORD
valueFrom:
secretKeyRef:
name: xql-secret
key: password
OUTPUT:
Error: obj '{"apiVersion": "apps/v1", "kind": "Deployment", "metadata": {"name": "project-app"},
"spec": {"template": {"spec": {"containers": [{"env": [{"name": "XQL_ZERO_ARG",
"valueFrom": {"secretKeyRef": {"key": "arg", "name": "$(PROJECT_XQL_ZERO_SECRET_NAME)"}}},
{"name": "XQL_ZERO_PASSWORD", "valueFrom": {"secretKeyRef": {"key": "password",
"name": "xql-secret"}}}, {"name": "XQL_ONE_ARG", "valueFrom": {
"secretKeyRef": {"key": "arg", "name": "$(PROJECT_XQL_ONE_SECRET_NAME)"}}},
{"name": "XQL_ONE_PASSWORD", "valueFrom": {"secretKeyRef": {"key": "password",
"name": "xql-secret"}}}], "image": "example.com/app:latest", "imagePullPolicy": "Always",
"name": "app"}]}}}}
' at path 'spec/template/spec/containers/env/valueFrom/secretKeyRef/name': visit traversal on path: [env valueFrom secretKeyRef name]: visit traversal on path: [valueFrom secretKeyRef name]: multiple matches for ~G_v1_Secret|~X|xql-secret:
[~G_v1_Secret|~X|project-xql-zero-xql-secret-6khmtc56hm
~G_v1_Secret|~X|project-xql-one-xql-secret-79mhmf5dgt
]
INPUT:
==> ./kustomization.yaml <==
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namePrefix: project-
resources:
- app
==> ./app/kustomization.yaml <==
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- resources/deployment.yaml
- resources/xql
==> ./app/resources/xql/kustomization.yaml <==
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- xql-zero
- xql-one
configurations:
- ./kustomizeconfig.yaml
==> ./app/resources/xql/kustomizeconfig.yaml <==
varReference:
- path: spec/template/spec/containers/env/valueFrom/secretKeyRef/name
==> ./app/resources/xql/xql-one/kustomization.yaml <==
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namePrefix: xql-one-
resources:
- ../../../../../bases/xql
secretGenerator:
- name: xql-secret
behavior: merge
envs:
- config/xql-one-secret.env
vars:
- name: PROJECT_XQL_ONE_SECRET_NAME
objref:
kind: Secret
name: xql-secret
apiVersion: v1
fieldref:
fieldpath: metadata.name
==> ./app/resources/xql/xql-one/config/xql-one-secret.env <==
arg=1
==> ./app/resources/xql/xql-zero/kustomization.yaml <==
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namePrefix: xql-zero-
resources:
- ../../../../../bases/xql
secretGenerator:
- name: xql-secret
behavior: merge
envs:
- config/xql-zero-secret.env
vars:
- name: PROJECT_XQL_ZERO_SECRET_NAME
objref:
kind: Secret
name: xql-secret
apiVersion: v1
fieldref:
fieldpath: metadata.name
==> ./app/resources/xql/xql-zero/config/xql-zero-secret.env <==
arg=0
==> ./app/resources/deployment.yaml <==
apiVersion: apps/v1
kind: Deployment
metadata:
name: app
spec:
template:
spec:
containers:
- name: app
image: example.com/app:latest
imagePullPolicy: Always
env:
- name: XQL_ZERO_ARG
valueFrom:
secretKeyRef:
name: $(PROJECT_XQL_ZERO_SECRET_NAME)
key: arg
- name: XQL_ZERO_PASSWORD
valueFrom:
secretKeyRef:
name: xql-secret
key: password
- name: XQL_ONE_ARG
valueFrom:
secretKeyRef:
name: $(PROJECT_XQL_ONE_SECRET_NAME)
key: arg
- name: XQL_ONE_PASSWORD
valueFrom:
secretKeyRef:
name: xql-secret
key: password
Referring to the two xql-secert-s exclusively using the vars PROJECT_XQL_ZERO_SECRET_NAME and PROJECT_XQL_ONE_SECRET_NAME produces the expected output, but, again, is hacky.
INPUT WITH VARS:
apiVersion: apps/v1
kind: Deployment
metadata:
name: app
spec:
template:
spec:
containers:
- name: app
image: example.com/app:latest
imagePullPolicy: Always
env:
- name: XQL_ZERO_ARG
valueFrom:
secretKeyRef:
name: $(PROJECT_XQL_ZERO_SECRET_NAME)
key: arg
- name: XQL_ZERO_PASSWORD
valueFrom:
secretKeyRef:
name: $(PROJECT_XQL_ZERO_SECRET_NAME)
key: password
- name: XQL_ONE_ARG
valueFrom:
secretKeyRef:
name: $(PROJECT_XQL_ONE_SECRET_NAME)
key: arg
- name: XQL_ONE_PASSWORD
valueFrom:
secretKeyRef:
name: $(PROJECT_XQL_ONE_SECRET_NAME)
key: password
OUTPUT WITH VARS:
apiVersion: v1
data:
arg: MQ==
password: U1VQRVJfU0VDUkVUX1BBU1NXT1JE
kind: Secret
metadata:
annotations: {}
labels: {}
name: project-xql-one-xql-secret-79mhmf5dgt
type: Opaque
---
apiVersion: v1
data:
arg: MA==
password: U1VQRVJfU0VDUkVUX1BBU1NXT1JE
kind: Secret
metadata:
annotations: {}
labels: {}
name: project-xql-zero-xql-secret-6khmtc56hm
type: Opaque
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: project-app
spec:
template:
spec:
containers:
- env:
- name: XQL_ZERO_ARG
valueFrom:
secretKeyRef:
key: arg
name: project-xql-zero-xql-secret-6khmtc56hm
- name: XQL_ZERO_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: project-xql-zero-xql-secret-6khmtc56hm
- name: XQL_ONE_ARG
valueFrom:
secretKeyRef:
key: arg
name: project-xql-one-xql-secret-79mhmf5dgt
- name: XQL_ONE_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: project-xql-one-xql-secret-79mhmf5dgt
image: example.com/app:latest
imagePullPolicy: Always
name: app
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Comments: 20 (9 by maintainers)
@natasha41575 Just tried the new release. Pretty neat to see a significant amount YAML that you thought should have worked a few months suddenly start working. Thanks.
@michaelurban the feature is done and will be available in the next release
Ref: #3455
I am working on allowing references using intermediate names, in your case it would be as follows:
After that feature is complete, you should be able to get the output that you want