Patches in `kustomization` are not applied

[Omar-Alkesh]

Describe the bug a clear and concise description of what the bug is.

When adding patches to the patches object, both under kustomization and kustomizationlist variables, they are not applied to the target resources.

What's your helm version?

version.BuildInfo{Version:"v3.12.3", GitCommit:"3a31588ad33fe3b89af5a2a54ee1d25bfe6eaa5e", GitTreeState:"clean", GoVersion:"go1.20.7"}

What's your kubectl version?

Client Version: v1.28.2 Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3 Server Version: v1.27.6-eks-f8587cb

What's the chart version?

1.7.0

What happened?

No patches were applied to the target resources.

What you expected to happen?

Patches specified in the kustomization resource to be applied to the target resources.

How to reproduce it?

Use terraform to apply the helm chart.

Enter the changed values of values.yaml?

        gitRepository:
          spec:
            url: ssh://git@github.com/<OWNER>/<REPO>
            interval: 5m
            recurseSubmodules: true
            ref:
              branch: master
            secretRef:
              name: flux2-github-ssh-config
        kustomization:
          spec:
            prune: true # setting to default value of true to work around flux-kustomization.yaml template bug
            force: true
            interval: 5m
            path: ./path/to/resources
            patches:
              - target:
                  kind: ServiceAccount
                  name: source-controller
                patch: |-
                  apiVersion: v1
                  kind: ServiceAccount
                  metadata:
                    name: source-controller
                    namespace: flux-system
                    annotations:
                      eks.amazonaws.com/role-arn: arn:aws:iam::...
              - target:
                  kind: ServiceAccount
                  name: kustomize-controller
                patch: |-
                  apiVersion: v1
                  kind: ServiceAccount
                  metadata:
                    name: kustomize-controller
                    namespace: flux-system
                    annotations:
                      eks.amazonaws.com/role-arn: arn:aws:iam::...
              - target:
                  kind: Deployment
                  name: kustomize-controller
                patch: |-
                  apiVersion: apps/v1
                  kind: Deployment
                  metadata:
                    name: kustomize-controller
                    namespace: flux-system
                  spec:
                    template:
                      spec:
                        priorityClassName: flux-priorit
              - target:
                  kind: Kustomization
                  name: flux2-sync
                patch: |-
                  apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
                  kind: Kustomization
                  metadata:
                    name: flux2-sync
                    namespace: flux-system
                  spec:
                    decryption:
                      provider: sops

Enter the command that you execute and failing/misfunctioning.

Using terraform to apply the helm chart.

Anything else we need to know?

The patches are still in the resource once deployed to eks, but they are not present in a different cluster that was deployed using flux_bootstrap_git resource.

[Omar-Alkesh]

More context. I checked the flux logs and this is what I got:

kustomize build failed: no matches for Id kustomizations.kustomize.toolkit.fluxcd.io.[noVer].[noGrp]/flux2-sync-usm1-trunk.[noNs]; failed to find unique target for patch kustomizations.kustomize.toolkit.fluxcd.io.[noVer].[noGrp]/flux2-sync-usm1-trunk.[noNs]

And it doesn't give the same warning for other resources, but it doesn't apply it either.

Other resources are failing due to the same error.

[Omar-Alkesh]

Other information after some more troubleshooting.

1. Kustomization does not warn if no resources were found when using the target object
2. It can update the metadata of Deployment, but does not update anything under spec.
3. Fails to update anything for ServiceAccount or Kustomization.
4. Did not test with other resource types.

Some more logs when it fails to find the resource:

2023-10-19T17:46:36.033Z error Kustomization/flux2-sync-usm1-trunk.flux-system - Reconciliation failed after 568.040174ms, next try in 5m0s kustomize build failed: no matches for Id Kustomization.v1.kustomize/flux2-sync-usm1-trunk.flux-system; failed to find unique target for patch Kustomization.v1.kustomize/flux2-sync-usm1-trunk.flux-system
2023-10-19T17:48:29.254Z error Kustomization/flux2-sync-usm1-trunk.flux-system - Reconciliation failed after 798.540012ms, next try in 5m0s kustomize build failed: no matches for Id Kustomization.v1.kustomize.toolkit.fluxcd.io/flux2-sync-usm1-trunk.flux-system; failed to find unique target for patch Kustomization.v1.kustomize.toolkit.fluxcd.io/flux2-sync-usm1-trunk.flux-system
2023-10-19T17:50:43.645Z error Kustomization/flux2-sync-usm1-trunk.flux-system - Reconciliation failed after 509.531391ms, next try in 5m0s kustomize build failed: no matches for Id Kustomization.v1.kustomize.toolkit.fluxcd.io/flux2-sync-usm1-trunk.flux-system; failed to find unique target for patch Kustomization.v1.kustomize.toolkit.fluxcd.io/flux2-sync-usm1-trunk.flux-system
2023-10-19T17:52:07.705Z error Kustomization/flux2-sync-usm1-trunk.flux-system - Reconciliation failed after 607.923608ms, next try in 5m0s kustomize build failed: no matches for Id Kustomization.v1.kustomize.toolkit.fluxcd.io/flux2-sync-usm1-trunk.flux-system; failed to find unique target for patch Kustomization.v1.kustomize.toolkit.fluxcd.io/flux2-sync-usm1-trunk.flux-system
2023-10-19T17:53:47.661Z info Kustomization/flux2-sync-usm1-trunk.flux-system - server-side apply for cluster definitions completed

[stefanprodan]

You can't patch things that are in the Flux Kustomization source. You can do all these changes when installing the chart2 chart.