Merge pull request #264 from fluxcd/kustomize-patches

fluxcd · Feb 4, 2021 · 0c3e73f · 0c3e73f
2 parents 975534b + d7cdeb6
commit 0c3e73f
Show file tree

Hide file tree

Showing 15 changed files with 430 additions and 132 deletions.
diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
@@ -82,12 +82,26 @@ jobs:
  kubectl -n impersonation wait kustomizations/podinfo --for=condition=ready --timeout=4m
  kubectl -n impersonation delete kustomizations/podinfo
  until kubectl -n impersonation get deploy/podinfo 2>&1 | grep NotFound ; do sleep 2; done
- - name: Run image overide tests
+ - name: Run images override tests
  run: |
- kubectl -n override-test apply -f ./config/testdata/overrides
- kubectl -n override-test wait kustomizations/podinfo --for=condition=ready --timeout=1m
- ACTUAL_TAG=$(kubectl -n override-test get deployments podinfo -o jsonpath='{.spec.template.spec.containers[0].image}' | cut -f2 -d ":")
- if [[ $ACTUAL_TAG != "5.0.0" ]]; then echo "Image tag did not override" && exit 1; fi
+ kubectl -n images-test apply -f ./config/testdata/overrides/images.yaml
+ kubectl -n images-test wait kustomizations/podinfo --for=condition=ready --timeout=1m
+ ACTUAL_TAG=$(kubectl -n images-test get deployments podinfo -o jsonpath='{.spec.template.spec.containers[0].image}' | cut -f2 -d ":")
+ if [[ $ACTUAL_TAG != "5.0.0" ]]; then echo "Image tag was not overwritten" && exit 1; fi
+ - name: Run patches override tests
+ run: |
+ kubectl -n patches-test apply -f ./config/testdata/overrides/patches.yaml
+ kubectl -n patches-test wait kustomizations/podinfo --for=condition=ready --timeout=1m
+ WANT="xxxx"
+ RESULT=$(kubectl -n patches-test get deployment podinfo -o jsonpath='{.metadata.labels.yyyy}')
+ if [ "$RESULT" != "$WANT" ]; then
+ echo -e "$RESULT\n\ndoes not equal\n\n$WANT" && exit 1
+ fi
+ WANT="yyyy"
+ RESULT=$(kubectl -n patches-test get deployment podinfo -o jsonpath='{.metadata.labels.xxxx}')
+ if [ "$RESULT" != "$WANT" ]; then
+ echo -e "$RESULT\n\ndoes not equal\n\$WANT" && exit 1
+ fi
  - name: Logs
  run: |
  kubectl -n kustomize-system logs deploy/source-controller

diff --git a/api/go.mod b/api/go.mod
@@ -3,8 +3,10 @@ module github.com/fluxcd/kustomize-controller/api
 go 1.15
 
 require (
+ github.com/fluxcd/pkg/apis/kustomize v0.0.1
  github.com/fluxcd/pkg/apis/meta v0.7.0
  github.com/fluxcd/pkg/runtime v0.8.0
+ k8s.io/apiextensions-apiserver v0.20.2
  k8s.io/apimachinery v0.20.2
  sigs.k8s.io/controller-runtime v0.8.0
 )
diff --git a/api/go.sum b/api/go.sum
@@ -88,6 +88,8 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7
 github.com/evanphx/json-patch v4.5.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
+github.com/fluxcd/pkg/apis/kustomize v0.0.1 h1:TkA80R0GopRY27VJqzKyS6ifiKIAfwBd7OHXtV3t2CI=
+github.com/fluxcd/pkg/apis/kustomize v0.0.1/go.mod h1:JAFPfnRmcrAoG1gNiA8kmEXsnOBuDyZ/F5X4DAQcVV0=
 github.com/fluxcd/pkg/apis/meta v0.7.0 h1:5e8gm4OLqjuKWdrOIY5DEEsjcwzyJFK8rCDesJ+V8IY=
 github.com/fluxcd/pkg/apis/meta v0.7.0/go.mod h1:yHuY8kyGHYz22I0jQzqMMGCcHViuzC/WPdo9Gisk8Po=
 github.com/fluxcd/pkg/runtime v0.8.0 h1:cnSBZJLcXlKgjXpFFFExu+4ZncIxmPgNIx+ErLcCLnA=
@@ -634,21 +636,27 @@ k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo=
 k8s.io/api v0.20.2 h1:y/HR22XDZY3pniu9hIFDLpUCPq2w5eQ6aV/VFQ7uJMw=
 k8s.io/api v0.20.2/go.mod h1:d7n6Ehyzx+S+cE3VhTGfVNNqtGc/oL9DCdYYahlurV8=
 k8s.io/apiextensions-apiserver v0.20.1/go.mod h1:ntnrZV+6a3dB504qwC5PN/Yg9PBiDNt1EVqbW2kORVk=
+k8s.io/apiextensions-apiserver v0.20.2 h1:rfrMWQ87lhd8EzQWRnbQ4gXrniL/yTRBgYH1x1+BLlo=
+k8s.io/apiextensions-apiserver v0.20.2/go.mod h1:F6TXp389Xntt+LUq3vw6HFOLttPa0V8821ogLGwb6Zs=
 k8s.io/apimachinery v0.20.1/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU=
 k8s.io/apimachinery v0.20.2 h1:hFx6Sbt1oG0n6DZ+g4bFt5f6BoMkOjKWsQFu077M3Vg=
 k8s.io/apimachinery v0.20.2/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU=
 k8s.io/apiserver v0.20.1/go.mod h1:ro5QHeQkgMS7ZGpvf4tSMx6bBOgPfE+f52KwvXfScaU=
+k8s.io/apiserver v0.20.2/go.mod h1:2nKd93WyMhZx4Hp3RfgH2K5PhwyTrprrkWYnI7id7jA=
 k8s.io/client-go v0.20.1/go.mod h1:/zcHdt1TeWSd5HoUe6elJmHSQ6uLLgp4bIJHVEuy+/Y=
 k8s.io/client-go v0.20.2/go.mod h1:kH5brqWqp7HDxUFKoEgiI4v8G1xzbe9giaCenUWJzgE=
 k8s.io/code-generator v0.20.1/go.mod h1:UsqdF+VX4PU2g46NC2JRs4gc+IfrctnwHb76RNbWHJg=
+k8s.io/code-generator v0.20.2/go.mod h1:UsqdF+VX4PU2g46NC2JRs4gc+IfrctnwHb76RNbWHJg=
 k8s.io/component-base v0.20.1/go.mod h1:guxkoJnNoh8LNrbtiQOlyp2Y2XFCZQmrcg2n/DeYNLk=
+k8s.io/component-base v0.20.2/go.mod h1:pzFtCiwe/ASD0iV7ySMu8SYVJjCapNM9bjvk7ptpKh0=
 k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
 k8s.io/gengo v0.0.0-20201113003025-83324d819ded/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
 k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
 k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
 k8s.io/klog/v2 v2.4.0 h1:7+X0fUguPyrKEC4WjH8iGDg3laWgMo5tMnRTIGTTxGQ=
 k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
 k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM=
+k8s.io/utils v0.0.0-20201110183641-67b214c5f920 h1:CbnUZsM497iRC5QMVkHwyl8s2tB3g7yaSHkYPkpgelw=
 k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=

diff --git a/api/v1beta1/kustomization_types.go b/api/v1beta1/kustomization_types.go
@@ -17,12 +17,14 @@ limitations under the License.
 package v1beta1
 
 import (
+ apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
  apimeta "k8s.io/apimachinery/pkg/api/meta"
  "time"
 
  metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
  "k8s.io/apimachinery/pkg/types"
 
+ "github.com/fluxcd/pkg/apis/kustomize"
  "github.com/fluxcd/pkg/apis/meta"
  "github.com/fluxcd/pkg/runtime/dependency"
 )
@@ -74,9 +76,19 @@ type KustomizationSpec struct {
  // +optional
  HealthChecks []meta.NamespacedObjectKindReference `json:"healthChecks,omitempty"`
 
- // A list of images used to override or set the name and tag for container images.
+ // Strategic merge patches, defined as inline YAML objects.
  // +optional
- Images []Image `json:"images,omitempty"`
+ PatchesStrategicMerge []apiextensionsv1.JSON `json:"patchesStrategicMerge,omitempty"`
+
+ // JSON 6902 patches, defined as inline YAML objects.
+ // +optional
+ PatchesJSON6902 []kustomize.JSON6902Patch `json:"patchesJson6902,omitempty"`
+
+ // Images is a list of (image name, new name, new tag or digest)
+ // for changing image names, tags or digests. This can also be achieved with a
+ // patch, but this operator is simpler to specify.
+ // +optional
+ Images []kustomize.Image `json:"images,omitempty"`
 
  // The name of the Kubernetes service account to impersonate
  // when reconciling this Kustomization.
@@ -124,21 +136,6 @@ type Decryption struct {
  SecretRef *meta.LocalObjectReference `json:"secretRef,omitempty"`
 }
 
-// Image contains the name, new name and new tag that will replace the original container image.
-type Image struct {
- // Name of the image to be replaced.
- // +required
- Name string `json:"name"`
-
- // NewName is the name of the image used to replace the original one.
- // +required
- NewName string `json:"newName"`
-
- // NewTag is the image tag used to replace the original tag.
- // +required
- NewTag string `json:"newTag"`
-}
-
 // KubeConfig references a Kubernetes secret that contains a kubeconfig file.
 type KubeConfig struct {
  // SecretRef holds the name to a secret that contains a 'value' key with

diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/kustomize.toolkit.fluxcd.io_kustomizations.yaml b/config/crd/bases/kustomize.toolkit.fluxcd.io_kustomizations.yaml
@@ -114,27 +114,30 @@ spec:
  type: object
  type: array
  images:
- description: A list of images used to override or set the name and
- tag for container images.
+ description: Images is a list of (image name, new name, new tag or
+ digest) for changing image names, tags or digests. This can also
+ be achieved with a patch, but this operator is simpler to specify.
  items:
- description: Image contains the name, new name and new tag that
- will replace the original container image.
+ description: Image contains an image name, a new name, a new tag
+ or digest, which will replace the original name and tag.
  properties:
+ digest:
+ description: Digest is the value used to replace the original
+ image tag. If digest is present NewTag value is ignored.
+ type: string
  name:
- description: Name of the image to be replaced.
+ description: Name is a tag-less image name.
  type: string
  newName:
- description: NewName is the name of the image used to replace
- the original one.
+ description: NewName is the value used to replace the original
+ name.
  type: string
  newTag:
- description: NewTag is the image tag used to replace the original
+ description: NewTag is the value used to replace the original
  tag.
  type: string
  required:
  - name
- - newName
- - newTag
  type: object
  type: array
  interval:
@@ -162,6 +165,85 @@ spec:
  - name
  type: object
  type: object
+ patchesJson6902:
+ description: JSON 6902 patches, defined as inline YAML objects.
+ items:
+ description: JSON6902Patch contains a JSON6902 patch and the target
+ the patch should be applied to.
+ properties:
+ patch:
+ description: Patch contains the JSON6902 patch document with
+ an array of operation objects.
+ items:
+ description: JSON6902 is a JSON6902 operation object. https://tools.ietf.org/html/rfc6902#section-4
+ properties:
+ from:
+ type: string
+ op:
+ enum:
+ - test
+ - remove
+ - add
+ - replace
+ - move
+ - copy
+ type: string
+ path:
+ type: string
+ value:
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - op
+ - path
+ type: object
+ type: array
+ target:
+ description: Target points to the resources that the patch document
+ should be applied to.
+ properties:
+ annotationSelector:
+ description: AnnotationSelector is a string that follows
+ the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+ It matches with the resource annotations.
+ type: string
+ group:
+ description: Group is the API group to select resources
+ from. Together with Version and Kind it is capable of
+ unambiguously identifying and/or selecting resources.
+ https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ kind:
+ description: Kind of the API Group to select resources from.
+ Together with Group and Version it is capable of unambiguously
+ identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ labelSelector:
+ description: LabelSelector is a string that follows the
+ label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+ It matches with the resource labels.
+ type: string
+ name:
+ description: Name to match resources with.
+ type: string
+ namespace:
+ description: Namespace to select resources from.
+ type: string
+ version:
+ description: Version of the API Group to select resources
+ from. Together with Group and Kind it is capable of unambiguously
+ identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ type: object
+ required:
+ - patch
+ - target
+ type: object
+ type: array
+ patchesStrategicMerge:
+ description: Strategic merge patches, defined as inline YAML objects.
+ items:
+ x-kubernetes-preserve-unknown-fields: true
+ type: array
  path:
  description: Path to the directory containing the kustomization.yaml
  file, or the set of plain YAMLs a kustomization.yaml should be generated

diff --git a/config/testdata/overrides/test.yaml → config/testdata/overrides/images.yaml b/config/testdata/overrides/test.yaml → config/testdata/overrides/images.yaml
@@ -1,13 +1,13 @@
 apiVersion: v1
 kind: Namespace
 metadata:
- name: override-test
+ name: images-test
 ---
 apiVersion: source.toolkit.fluxcd.io/v1beta1
 kind: GitRepository
 metadata:
  name: podinfo
- namespace: override-test
+ namespace: images-test
 spec:
  interval: 5m
  url: https://github.com/stefanprodan/podinfo
@@ -18,9 +18,9 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
 kind: Kustomization
 metadata:
  name: podinfo
- namespace: override-test
+ namespace: images-test
 spec:
- targetNamespace: override-test
+ targetNamespace: images-test
  interval: 5m
  path: "./kustomize"
  prune: true