0

When using kustomize, I am trying to use job to perform some once-off job. But somehow, the kustomize just doesn't recognise hashed secret. The below is the relevant codes.

.
├── base
│   └── postgres.yaml
├── jobs
│   ├── postgres-cli.yaml
│   └── kustomization.yaml
└── overlays
    └── dev
        ├── kustomization.yaml
        └── postgres-secrects.properties

base/postgres.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: postgres
spec:
  replicas: 1
  selector:
    matchLabels:
      name: postgres
  template:
    metadata:
      labels:
        name: postgres
    spec:
      containers:
        - name: postgres
          image: postgres:14-alpine
          envFrom:
            - secretRef:
                name: postgres-secrets
# ...

overlays/dev/kustomization.yaml

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
  - ../../base/postgres.yaml

secretGenerator:
  - name: postgres-secrets
    envs:
      - postgres-secrets.properties

base/overlays/dev/postgres-secrects.properties

POSTGRES_USER=postgres
POSTGRES_PASSWORD=123

jobs/postgres-cli.yaml

apiVersion: batch/v1
kind: Job
metadata:
  name: postgres-cli
spec:
  template:
    metadata:
      name: postgres-cli
    spec:
      restartPolicy: Never
      containers:
        - image: my-own-image
          name: postgres-cli
          envFrom:
            - secretRef:
                name: postgres-secrets # errors here cannot cannot recognise
# ...

jobs/kustomization.yaml

apiVersion: kustomize.config.k8s.io/v1beta1

kind: Component

commonLabels:
  environment: local

resources:
  - ./postgres-cli.yaml

To start my stack, I run kubectl apply -k ./overlay/dev.

Then, when I try to run the postgres-cli, I try to run kubectl apply -k /jobs, it complains like below: secret "postgres-secrets" not found

Do we have a way to find the secret back when apply the job?

Ron
  • 6,037
  • 4
  • 33
  • 52

1 Answers1

0

.
├── base
│   └── postgres.yaml
├── jobs
│   ├── postgres-cli.yaml
│   └── kustomization.yaml
└── overlays
    └── dev
        ├── kustomization.yaml
        └── postgres-secrects.properties

Having this structure it means that the secret is in the overlay at dev level. You try to run the job from one level below and the sercret is not there. To run this you have two ways or by kubectl apply -k ./overlay/dev. or by moving the overlay into jobs and create only one kustomization.

Razvan I.
  • 239
  • 1
  • 5
  • If I put everything into one kustomization, those command will be run at beginning and also I cannot run it when I need to run. – Ron Jan 16 '23 at 08:37