Troubleshoot helpers for Kustomization reconcile failures

[stefanprodan]

To help users troubleshoot Flux Kustomization reconcile failures, we could add a new CLI command dedicated for debugging.

Specification

Introduce a new command called flux debug kustomization.

Debug variable substitution composition

The flux debug kustomization <name> --show-vars command could be used to print the final variables values by merging the Kustomization inline vars from .spec.postBuild.substitute with the vars coming from Kubernetes ConfigMaps/Secrets specified in ..spec.postBuild.substituteFrom. This command could help users debug failed reconciliations by allowing them to export the final vars from cluster into a local dot env file. Using the final dor env, users can run locally kustomize build . | flux envsubst and inspect the resulting resources.

Note that the exported vars may contain sensitive information extracted from Kubernetes Secrets, this should be highlighted in the command help docs to make users aware of the implications of running this command on untrusted machines. Give that the Flux CLI uses the local kubeConfig, only users with read access to the secrets will be able to run the debug command.

Debug current status

The flux debug kustomization <name> --show-status command can be used to print the release status along with the inventory, conditions and errors messages. This command could help users debug failures by inspecting the status sub-resource which contains rich informations about a Kustomization compared to the flux get kustomization command which only displays the Ready condition message.

Implementation

• Make the variables resolution function public in fluxcd/pkg/kustomize
• Implement flux debug kustomization --show-vars using the shared package from fluxcd/pkg/kustomize
• Implement flux debug kustomization --show-status
• Document the command usage in the Flux Kustomization API docs.

xref: #5101