User report: Replace: id matched 2 resources
allenporter opened this issue · 3 comments
From discord:
In case anyone runs into a similar issue, I recently updated my github flux diff workflow to the latest version of flux-local. After the update it started to fail with this error ✗ in Replace: id matched 2 resources. It did not like the substitution in my certificate config with 2 domains.
After I changed the SECRET_DOMAIN2 to SECRET_DOMAIN_TWO, flux-local passed all tests.
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: "${SECRET_DOMAIN/./-}-staging"
spec:
secretName: "${SECRET_DOMAIN/./-}-staging-tls"
issuerRef:
name: letsencrypt-staging
kind: ClusterIssuer
commonName: "${SECRET_DOMAIN}"
dnsNames:
- "${SECRET_DOMAIN}"
- "*.${SECRET_DOMAIN}"
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: "${SECRET_DOMAIN2/./-}-staging"
spec:
secretName: "${SECRET_DOMAIN2/./-}-staging-tls"
issuerRef:
name: letsencrypt-staging
kind: ClusterIssuer
commonName: "${SECRET_DOMAIN2}"
dnsNames:
- "${SECRET_DOMAIN2}"
- "*.${SECRET_DOMAIN2}
Example repo:
https://github.com/clarknova99/home-cluster/blob/main/kubernetes/apps/cert-manager/certificates/app/production.yaml
Example failed run:
https://github.com/clarknova99/home-cluster/actions/runs/9410448182/job/25922128913
Context about affected versions:
flux looked to work fine with that substitution. flux-local did too in the older version. i think i was on 4.2 before updating to 5.3.1
I got the same error with 5.3.1 but dont have any numbers in the domain name.
I believe the issue happens because in the first pass of traversing kustomizations post build expansion is not happening, then it builds the objects without passing in any variables and they get expanded to the same object name (-staging). Looking into solutions.
A workaround is to specify a default value that is different for each object.