Rendering this shows that Vals tries to expand the secret ref, but fails opening the file:
$ nix run .#kubenix.x86_64-linux render
expand sops://secrets.yaml#/freshrss/password: Failed to read "secrets.yaml": open secrets.yaml: no such file or directory
However, when I then try to apply the Kubenix configuration, I expect it to fail as well which it does not:
$ nix run .#kubenix.x86_64-linux
expand sops://secrets.yaml#/freshrss/password: Failed to read "secrets.yaml": open secrets.yaml: no such file or directory
W0414 14:30:40.686142 2206795 prune.go:71] Deprecated: kubectl apply will no longer prune non-namespaced resources by default when used with the --namespace flag in a future release. To preserve the current behaviour, list the resources you want to target explicitly in the --prune-allowlist flag.
diff -N -u -I ' kubenix/hash: ' -I ' generation: ' /run/user/1000/LIVE-1858589435/v1.PersistentVolume..bazarr-config /run/user/1000/MERGED-859534972/v1.PersistentVolume..bazarr-config
--- /run/user/1000/LIVE-1858589435/v1.PersistentVolume..bazarr-config 2024-04-14 14:30:40.710017293 +0200
+++ /run/user/1000/MERGED-859534972/v1.PersistentVolume..bazarr-config 1970-01-01 01:00:00.000000000 +0100
@@ -1,90 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
- annotations:
- kubectl.kubernetes.io/last-applied-configuration: |
...
It reports the error, but continues anyway. The "result" of Vals is an empty manifest, which then causes kubectl apply to prune all of my existing resources.
If Vals reports an error when replacing secrets refs, the
kubectl apply
should not be executed.Here is an example. I have a Kubernetes secret with a Vals ref that is broken (the file does not exist).
Rendering this shows that Vals tries to expand the secret ref, but fails opening the file:
However, when I then try to apply the Kubenix configuration, I expect it to fail as well which it does not:
It reports the error, but continues anyway. The "result" of Vals is an empty manifest, which then causes
kubectl apply
to prune all of my existing resources.