1

Is it possible to have a common config file (e.g. ConfigMap) which is shared across multiple environments and applications? I know it's simple to do it across with multiple environment overlays but how about a level above it for apps? If I have the following structure:

Base
    App1
        Configmaps
        Kustomization.yaml
    Global
        Configmaps
Overlays
    Env1
        App1
            Configmaps
            Deployments
            Kustomization.yaml
        App2
            Configmaps
            Deployments
            Kustomization.yaml
    Env2.. (same as above)
        App1..
        App2..

Is it possible to some how a static set of common config values which is references across all applications? In the above structure I can only refer to resources within the same folder or below, if I try and refer to resource in a parent folder outside of the App level then you normally get an error such as " Error: AccumulateTarget: rawResources failed to read Resources: Load from path ../../configmaps/base-config.yaml failed: security; file '../../configmaps/base-config.yaml' is not in or below 'C:\Code\BUILD-ARTEFACTS\deployment-manifests\base\apps\app-ui' "

Is there anyway to share common configs at parent folder level not in the child folders? otherwise I end up repeating some of the settings across multiple apps which is not ideal.

Rubans
  • 4,188
  • 6
  • 40
  • 58

1 Answers1

3

You are seeing this error because it is there to protect users from phishing attack. Check out this kustomize issue.

From kustomize faq: security: file ‘foo’ is not in or below ‘bar:

v2.0 added a security check that prevents kustomizations from reading files outside their own directory root.

This was meant to help protect the person inclined to download kustomization directories from the web and use them without inspection to control their production cluster (see #693, #700, #995 and #998).

Resources (including configmap and secret generators) can still be shared via the recommended best practice of placing them in a directory with their own kustomization file, and referring to this directory as a base from any kustomization that wants to use it. This encourages modularity and relocatability.

To disable this, use v3, and the load_restrictor flag:

kustomize build --load_restrictor none $target
Matt
  • 7,419
  • 1
  • 11
  • 22
  • 1
    yes, this was exactly what I wanted as I can then share common global configs across apps. Thanks – Rubans Dec 14 '20 at 11:21
  • @Rubans i have similar requirements just curious how you are accessing the base from overlays for specific apps, for example in overlay of app1 how do you know the base has to go certain level up and which folder to go, is App1 hardcoded? – cheddarDev Jan 22 '21 at 04:05
  • @cheddarDev App1 references the base and when I run the command to build, I'm targeting at the the overlay for App1 kustomization.yaml. Each App's Kustomization will references the base kustomization.yaml – Rubans Jan 24 '21 at 21:35
  • 1
    @Rubans got it, i was able to get it running. Thanks a lot! – cheddarDev Jan 27 '21 at 00:14