Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

I cannot generate customized YAML from base kustomization.yml #251

Open
JaKourdi opened this issue May 18, 2022 · 2 comments · May be fixed by #448
Open

I cannot generate customized YAML from base kustomization.yml #251

JaKourdi opened this issue May 18, 2022 · 2 comments · May be fixed by #448

Comments

@JaKourdi
Copy link

JaKourdi commented May 18, 2022

Issue:

  • I cannot generate customized YAML with base kustomization.yml
    Path: wazuh/kustomization.yml

Pain:
This removes the ability to build a remote base versioned with Git and handle our own overlays from a different repository.

Root cause:
Missing PEM files.

%  kustomize build https://github.com/wazuh/wazuh-kubernetes//wazuh        
Error: loading KV pairs: file sources: [certs/odfe_cluster/root-ca.pem certs/odfe_cluster/node.pem certs/odfe_cluster/node-key.pem certs/odfe_cluster/kibana.pem certs/odfe_cluster/kibana-key.pem certs/odfe_cluster/admin.pem certs/odfe_cluster/admin-key.pem certs/odfe_cluster/filebeat.pem certs/odfe_cluster/filebeat-key.pem]: evalsymlink failure on '/private/var/folders/82/18zvpyl91ll_b00nx726s3880000gq/T/kustomize-282124740/wazuh/certs/odfe_cluster/root-ca.pem' : lstat /private/var/folders/82/18zvpyl91ll_b00nx726s3880000gq/T/kustomize-282124740/wazuh/certs/odfe_cluster/root-ca.pem: no such file or directory

same result for
kubectl kustomize https://github.com/wazuh/wazuh-kubernetes//wazuh

Same for master, 4.3, 4.3.1 branches

@gysel gysel linked a pull request Aug 31, 2023 that will close this issue
@dlouzan
Copy link

dlouzan commented Oct 27, 2023

Agreed, this prevents from having a proper kustomize overlay on top of the upstream project. The only workable approach I have found is to add this upstream as a submodule in our git repo, and then create dummy files as part of the build pipeline inside of the upstream checkout, as #448 is doing. Otherwise, the kustomize overlay refuses to load, as it will try to find those files in the upstream definition base. It works, but kludge 😅

Then our overlays can do something like:

secretGenerator:
  - name: indexer-certs
    behavior: replace  # upstream expects exactly these secrets and file names
    files:
      - certs/indexer_cluster/root-ca.pem
      - certs/indexer_cluster/node.pem
      - certs/indexer_cluster/node-key.pem
      - certs/indexer_cluster/dashboard.pem
      - certs/indexer_cluster/dashboard-key.pem
      - certs/indexer_cluster/admin.pem
      - certs/indexer_cluster/admin-key.pem
      - certs/indexer_cluster/filebeat.pem
      - certs/indexer_cluster/filebeat-key.pem
  - name: dashboard-certs
    behavior: replace  # upstream expects exactly these secrets and file names
    files:
      - certs/dashboard_http/cert.pem
      - certs/dashboard_http/key.pem
      - certs/indexer_cluster/root-ca.pem

And inject the secrets as part of the deploy pipeline.

@gecube
Copy link

gecube commented Feb 1, 2024

Hi! What do you think about #576 ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants