search

kubernetes-sigs / kustomize

Customization of kubernetes YAML configurations
Apache License 2.0
10.94k stars 2.24k forks source link

NamePrefix problem with CRD not using patchStrategicMerge #2673

Closed mleneveut closed 3 years ago

mleneveut commented 4 years ago

Hello,

We have a need for a Traefik ingressRoute in specific overlays and not all of them. In the develop overlay we want it, but not in the production overlay (the resource is not publicly exposed)

If we set the ingress.yaml in the "template", the namePrefix works but we don't have the feature to delete the ingress.yaml resource in the production overlay (we tested $patch: delete but it doesn't work for a whole file).

So we removed the ingress.yaml from the "template" and set it only in the needed overlays. But switching from "patchStrategicMerge" to "resources" broke the namePrefix transformation for the metadata/name in the Traefik ingress.

Working configuration with setting an ingressRoute in ALL overlays :

./base/template/kustomization.yaml : 

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
- service.yaml
- ingress.yaml

configurations:
- crd.yaml

./base/template/service.yaml

kind: Service
apiVersion: v1
metadata:
  name: service
spec:
  selector:
    application: app-name
  ports:
  - protocol: TCP
    port: 80
    targetPort: http

./base/template/ingress.yaml

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: ingress

./base/template/crd.yaml

nameReference:
- kind: Service
  fieldSpecs:
  - path: spec/routes/services/name
    kind: IngressRoute

./base/kustomization.yaml : 

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
  - template

namePrefix: prefix-

./overlays/develop/kustomization.yaml

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

bases:
- ../../base

patchesStrategicMerge:
- ingress.yaml

./overlays/develop/ingress.yaml

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: ingress
spec:
  entryPoints:
    - websecure
  routes:
  - match: Host(`myurl.comp.org`)
    kind: Rule
    services:
    - name: service
      port: 80
  tls:
    secretName: tls-secret

cd overlays/develop && kustomise build .

apiVersion: v1
kind: Service
metadata:
  name: prefix-service
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: http
  selector:
    application: app-name
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: prefix-ingress
spec:
  entryPoints:
  - websecure
  routes:
  - kind: Rule
    match: Host(`myurl.comp.org`)
    services:
    - name: prefix-service
      port: 80
  tls:
    secretName: tls-secret

=> The metadate/name and spec/routes/services/name are well transformed with the prefix.

NOT working configuration with ingressRoute in only some overlays :

(showing only the changes)

./overlays/develop/kustomization.yaml

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

bases:
- ../../base

resources:
- ingress.yaml

./base/template/kustomization.yaml : 

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
- service.yaml

configurations:
- crd.yaml

cd overlays/develop && kustomise build .

apiVersion: v1
kind: Service
metadata:
  name: prefix-service
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: http
  selector:
    application: app-name
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: ingress
spec:
  entryPoints:
  - websecure
  routes:
  - kind: Rule
    match: Host(`myurl.comp.org`)
    services:
    - name: prefix-service
      port: 80
  tls:
    secretName: tls-secret

=> The metadate/name for the Service and the spec/routes/services/name for the ingressRoute are well transformed with the prefix, but the not metadata/name for the ingressRoute.

I tried to add this in the template/crd.yaml but without success : 

nameReference:
- kind: Service
  fieldSpecs:
  - path: spec/routes/services/name
    kind: IngressRoute
  - path: metadata/name
    kind: IngressRoute

Do I need to add a crd.json in the template/kutomization.yaml containing the JSON definition of the Treafik ingressRoute CRD ?

mleneveut commented 4 years ago

I tested with kustomize 3.1.0 and 3.6.1. We are using Traefik 2.2 on Kubernetes 1.16.7

fejta-bot commented 4 years ago

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta. /lifecycle stale

fejta-bot commented 3 years ago

Stale issues rot after 30d of inactivity. Mark the issue as fresh with /remove-lifecycle rotten. Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta. /lifecycle rotten

Shell32-Natsu commented 3 years ago

You should put namePrefix: prefix- into the overlay. Transformers in base will only be applied to resources in base.