fluxcd/flux

Can Kustomize use env substitution for a non kubernetes kind?

rodrigoscferraz opened this issue ยท 4 comments

Describe the bug

I guess this is not an issue but i don't know where i can put my doubts.
I have an env file with some key value pairs and i want to use one of this values inside a file that is a yaml file but not a Kubernetes kind...something like this:
objstore.yaml

type: s3
config:
  bucket: ${THANOS_OBJSTORE_BUCKET}
  endpoint: s3.us-west-2.amazonaws.com

Is it possible?

My kustomize file looks like this:

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: monitoring
secretGenerator:
  - name: thanos-objstore-config
    files:
      - objstore.yml
generatorOptions:
  disableNameSuffixHash: true

configMapGenerator:
  - name: kustomize-env
    namespace: flux-system
    envs:
      - env

Basically i'm passing the file to secretGenerator but each environment (prod, staging,etc) have a different bucket name, so i need to set this dynamically. So i used an env file, and works fine for Kubernetes Kinds but when i tried to do the same for the file above the secret generated had exactly the value ${THANOS_OBJSTORE_BUCKET} instead of the value in env file.

Steps to reproduce

Use secretGenerator with a non kubernetes kind

Expected behavior

I want to use env on non kubernetes kinds.

Kubernetes version / Distro / Cloud provider

1.22

Flux version

1.23

Git provider

No response

Container Registry provider

No response

Additional context

No response

Maintenance Acknowledgement

  • I am aware of Flux v1's maintenance status

Code of Conduct

  • I agree to follow this project's Code of Conduct

I do not think this is possible in Kustomize. (If it was possible or not, I believe the limitation would be on Kustomize's side.)

This is a really great question and I wanted to let you know how I feel about that, even if I don't have anything helpful to say here. There are some surprising things about features like substitution and kyaml setters that go along with image updating.

We should have better documentation around those issues, as it will help to consider where they may be caused by artificial limitations that were not imposed in an intentional way. However this (the Flux v1 repo) is unlikely to be the best place to have that whole conversation. Please check out the Flux v2 discussions:

https://github.com/fluxcd/flux2/discussions

This is the place where we recommend feature requests, general feedback, Q&A, and "how does it work" type topics to go, since it is searchable and persistent in a way that GitHub Issues cannot match. I do not know why you cannot envsubst inside of a patch file, or whether this is a universal limitation that might have some workaround... and I definitely do not know enough to say if it's a good reason or not. But these are all interesting questions!

@kingdonb oh gosh i didn't noticed that i'm on flux v1 repo hahaha but thx for feedback

Just to close this question i was able to do this using a Secret instead of the secret generator passing the values as a string with ugly "\n" to indent the content as i need.