Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

env.valueFrom.secretKeyRef.name not changed in overlay when using namePrefix #1563

Closed
huguesalary opened this issue Sep 25, 2019 · 3 comments
Closed

env.valueFrom.secretKeyRef.name not changed in overlay when using namePrefix #1563

huguesalary opened this issue Sep 25, 2019 · 3 comments

Comments

@huguesalary
Copy link

huguesalary commented Sep 25, 2019
edited
Loading

The issue

Hi,

Given the following structure:

.
├── base
│   ├── deployment.yaml
│   └── kustomization.yaml
└── staging
    ├── base
    │   ├── another_deployment_added_by_staging_base.yaml
    │   └── kustomization.yaml
    └── overlay
        └── kustomization.yaml    <-------------- kustomize build

When running kustomize build in the overlay directory, the env.valueFrom.secretKeyRef.name of the Deployment another_deployment_added_by_staging_base is not properly updated to the name automatically generated by kustomize for this secret.

I was able to identify the issue is caused by my use of namePrefix in both staging/base and staging/overlay. That is, I use namePrefix: staging and namePrefix: overlay respectively in staging/base/kustomization.yaml and staging/overlay/kustomization.yaml

When removing the namePrefix: from staging/base/kustomization.yaml, the issue disappears.

Output of the issue

$ cd staging/overlay
$ kustomize build


apiVersion: v1
data:
  key: dmFsdWU=
kind: Secret
metadata:
  name: overlay-staging-mysecret-7m4thk7c67
type: Opaque


---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: overlay-staging-another_deployment_added_by_staging_base
spec:
  template:
    spec:
      containers:
      - env:
        - name: MY_SECRET_KEY
          valueFrom:
            secretKeyRef:
              key: key
              name: mysecret <----------------- mysecret is not properly changed to `overlay-staging-mysecret-7m4thk7c67`
        image: another-test
        name: another-test


---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: overlay-staging-deployment
spec:
  template:
    spec:
      containers:
      - env:
        - name: MY_SECRET_KEY
          valueFrom:
            secretKeyRef:
              key: key
              name: overlay-staging-mysecret-7m4thk7c67
        image: test
        name: test

Reproducing

You can reproduce the issue by cloning the following repository: https://github.com/huguesalary/kustomize-issue-1563

Otherwise, here are the files to reproduce the issue.

base/deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: deployment
spec:
  template:
    spec:
      containers:
        - name: test
          image: test
          env:
            - name: MY_SECRET_KEY
              valueFrom:
                secretKeyRef:
                  name: mysecret
                  key: key

base/kustomization.yaml

resources:
  - deployment.yaml

secretGenerator:
  - name: mysecret
    literals:
      - key=valueapiVersion: apps/v1

staging/base/another_deployment_added_by_staging_base.yaml

kind: Deployment
metadata:
  name: another_deployment_added_by_staging_base
spec:
  template:
    spec:
      containers:
        - name: another-test
          image: another-test
          env:
            - name: MY_SECRET_KEY
              valueFrom:
                secretKeyRef:
                  name: mysecret
                  key: key

staging/base/kustomization.yaml

resources:
  - ../../base
  - another_deployment_added_by_staging_base.yaml

namePrefix: staging-

staging/overlay/kustomization.yaml

resources:
  - ../base

namePrefix: overlay-
@jbrette
Copy link
Contributor

jbrette commented Sep 25, 2019
edited
Loading

This is a dup and has been fixed with kustomize 3.2.0

$HOME/go/bin/kustomize.3.2.0 build staging/overlay/
apiVersion: v1
data:
  key: dmFsdWU=
kind: Secret
metadata:
  name: overlay-staging-mysecret-7m4thk7c67
type: Opaque
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: overlay-staging-another-deployment
spec:
  template:
    spec:
      containers:
      - env:
        - name: MY_SECRET_KEY
          valueFrom:
            secretKeyRef:
              key: key
              name: overlay-staging-mysecret-7m4thk7c67
        image: another-test
        name: another-test
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: overlay-staging-deployment
spec:
  template:
    spec:
      containers:
      - env:
        - name: MY_SECRET_KEY
          valueFrom:
            secretKeyRef:
              key: key
              name: overlay-staging-mysecret-7m4thk7c67
        image: test
        name: test
$HOME/go/bin/kustomize.3.1.0 build staging/overlay/
apiVersion: v1
data:
  key: dmFsdWU=
kind: Secret
metadata:
  name: overlay-staging-mysecret-7m4thk7c67
type: Opaque
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: overlay-staging-another-deployment
spec:
  template:
    spec:
      containers:
      - env:
        - name: MY_SECRET_KEY
          valueFrom:
            secretKeyRef:
              key: key
              name: mysecret
        image: another-test
        name: another-test
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: overlay-staging-deployment
spec:
  template:
    spec:
      containers:
      - env:
        - name: MY_SECRET_KEY
          valueFrom:
            secretKeyRef:
              key: key
              name: overlay-staging-mysecret-7m4thk7c67
        image: test
        name: test

@huguesalary
Copy link
Author

Indeed, 3.2.0 fixes it, thanks

@CameronHudson8
Copy link

CameronHudson8 commented Jan 24, 2024
edited
Loading

I'm using kubectl with kustomize version v4.5.7 and seeing this issue. The namePrefix is applied to other secrets that use secretRef, but not with valueFrom.secretKeyRef.

kustomize output:

Camerons-MBP9FDD:kustomize-example cameronhudson$ kubectl kustomize ./my-microservice/regions/ap-northeast-1/
apiVersion: v1
data:
  jwt-signing-key.pem: bXktc2lnbmluZy1rZXkK
kind: Secret
metadata:
  name: qa-apne1-jwt-signing-key
type: Opaque
---
apiVersion: v1
data:
  SUPER_SECRET: c2VjcmV0X3ZhbHVl
kind: Secret
metadata:
  name: qa-apne1-other-secret
type: Opaque
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: qa-apne1-my-microservice
spec:
  selector:
    matchLabels:
      app: my-microservice
  template:
    metadata:
      labels:
        app: my-microservice
    spec:
      containers:
      - envFrom:
        - name: JWT_SIGNING_KEY
          valueFrom:
            secretKeyRef:
              key: jwt-signing-key.pem
              name: jwt-signing-key            // No prefix
        - secretRef:
            name: qa-apne1-other-secret
        image: my-image
        name: my-microservice

kubectl and kustomize versions

Camerons-MBP9FDD:my-dir cameronhudson$ kubectl version
WARNING: This version information is deprecated and will be replaced with the output from kubectl version --short.  Use --output=yaml|json to get the full version.
Client Version: version.Info{Major:"1", Minor:"25", GitVersion:"v1.25.0", GitCommit:"a866cbe2e5bbaa01cfd5e969aa3e033f3282a8a2", GitTreeState:"clean", BuildDate:"2022-08-23T17:44:59Z", GoVersion:"go1.19", Compiler:"gc", Platform:"darwin/amd64"}
Kustomize Version: v4.5.7
Server Version: version.Info{Major:"1", Minor:"25+", GitVersion:"v1.25.16-eks-5e0fdde", GitCommit:"dbe0c94703b5c31afe4e7a4ad467fb3a044c532b", GitTreeState:"clean", BuildDate:"2024-01-02T20:35:57Z", GoVersion:"go1.20.10", Compiler:"gc", Platform:"linux/amd64"}

Update: This bug is being tracked at #5047

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@huguesalary @CameronHudson8 @jbrette