Spike: add support for targeting specific flux helmreleases / kustomization

Question

Spike: add support for targeting specific flux helmreleases / kustomization

ahsayde opened this issue 2 years ago · 2 comments

we want to add support for targeting specific flux helm releases and kustomization, so the agent only validates applications which the policy targets

Answer 1 · 2022-09-06T14:31:26.000Z

currently the agent supports targeting resources by its namespace and labels
and according to this docs:

flux adds labels helm.toolkit.fluxcd.io/name and helm.toolkit.fluxcd.io/namespace to track the origin of resources that are created by a helm releases
flux adds labels kustomize.toolkit.fluxcd.io/name and kustomize.toolkit.fluxcd.io/namespace to track the resources created by kustomization

@stefanprodan can you please confirm that those labels are still added by flux and we can depend on them

cc: @serboctor @MostafaMegahid

Answer 2 · 2022-09-06T14:37:35.000Z

Yes these labels are part of the Flux "contract" and they will not change in the future. Note that there is a bug in helm-controller where the labels are not applied to CRDs, but @hiddeco will fix this before GA.