7

In my kustomization.yaml I have:

...
secretGenerator:
  - name: db-env
    behavior: create
    envs:
      - my.env
patchesStrategicMerge:
  - app.yaml

And then in my app.yaml (the patch) I have:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: app-deployment
spec:
  template:
    spec:
      containers:
        - name: server
          envFrom:
            - secretRef:
                name: db-env

When I try build this via kustomize build k8s/development I get back out:

apiVersion: apps/v1
kind: Deployment
...
    spec:
      containers:
      - envFrom:
        - secretRef:
            name: db-env
        name: server

When it should be:

      - envFrom:
        - secretRef:
            name: db-env-4g95hhmhfc

How do I get the secretGenerator name hashing to apply to patchesStrategicMerge too?

Or alternatively, what's the proper way to inject some environment vars into a deployment for a specific overlay?

This for development.

My file structure is like:

❯ tree k8s
k8s
├── base
│   ├── app.yaml
│   └── kustomization.yaml
├── development
│   ├── app.yaml
│   ├── golinks.sql
│   ├── kustomization.yaml
│   ├── mariadb.yaml
│   ├── my.cnf
│   └── my.env
└── production
    ├── ingress.yaml
    └── kustomization.yaml

Where base/kustomization.yaml is:

namespace: go-mpen
resources:
- app.yaml
images:
- name: server
  newName: reg/proj/server

and development/kustomization.yaml is:

resources:
  - ../base
  - mariadb.yaml
configMapGenerator:
  - name: mariadb-config
    files:
      - my.cnf
  - name: initdb-config
    files:
      - golinks.sql  # TODO: can we mount this w/out a config file?
secretGenerator:
  - name: db-env
    behavior: create
    envs:
      - my.env
patchesStrategicMerge:
  - app.yaml
mpen
  • 272,448
  • 266
  • 850
  • 1,236
  • Found a github issue about this: https://github.com/kubernetes-sigs/kustomize/issues/1553 – mpen Sep 26 '20 at 02:15

1 Answers1

3

This works fine for me with kustomize v3.8.4. Can you please check your version and if disableNameSuffixHash is not perhaps set to you true.

Here are the manifests used by me to test this:

➜  app.yaml  deployment.yaml  kustomization.yaml   my.env

app.yaml

kind: Deployment
metadata:
  name: app-deployment
spec:
  template:
    spec:
      containers:
        - name: server
          envFrom:
            - secretRef:
                name: db-env

deplyoment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: app-deployment 
  labels:
    app: nginx
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.14.2
        ports:
        - containerPort: 80

and my kustomization.yaml

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

secretGenerator:
  - name: db-env
    behavior: create
    envs:
      - my.env
patchesStrategicMerge:
  - app.yaml

resources: 
  - deployment.yaml

And here is the result:

apiVersion: v1
data:
  ASD: MTIz
kind: Secret
metadata:
  name: db-env-f5tt4gtd7d
type: Opaque
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx
  name: app-deployment
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - image: nginx:1.14.2
        name: nginx
        ports:
        - containerPort: 80
      - envFrom:
        - secretRef:
            name: db-env-f5tt4gtd7d
        name: server
acid_fuji
  • 6,287
  • 7
  • 22
  • I have kustomize `v3.8.1`... just tried upgrading, no dice. I think the difference between yours and mine is that I have two `kustomization.yaml`s... one for the base and one for the overlay. I've noticed other things don't seem to apply recursively either, even though I think they should. – mpen Sep 26 '20 at 02:02
  • Why is it necessary to have to apply a patch to get this to work?? Having the envFrom directly in deployment.yaml should have worked, but it doesn't. – stackoverflowed Feb 09 '23 at 12:22