Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nameref does not work with nested bases #662

Closed
sethpollack opened this issue Dec 28, 2018 · 19 comments
Closed

nameref does not work with nested bases #662

sethpollack opened this issue Dec 28, 2018 · 19 comments
Labels
lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed.

Comments

@sethpollack
Copy link
Contributor 

cat <<'EOF' > example/kustomization.yaml
bases:
- base

secretGenerator:
- commands:
    HELLO: printf 'world'
EOF

cat <<'EOF' > example/base/kustomization.yaml
bases:
- otherbase
EOF

cat <<'EOF' > example/base/otherbase/kustomization.yaml
resources:
- deployment.yaml
EOF

cat <<'EOF' > example/base/otherbase/deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: example
spec:
  template:
    spec:
      containers:
      - name: example
        image: example
        envFrom:
        - secretRef:
            name: example
EOF

The output looks like this

apiVersion: v1
data:
  HELLO: d29ybGQ=
kind: Secret
metadata:
  name: example-c89hbk9m56
type: Opaque
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: example
spec:
  template:
    spec:
      containers:
      - envFrom:
        - secretRef:
            name: example
        image: example
        name: example

It should look like this

apiVersion: v1
data:
  HELLO: d29ybGQ=
kind: Secret
metadata:
  name: example-c89hbk9m56
type: Opaque
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: example
spec:
  template:
    spec:
      containers:
      - envFrom:
        - secretRef:
            name: example-c89hbk9m56
        image: example
        name: example
@jcassee
Copy link
Contributor

jcassee commented Dec 30, 2018
edited
Loading

The reference to the secret appears in a base that does not define the secret. If you create the secret in example/base/otherbase/kustomization.yaml and merge it (search for "behavior: merge") in example/kustomization.yaml I believe your code will work.

@Liujingfang1
Copy link
Contributor

@sethpollack It should work. Can you try version 1.0.11?

@sethpollack
Copy link
Contributor Author

@Liujingfang1 Ok you are correct. The issue is not the nested bases, it breaks when you add a namePrefix.

cat <<'EOF' > kustomization.yaml
apiVersion: v1beta1
kind: Kustomization

bases:
- base

secretGenerator:
- commands:
    HELLO: printf 'world'
  name: example
EOF

cat <<'EOF' > base/kustomization.yaml
apiVersion: v1beta1
kind: Kustomization

namePrefix: foo-

resources:
- deployment.yaml
EOF

cat <<'EOF' > base/deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: example
spec:
  template:
    spec:
      containers:
      - name: example
        image: example
        envFrom:
        - secretRef:
            name: example
EOF

@bgauduch bgauduch mentioned this issue Jan 22, 2019
Closed
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Apr 28, 2019
@george-angel
Copy link
Contributor

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Apr 29, 2019
@valer-cara
Copy link

@sethpollack, @jcassee is right - adding a generator to the base, using the same name and merging from higher-level layers works, even if namePrefix is provided.

R=$(mktemp -d /tmp/kustomizetest.XXXXXXX)
mkdir -p $R/base/

cat <<HERE > $R/base/deploy.yaml
kind: Deployment
metadata:
  name: foobar
spec:
  template:
    spec:
      containers:
      - name: foobar
        image: busybox
        envFrom:
        - secretRef:
            name: xxx
        - configMapRef:
            name: yyy
HERE

cat <<HERE > $R/base/kustomization.yaml
resources:
- ./deploy.yaml
namePrefix: lalala-

secretGenerator:
- name: xxx
  literals:
  - password=123456
HERE

cat <<HERE > $R/kustomization.yaml
resources:
- ./base

secretGenerator:
- name: xxx
  behavior: merge
  literals:
  - password=12345699999

configmapGenerator:
- name: yyy
  literals:
  - password=123456
HERE

kustomize build $R

@jbrette
Copy link
Contributor

jbrette commented Jul 22, 2019

@sethpollack @Liujingfang1 PR 1378 is solving the issue

Reproduce the environment here

When issuing 3.0.3

$HOME/bin/kustomize.3.0.3 build .
apiVersion: v1
data:
  HELLO: d29ybGQ=
kind: Secret
metadata:
  name: example-5cm72hhtk8
type: Opaque
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: foo-example
spec:
  template:
    spec:
      containers:
      - envFrom:
        - secretRef:
            name: example
        image: example
        name: example

When using 3.0.3 + PR1378

$HOME/bin/kustomize.PR1378 build .
apiVersion: v1
data:
  HELLO: d29ybGQ=
kind: Secret
metadata:
  name: example-5cm72hhtk8
type: Opaque
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: foo-example
spec:
  template:
    spec:
      containers:
      - envFrom:
        - secretRef:
            name: example-5cm72hhtk8
        image: example
        name: example

@jbrette
Copy link
Contributor

jbrette commented Jul 22, 2019

@valer-cara I think that PR. If we use your example, without the PR the configMapRef is wrong and does not contain the hash. With the PR the configMapRef is correct.

$HOME/bin/kustomize.3.0.3 build .
apiVersion: v1
data:
  password: "123456"
kind: ConfigMap
metadata:
  name: yyy-bkfmbb8t66
---
apiVersion: v1
data:
  password: MTIzNDU2OTk5OTk=
kind: Secret
metadata:
  annotations: {}
  labels: {}
  name: lalala-xxx-ctd2ckb7h7
type: Opaque
---
kind: Deployment
metadata:
  name: lalala-foobar
spec:
  template:
    spec:
      containers:
      - envFrom:
        - secretRef:
            name: lalala-xxx-ctd2ckb7h7
        - configMapRef:
            name: yyy
        image: busybox
        name: foobar
$HOME/bin/kustomize.PR1378 build .
apiVersion: v1
data:
  password: "123456"
kind: ConfigMap
metadata:
  name: yyy-bkfmbb8t66
---
apiVersion: v1
data:
  password: MTIzNDU2OTk5OTk=
kind: Secret
metadata:
  annotations: {}
  labels: {}
  name: lalala-xxx-ctd2ckb7h7
type: Opaque
---
kind: Deployment
metadata:
  name: lalala-foobar
spec:
  template:
    spec:
      containers:
      - envFrom:
        - secretRef:
            name: lalala-xxx-ctd2ckb7h7
        - configMapRef:
            name: yyy-bkfmbb8t66
        image: busybox
        name: foobar

@jbrette jbrette mentioned this issue Jul 22, 2019
Merged
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Oct 20, 2019
@george-angel
Copy link
Contributor

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Oct 20, 2019
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jan 18, 2020
@george-angel
Copy link
Contributor

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jan 19, 2020
@imranismail
Copy link

Got bitten by this, anyone got a workaround?

@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Apr 21, 2020
@george-angel
Copy link
Contributor

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Apr 22, 2020
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jul 21, 2020
@fejta-bot
Copy link

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Aug 20, 2020
@fejta-bot
Copy link

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

@k8s-ci-robot
Copy link
Contributor

@fejta-bot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@jcassee @george-angel @valer-cara @sethpollack @imranismail @Liujingfang1 @k8s-ci-robot @fejta-bot @jbrette