Reference autogenerated secret with name prefix

Question

I'm using kustomize to manage a rather standard deployment. I have a namePrefix to modify the resource names.

I need to add a custom resource to my configuration which itself autogenerates a secret after creation. The secret name consists of a fixed prefix and the name of the custom resource. I want to reference this secret in my deployment.

# kustomization.yaml
resources:
  - deployment.yaml
  - custom-resource.yaml

namePrefix: my-prefix-

secretGenerator:
- name: my-secret
  files:
    - password.txt

# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-deployment
  labels:
    app: my-app
spec:
  replicas: 3
  selector:
    matchLabels:
      app: my-app
  template:
    metadata:
      labels:
        app: my-app
    spec:
      containers:
      - name: my-image
        image: my-image:latest
        envFrom:
          - secretRef:
            name: my-secret
          - secretRef:
            name: prefix-my-custom-resource  <-- does not work

# custom-resource.yaml
apiVersion: some.crd.io/v1
kind: CustomResource
metadata:
  name: my-custom-resource

The custom resource will autogenerate: (not result of kubectl kustomize .)

apiVersion: v1
kind: Secret
metadata:
  name: prefix-my-custom-resource

Due to the use of the PrefixTransformer, the name of the custom resource is changed to my-prefix-my-custom-resource. Therefore, the secretRef in the deployment yaml needs to be updated to prefix-my-prefix-my-custom-resource. I tried to solve this with a nameReference configuration, but I don't think the fieldSpec allows for a substring. Is there any solution to this?

score 1 · Accepted Answer · answered May 10 '23 at 14:23

With the help of a colleague, we were able to solve this with vars:

# kustomization.yaml
resources:
  - deployment.yaml
  - custom-resource.yaml

namePrefix: my-prefix-

secretGenerator:
- name: my-secret
  files:
    - password.txt

configurations:
  - configurations/var-reference.yaml

vars:
  - name: MY-VARIABLE
    objref:
      kind: CustomResource
      name: my-custom-resource
      apiVersion: some.crd.io/v1
    fieldref:
      fieldpath: metadata.name

# configurations/var-reference.yaml
varReference:
  - kind: Deployment
    path: spec/template/spec/containers/envFrom/secretRef/name

# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-deployment
  labels:
    app: my-app
spec:
  replicas: 3
  selector:
    matchLabels:
      app: my-app
  template:
    metadata:
      labels:
        app: my-app
    spec:
      containers:
      - name: my-image
        image: my-image:latest
        envFrom:
          - secretRef:
            name: my-secret
          - secretRef:
            name: prefix-$(MY-VARIABLE)

I'm aware that vars are deprecated and might try to find a solution with replacements, but for now I'm good with this solution.

Reference autogenerated secret with name prefix

1 Answers1