fluxcd
/
kustomize-controller
mirror of https://github.com/fluxcd/kustomize-controller.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Refactor: Use impersonation from `fluxcd/pkg/runtime/client` 

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
This commit is contained in:
Stefan Prodan 2022-10-07 17:36:41 +03:00
parent 3086ae4cf1
commit 06e91e047b
No known key found for this signature in database
GPG Key ID: 3299AEB0E4085BAF
23 changed files with 66 additions and 318 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
api/go.mod
View File

@ -4,7 +4,7 @@ go 1.18
require (
github.com/fluxcd/pkg/apis/kustomize v0.6.0
github.com/fluxcd/pkg/apis/meta v0.16.0
github.com/fluxcd/pkg/apis/meta v0.17.0
k8s.io/apiextensions-apiserver v0.25.2
k8s.io/apimachinery v0.25.2
sigs.k8s.io/controller-runtime v0.13.0

4
api/go.sum
View File

@ -3,8 +3,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/fluxcd/pkg/apis/kustomize v0.6.0 h1:Afxv3Uv+xiuettzqm3sP0ceWikDZTfHdHtLv6u2nFM8=
github.com/fluxcd/pkg/apis/kustomize v0.6.0/go.mod h1:iY0zSpK6eUiPfNt/yR6g0q/wQP+wH+Ax/L7KBOx5x2M=
github.com/fluxcd/pkg/apis/meta v0.16.0 h1:6Mj9rB0TtvCeTe3IlQDc1i2DH75Oosea9yUqS7XafVg=
github.com/fluxcd/pkg/apis/meta v0.16.0/go.mod h1:GrOVzWXiu22XjLNgLLe2EBYhQPqZetes5SIADb4bmHE=
github.com/fluxcd/pkg/apis/meta v0.17.0 h1:Y2dfo1syHZDb9Mexjr2SWdcj1FnxnRXm015hEnhl6wU=
github.com/fluxcd/pkg/apis/meta v0.17.0/go.mod h1:GrOVzWXiu22XjLNgLLe2EBYhQPqZetes5SIADb4bmHE=
github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI=
github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=

17
api/v1beta2/kustomization_types.go
View File

@ -68,7 +68,7 @@ type KustomizationSpec struct {
// a controller level fallback for when KustomizationSpec.ServiceAccountName
// is empty.
// +optional
KubeConfig *KubeConfig `json:"kubeConfig,omitempty"`
KubeConfig *meta.KubeConfigReference `json:"kubeConfig,omitempty"`
// Path to the directory containing the kustomization.yaml file, or the
// set of plain YAMLs a kustomization.yaml should be generated for.
@ -168,21 +168,6 @@ type Decryption struct {
SecretRef *meta.LocalObjectReference `json:"secretRef,omitempty"`
}
// KubeConfig references a Kubernetes secret that contains a kubeconfig file.
type KubeConfig struct {
// SecretRef holds the name of a secret that contains a key with
// the kubeconfig file as the value. If no key is set, the key will default
// to 'value'. The secret must be in the same namespace as
// the Kustomization.
// It is recommended that the kubeconfig is self-contained, and the secret
// is regularly updated if credentials such as a cloud-access-token expire.
// Cloud specific `cmd-path` auth helpers will not function without adding
// binaries and credentials to the Pod that is responsible for reconciling
// the Kustomization.
// +required
SecretRef meta.SecretKeyReference `json:"secretRef,omitempty"`
}
// PostBuild describes which actions to perform on the YAML manifest
// generated by building the kustomize overlay.
type PostBuild struct {

18
api/v1beta2/zz_generated.deepcopy.go
View File

@ -64,22 +64,6 @@ func (in *Decryption) DeepCopy() *Decryption {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *KubeConfig) DeepCopyInto(out *KubeConfig) {
*out = *in
out.SecretRef = in.SecretRef
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeConfig.
func (in *KubeConfig) DeepCopy() *KubeConfig {
if in == nil {
return nil
}
out := new(KubeConfig)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Kustomization) DeepCopyInto(out *Kustomization) {
*out = *in
@ -160,7 +144,7 @@ func (in *KustomizationSpec) DeepCopyInto(out *KustomizationSpec) {
}
if in.KubeConfig != nil {
in, out := &in.KubeConfig, &out.KubeConfig
*out = new(KubeConfig)
*out = new(meta.KubeConfigReference)
**out = **in
}
if in.PostBuild != nil {

14
config/crd/bases/kustomize.toolkit.fluxcd.io_kustomizations.yaml
View File

@ -699,12 +699,12 @@ spec:
secretRef:
description: SecretRef holds the name of a secret that contains
a key with the kubeconfig file as the value. If no key is set,
the key will default to 'value'. The secret must be in the same
namespace as the Kustomization. It is recommended that the kubeconfig
is self-contained, and the secret is regularly updated if credentials
such as a cloud-access-token expire. Cloud specific `cmd-path`
auth helpers will not function without adding binaries and credentials
to the Pod that is responsible for reconciling the Kustomization.
the key will default to 'value'. It is recommended that the
kubeconfig is self-contained, and the secret is regularly updated
if credentials such as a cloud-access-token expire. Cloud specific
`cmd-path` auth helpers will not function without adding binaries
and credentials to the Pod that is responsible for reconciling
Kubernetes resources.
properties:
key:
description: Key in the Secret, when not specified an implementation-specific
@ -716,6 +716,8 @@ spec:
required:
- name
type: object
required:
- secretRef
type: object
patches:
description: Strategic merge and JSON patches, defined as inline YAML

2
controllers/kustomization_acl_test.go
View File

@ -88,7 +88,7 @@ stringData:
Spec: kustomizev1.KustomizationSpec{
Interval: metav1.Duration{Duration: reconciliationInterval},
Path: "./",
KubeConfig: &kustomizev1.KubeConfig{
KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: "kubeconfig",
},

24
controllers/kustomization_controller.go
View File

@ -363,7 +363,16 @@ func (r *KustomizationReconciler) reconcile(
}
// setup the Kubernetes client for impersonation
impersonation := NewKustomizeImpersonation(kustomization, r.Client, r.StatusPoller, r.DefaultServiceAccount, r.KubeConfigOpts, r.PollingOpts)
impersonation := runtimeClient.NewImpersonator(
r.Client,
r.StatusPoller,
r.PollingOpts,
kustomization.Spec.KubeConfig,
r.KubeConfigOpts,
r.DefaultServiceAccount,
kustomization.Spec.ServiceAccountName,
kustomization.GetNamespace(),
)
kubeClient, statusPoller, err := impersonation.GetClient(ctx)
if err != nil {
return kustomizev1.KustomizationNotReady(
@ -923,8 +932,17 @@ func (r *KustomizationReconciler) finalize(ctx context.Context, kustomization ku
kustomization.Status.Inventory.Entries != nil {
objects, _ := ListObjectsInInventory(kustomization.Status.Inventory)
impersonation := NewKustomizeImpersonation(kustomization, r.Client, r.StatusPoller, r.DefaultServiceAccount, r.KubeConfigOpts, r.PollingOpts)
if impersonation.CanFinalize(ctx) {
impersonation := runtimeClient.NewImpersonator(
r.Client,
r.StatusPoller,
r.PollingOpts,
kustomization.Spec.KubeConfig,
r.KubeConfigOpts,
r.DefaultServiceAccount,
kustomization.Spec.ServiceAccountName,
kustomization.GetNamespace(),
)
if impersonation.CanImpersonate(ctx) {
kubeClient, _, err := impersonation.GetClient(ctx)
if err != nil {
return ctrl.Result{}, err

2
controllers/kustomization_decryptor_test.go
View File

@ -125,7 +125,7 @@ func TestKustomizationReconciler_Decryptor(t *testing.T) {
Spec: kustomizev1.KustomizationSpec{
Interval: metav1.Duration{Duration: 2 * time.Minute},
Path: "./",
KubeConfig: &kustomizev1.KubeConfig{
KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: "kubeconfig",
},

2
controllers/kustomization_dependson_test.go
View File

@ -119,7 +119,7 @@ spec:
Spec: kustomizev1.KustomizationSpec{
Interval: metav1.Duration{Duration: reconciliationInterval},
Path: "./",
KubeConfig: &kustomizev1.KubeConfig{
KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: "kubeconfig",
},

2
controllers/kustomization_fetcher_test.go
View File

@ -85,7 +85,7 @@ stringData:
Spec: kustomizev1.KustomizationSpec{
Interval: metav1.Duration{Duration: reconciliationInterval},
Path: "./",
KubeConfig: &kustomizev1.KubeConfig{
KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: "kubeconfig",
},

2
controllers/kustomization_force_test.go
View File

@ -85,7 +85,7 @@ stringData:
Spec: kustomizev1.KustomizationSpec{
Interval: metav1.Duration{Duration: reconciliationInterval},
Path: "./",
KubeConfig: &kustomizev1.KubeConfig{
KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: "kubeconfig",
},

2
controllers/kustomization_fuzzer_test.go
View File

@ -210,7 +210,7 @@ func Fuzz_Controllers(f *testing.F) {
},
Spec: kustomizev1.KustomizationSpec{
Path: "./",
KubeConfig: &kustomizev1.KubeConfig{
KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: "kubeconfig",
},

200
controllers/kustomization_impersonation.go
View File

@ -1,200 +0,0 @@
/*
Copyright 2020 The Flux authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package controllers
import (
"context"
"fmt"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
"k8s.io/client-go/rest"
"k8s.io/client-go/tools/clientcmd"
"sigs.k8s.io/cli-utils/pkg/kstatus/polling"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/client/apiutil"
"sigs.k8s.io/controller-runtime/pkg/client/config"
kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta2"
runtimeClient "github.com/fluxcd/pkg/runtime/client"
)
// KustomizeImpersonation holds the state for impersonating a service account.
type KustomizeImpersonation struct {
client.Client
kustomization kustomizev1.Kustomization
statusPoller *polling.StatusPoller
defaultServiceAccount string
pollingOpts polling.Options
kubeConfigOpts runtimeClient.KubeConfigOptions
}
// NewKustomizeImpersonation creates a new KustomizeImpersonation.
func NewKustomizeImpersonation(
kustomization kustomizev1.Kustomization,
kubeClient client.Client,
statusPoller *polling.StatusPoller,
defaultServiceAccount string,
kubeConfigOpts runtimeClient.KubeConfigOptions,
pollingOpts polling.Options) *KustomizeImpersonation {
return &KustomizeImpersonation{
defaultServiceAccount: defaultServiceAccount,
kustomization: kustomization,
statusPoller: statusPoller,
Client: kubeClient,
kubeConfigOpts: kubeConfigOpts,
pollingOpts: pollingOpts,
}
}
// GetClient creates a controller-runtime client for talking to a Kubernetes API server.
// If spec.KubeConfig is set, use the kubeconfig bytes from the Kubernetes secret.
// Otherwise will assume running in cluster and use the cluster provided kubeconfig.
// If a --default-service-account is set and no spec.ServiceAccountName, use the provided kubeconfig and impersonate the default SA.
// If spec.ServiceAccountName is set, use the provided kubeconfig and impersonate the specified SA.
func (ki *KustomizeImpersonation) GetClient(ctx context.Context) (client.Client, *polling.StatusPoller, error) {
switch {
case ki.kustomization.Spec.KubeConfig != nil:
return ki.clientForKubeConfig(ctx)
case ki.defaultServiceAccount != "" || ki.kustomization.Spec.ServiceAccountName != "":
return ki.clientForServiceAccountOrDefault()
default:
return ki.Client, ki.statusPoller, nil
}
}
// CanFinalize asserts if the given Kustomization can be finalized using impersonation.
func (ki *KustomizeImpersonation) CanFinalize(ctx context.Context) bool {
name := ki.defaultServiceAccount
if sa := ki.kustomization.Spec.ServiceAccountName; sa != "" {
name = sa
}
if name == "" {
return true
}
sa := &corev1.ServiceAccount{
TypeMeta: metav1.TypeMeta{
Kind: "ServiceAccount",
APIVersion: "v1",
},
ObjectMeta: metav1.ObjectMeta{
Name: name,
Namespace: ki.kustomization.Namespace,
},
}
if err := ki.Client.Get(ctx, client.ObjectKeyFromObject(sa), sa); err != nil {
return false
}
return true
}
func (ki *KustomizeImpersonation) setImpersonationConfig(restConfig *rest.Config) {
name := ki.defaultServiceAccount
if sa := ki.kustomization.Spec.ServiceAccountName; sa != "" {
name = sa
}
if name != "" {
username := fmt.Sprintf("system:serviceaccount:%s:%s", ki.kustomization.GetNamespace(), name)
restConfig.Impersonate = rest.ImpersonationConfig{UserName: username}
}
}
func (ki *KustomizeImpersonation) clientForServiceAccountOrDefault() (client.Client, *polling.StatusPoller, error) {
restConfig, err := config.GetConfig()
if err != nil {
return nil, nil, err
}
ki.setImpersonationConfig(restConfig)
restMapper, err := apiutil.NewDynamicRESTMapper(restConfig)
if err != nil {
return nil, nil, err
}
client, err := client.New(restConfig, client.Options{Mapper: restMapper})
if err != nil {
return nil, nil, err
}
statusPoller := polling.NewStatusPoller(client, restMapper, ki.pollingOpts)
return client, statusPoller, err
}
func (ki *KustomizeImpersonation) clientForKubeConfig(ctx context.Context) (client.Client, *polling.StatusPoller, error) {
kubeConfigBytes, err := ki.getKubeConfig(ctx)
if err != nil {
return nil, nil, err
}
restConfig, err := clientcmd.RESTConfigFromKubeConfig(kubeConfigBytes)
if err != nil {
return nil, nil, err
}
restConfig = runtimeClient.KubeConfig(restConfig, ki.kubeConfigOpts)
ki.setImpersonationConfig(restConfig)
restMapper, err := apiutil.NewDynamicRESTMapper(restConfig)
if err != nil {
return nil, nil, err
}
client, err := client.New(restConfig, client.Options{Mapper: restMapper})
if err != nil {
return nil, nil, err
}
statusPoller := polling.NewStatusPoller(client, restMapper, ki.pollingOpts)
return client, statusPoller, err
}
func (ki *KustomizeImpersonation) getKubeConfig(ctx context.Context) ([]byte, error) {
secretName := types.NamespacedName{
Namespace: ki.kustomization.GetNamespace(),
Name: ki.kustomization.Spec.KubeConfig.SecretRef.Name,
}
var secret corev1.Secret
if err := ki.Get(ctx, secretName, &secret); err != nil {
return nil, fmt.Errorf("unable to read KubeConfig secret '%s' error: %w", secretName.String(), err)
}
var kubeConfig []byte
switch {
case ki.kustomization.Spec.KubeConfig.SecretRef.Key != "":
key := ki.kustomization.Spec.KubeConfig.SecretRef.Key
kubeConfig = secret.Data[key]
if kubeConfig == nil {
return nil, fmt.Errorf("KubeConfig secret '%s' does not contain a '%s' key with a kubeconfig", secretName, key)
}
case secret.Data["value"] != nil:
kubeConfig = secret.Data["value"]
case secret.Data["value.yaml"] != nil:
kubeConfig = secret.Data["value.yaml"]
default:
// User did not specify a key, and the 'value' key was not defined.
return nil, fmt.Errorf("KubeConfig secret '%s' does not contain a 'value' key with a kubeconfig", secretName)
}
return kubeConfig, nil
}

4
controllers/kustomization_impersonation_test.go
View File

@ -91,7 +91,7 @@ data:
Spec: kustomizev1.KustomizationSpec{
Interval: metav1.Duration{Duration: time.Minute},
Path: "./",
KubeConfig: &kustomizev1.KubeConfig{
KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: "kubeconfig",
},
@ -260,7 +260,7 @@ data:
Spec: kustomizev1.KustomizationSpec{
Interval: metav1.Duration{Duration: time.Minute},
Path: "./",
KubeConfig: &kustomizev1.KubeConfig{
KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: secretName,
Key: secretKey,

2
controllers/kustomization_inventory_test.go
View File

@ -96,7 +96,7 @@ stringData:
Spec: kustomizev1.KustomizationSpec{
Interval: metav1.Duration{Duration: 2 * time.Minute},
Path: "./",
KubeConfig: &kustomizev1.KubeConfig{
KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: "kubeconfig",
},

6
controllers/kustomization_prune_test.go
View File

@ -97,7 +97,7 @@ data:
Spec: kustomizev1.KustomizationSpec{
Interval: metav1.Duration{Duration: reconciliationInterval},
Path: "./",
KubeConfig: &kustomizev1.KubeConfig{
KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: "kubeconfig",
},
@ -225,7 +225,7 @@ data:
Spec: kustomizev1.KustomizationSpec{
Interval: metav1.Duration{Duration: reconciliationInterval},
Path: "./",
KubeConfig: &kustomizev1.KubeConfig{
KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: "kubeconfig",
},
@ -369,7 +369,7 @@ data:
Spec: kustomizev1.KustomizationSpec{
Interval: metav1.Duration{Duration: reconciliationInterval},
Path: "./",
KubeConfig: &kustomizev1.KubeConfig{
KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: "kubeconfig",
},

6
controllers/kustomization_transformer_test.go
View File

@ -73,7 +73,7 @@ func TestKustomizationReconciler_KustomizeTransformer(t *testing.T) {
Spec: kustomizev1.KustomizationSpec{
Interval: metav1.Duration{Duration: reconciliationInterval},
Path: "./",
KubeConfig: &kustomizev1.KubeConfig{
KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: "kubeconfig",
},
@ -196,7 +196,7 @@ func TestKustomizationReconciler_KustomizeTransformerFiles(t *testing.T) {
Spec: kustomizev1.KustomizationSpec{
Interval: metav1.Duration{Duration: reconciliationInterval},
Path: "./",
KubeConfig: &kustomizev1.KubeConfig{
KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: "kubeconfig",
},
@ -315,7 +315,7 @@ func TestKustomizationReconciler_FluxTransformers(t *testing.T) {
Spec: kustomizev1.KustomizationSpec{
Interval: metav1.Duration{Duration: reconciliationInterval},
Path: "./",
KubeConfig: &kustomizev1.KubeConfig{
KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: "kubeconfig",
},

2
controllers/kustomization_validation_test.go
View File

@ -78,7 +78,7 @@ func TestKustomizationReconciler_Validation(t *testing.T) {
Spec: kustomizev1.KustomizationSpec{
Interval: metav1.Duration{Duration: 2 * time.Minute},
Path: "./",
KubeConfig: &kustomizev1.KubeConfig{
KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: "kubeconfig",
},

4
controllers/kustomization_varsub_test.go
View File

@ -119,7 +119,7 @@ stringData:
Namespace: id,
},
Spec: kustomizev1.KustomizationSpec{
KubeConfig: &kustomizev1.KubeConfig{
KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: "kubeconfig",
},
@ -268,7 +268,7 @@ metadata:
Namespace: id,
},
Spec: kustomizev1.KustomizationSpec{
KubeConfig: &kustomizev1.KubeConfig{
KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: "kubeconfig",
},

2
controllers/kustomization_wait_test.go
View File

@ -95,7 +95,7 @@ parameters:
Spec: kustomizev1.KustomizationSpec{
Interval: metav1.Duration{Duration: 2 * time.Minute},
Path: "./",
KubeConfig: &kustomizev1.KubeConfig{
KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: "kubeconfig",
},

50
docs/api/kustomize.md
View File

@ -131,8 +131,8 @@ value to retry failures.</p>
<td>
<code>kubeConfig</code><br>
<em>
<a href="#kustomize.toolkit.fluxcd.io/v1beta2.KubeConfig">
KubeConfig
<a href="https://godoc.org/github.com/fluxcd/pkg/apis/meta#KubeConfigReference">
github.com/fluxcd/pkg/apis/meta.KubeConfigReference
</a>
</em>
</td>
@ -500,48 +500,6 @@ github.com/fluxcd/pkg/apis/meta.LocalObjectReference
</table>
</div>
</div>
<h3 id="kustomize.toolkit.fluxcd.io/v1beta2.KubeConfig">KubeConfig
</h3>
<p>
(<em>Appears on:</em>
<a href="#kustomize.toolkit.fluxcd.io/v1beta2.KustomizationSpec">KustomizationSpec</a>)
</p>
<p>KubeConfig references a Kubernetes secret that contains a kubeconfig file.</p>
<div class="md-typeset__scrollwrap">
<div class="md-typeset__table">
<table>
<thead>
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>secretRef</code><br>
<em>
<a href="https://godoc.org/github.com/fluxcd/pkg/apis/meta#SecretKeyReference">
github.com/fluxcd/pkg/apis/meta.SecretKeyReference
</a>
</em>
</td>
<td>
<p>SecretRef holds the name of a secret that contains a key with
the kubeconfig file as the value. If no key is set, the key will default
to &lsquo;value&rsquo;. The secret must be in the same namespace as
the Kustomization.
It is recommended that the kubeconfig is self-contained, and the secret
is regularly updated if credentials such as a cloud-access-token expire.
Cloud specific <code>cmd-path</code> auth helpers will not function without adding
binaries and credentials to the Pod that is responsible for reconciling
the Kustomization.</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<h3 id="kustomize.toolkit.fluxcd.io/v1beta2.KustomizationSpec">KustomizationSpec
</h3>
<p>
@ -622,8 +580,8 @@ value to retry failures.</p>
<td>
<code>kubeConfig</code><br>
<em>
<a href="#kustomize.toolkit.fluxcd.io/v1beta2.KubeConfig">
KubeConfig
<a href="https://godoc.org/github.com/fluxcd/pkg/apis/meta#KubeConfigReference">
github.com/fluxcd/pkg/apis/meta.KubeConfigReference
</a>
</em>
</td>

6
go.mod
View File

@ -23,9 +23,9 @@ require (
github.com/fluxcd/kustomize-controller/api v0.29.0
github.com/fluxcd/pkg/apis/acl v0.1.0
github.com/fluxcd/pkg/apis/kustomize v0.6.0
github.com/fluxcd/pkg/apis/meta v0.16.0
github.com/fluxcd/pkg/apis/meta v0.17.0
github.com/fluxcd/pkg/kustomize v0.8.0
github.com/fluxcd/pkg/runtime v0.19.0
github.com/fluxcd/pkg/runtime v0.20.0
github.com/fluxcd/pkg/ssa v0.21.0
github.com/fluxcd/pkg/testserver v0.3.0
github.com/fluxcd/pkg/untar v0.2.0
@ -223,7 +223,7 @@ require (
gopkg.in/urfave/cli.v1 v1.20.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/cli-runtime v0.24.0 // indirect
k8s.io/cli-runtime v0.25.2 // indirect
k8s.io/component-base v0.25.2 // indirect
k8s.io/klog/v2 v2.80.1 // indirect
k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 // indirect

11
go.sum
View File

@ -288,12 +288,12 @@ github.com/fluxcd/pkg/apis/acl v0.1.0 h1:EoAl377hDQYL3WqanWCdifauXqXbMyFuK82NnX6
github.com/fluxcd/pkg/apis/acl v0.1.0/go.mod h1:zfEZzz169Oap034EsDhmCAGgnWlcWmIObZjYMusoXS8=
github.com/fluxcd/pkg/apis/kustomize v0.6.0 h1:Afxv3Uv+xiuettzqm3sP0ceWikDZTfHdHtLv6u2nFM8=
github.com/fluxcd/pkg/apis/kustomize v0.6.0/go.mod h1:iY0zSpK6eUiPfNt/yR6g0q/wQP+wH+Ax/L7KBOx5x2M=
github.com/fluxcd/pkg/apis/meta v0.16.0 h1:6Mj9rB0TtvCeTe3IlQDc1i2DH75Oosea9yUqS7XafVg=
github.com/fluxcd/pkg/apis/meta v0.16.0/go.mod h1:GrOVzWXiu22XjLNgLLe2EBYhQPqZetes5SIADb4bmHE=
github.com/fluxcd/pkg/apis/meta v0.17.0 h1:Y2dfo1syHZDb9Mexjr2SWdcj1FnxnRXm015hEnhl6wU=
github.com/fluxcd/pkg/apis/meta v0.17.0/go.mod h1:GrOVzWXiu22XjLNgLLe2EBYhQPqZetes5SIADb4bmHE=
github.com/fluxcd/pkg/kustomize v0.8.0 h1:8AdEvp6y38ISZzoi0H82Si5zkmLXClbeX10W7HevB00=
github.com/fluxcd/pkg/kustomize v0.8.0/go.mod h1:zGtCZF6V3hMWcf46SqrQc10fS9yUlKzi2UcFUeabDAE=
github.com/fluxcd/pkg/runtime v0.19.0 h1:4lRlnZfJFhWvuaNWgNsAkPQg09633xCRCf9d0SgXIWk=
github.com/fluxcd/pkg/runtime v0.19.0/go.mod h1:9Kh46LjwQeUu6o1DUQulLGyo5e5wfQxeFf4ONNobT3U=
github.com/fluxcd/pkg/runtime v0.20.0 h1:F9q9wap0BhjQszboUroJrYOB1C831zkQwTAk2tlMIQc=
github.com/fluxcd/pkg/runtime v0.20.0/go.mod h1:KVHNQMhccuLTjMDFVCr/SF+4Z554bcMH1LncC4sQf8o=
github.com/fluxcd/pkg/ssa v0.21.0 h1:aeoTohPNf5x7jQjHidyLJAOHw3EyHOQoQN3mN2i+4cc=
github.com/fluxcd/pkg/ssa v0.21.0/go.mod h1:jumyhUbEMDnduN7anSlKfxl2fEoyeyv+Ta5hWCbxI5Q=
github.com/fluxcd/pkg/testserver v0.3.0 h1:oyZW6YWHVZR7FRVNu7lN9F5H808TD2jCzBm8CenFoi0=
@ -1415,8 +1415,9 @@ k8s.io/apiextensions-apiserver v0.25.2/go.mod h1:iRwwRDlWPfaHhuBfQ0WMa5skdQfrE18
k8s.io/apimachinery v0.24.0/go.mod h1:82Bi4sCzVBdpYjyI4jY6aHX+YCUchUIrZrXKedjd2UM=
k8s.io/apimachinery v0.25.2 h1:WbxfAjCx+AeN8Ilp9joWnyJ6xu9OMeS/fsfjK/5zaQs=
k8s.io/apimachinery v0.25.2/go.mod h1:hqqA1X0bsgsxI6dXsJ4HnNTBOmJNxyPp8dw3u2fSHwA=
k8s.io/cli-runtime v0.24.0 h1:ot3Qf49T852uEyNApABO1UHHpFIckKK/NqpheZYN2gM=
k8s.io/cli-runtime v0.24.0/go.mod h1:9XxoZDsEkRFUThnwqNviqzljtT/LdHtNWvcNFrAXl0A=
k8s.io/cli-runtime v0.25.2 h1:XOx+SKRjBpYMLY/J292BHTkmyDffl/qOx3YSuFZkTuc=
k8s.io/cli-runtime v0.25.2/go.mod h1:OQx3+/0st6x5YpkkJQlEWLC73V0wHsOFMC1/roxV8Oc=
k8s.io/client-go v0.24.0/go.mod h1:VFPQET+cAFpYxh6Bq6f4xyMY80G6jKKktU6G0m00VDw=
k8s.io/client-go v0.25.2 h1:SUPp9p5CwM0yXGQrwYurw9LWz+YtMwhWd0GqOsSiefo=
k8s.io/client-go v0.25.2/go.mod h1:i7cNU7N+yGQmJkewcRD2+Vuj4iz7b30kI8OcL3horQ4=