Merge pull request #264 from fluxcd/kustomize-patches

Author: hiddeco

.github/workflows/e2e.yaml

@@ -82,12 +82,26 @@ jobs:
           kubectl -n impersonation wait kustomizations/podinfo --for=condition=ready --timeout=4m
           kubectl -n impersonation delete kustomizations/podinfo
           until kubectl -n impersonation get deploy/podinfo 2>&1 | grep NotFound ; do sleep 2; done
-      - name: Run image overide tests
+      - name: Run images override tests
         run: |
-          kubectl -n override-test apply -f ./config/testdata/overrides
-          kubectl -n override-test wait kustomizations/podinfo --for=condition=ready --timeout=1m
-          ACTUAL_TAG=$(kubectl -n override-test get deployments podinfo -o jsonpath='{.spec.template.spec.containers[0].image}' | cut -f2 -d ":")
-          if [[ $ACTUAL_TAG != "5.0.0" ]]; then echo "Image tag did not override" && exit 1; fi
+          kubectl -n images-test apply -f ./config/testdata/overrides/images.yaml
+          kubectl -n images-test wait kustomizations/podinfo --for=condition=ready --timeout=1m
+          ACTUAL_TAG=$(kubectl -n images-test get deployments podinfo -o jsonpath='{.spec.template.spec.containers[0].image}' | cut -f2 -d ":")
+          if [[ $ACTUAL_TAG != "5.0.0" ]]; then echo "Image tag was not overwritten" && exit 1; fi
+      - name: Run patches override tests
+        run: |
+          kubectl -n patches-test apply -f ./config/testdata/overrides/patches.yaml
+          kubectl -n patches-test wait kustomizations/podinfo --for=condition=ready --timeout=1m
+          WANT="xxxx"
+          RESULT=$(kubectl -n patches-test get deployment podinfo -o jsonpath='{.metadata.labels.yyyy}')
+          if [ "$RESULT" != "$WANT" ]; then
+              echo -e "$RESULT\n\ndoes not equal\n\n$WANT" && exit 1
+          fi
+          WANT="yyyy"
+          RESULT=$(kubectl -n patches-test get deployment podinfo -o jsonpath='{.metadata.labels.xxxx}')
+          if [ "$RESULT" != "$WANT" ]; then
+              echo -e "$RESULT\n\ndoes not equal\n\$WANT" && exit 1
+          fi
       - name: Logs
         run: |
           kubectl -n kustomize-system logs deploy/source-controller

api/go.mod

@@ -3,8 +3,10 @@ module github.com/fluxcd/kustomize-controller/api
 go 1.15
 
 require (
+	github.com/fluxcd/pkg/apis/kustomize v0.0.1
 	github.com/fluxcd/pkg/apis/meta v0.7.0
 	github.com/fluxcd/pkg/runtime v0.8.0
+	k8s.io/apiextensions-apiserver v0.20.2
 	k8s.io/apimachinery v0.20.2
 	sigs.k8s.io/controller-runtime v0.8.0
 )

api/go.sum

@@ -88,6 +88,8 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7
 github.com/evanphx/json-patch v4.5.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
+github.com/fluxcd/pkg/apis/kustomize v0.0.1 h1:TkA80R0GopRY27VJqzKyS6ifiKIAfwBd7OHXtV3t2CI=
+github.com/fluxcd/pkg/apis/kustomize v0.0.1/go.mod h1:JAFPfnRmcrAoG1gNiA8kmEXsnOBuDyZ/F5X4DAQcVV0=
 github.com/fluxcd/pkg/apis/meta v0.7.0 h1:5e8gm4OLqjuKWdrOIY5DEEsjcwzyJFK8rCDesJ+V8IY=
 github.com/fluxcd/pkg/apis/meta v0.7.0/go.mod h1:yHuY8kyGHYz22I0jQzqMMGCcHViuzC/WPdo9Gisk8Po=
 github.com/fluxcd/pkg/runtime v0.8.0 h1:cnSBZJLcXlKgjXpFFFExu+4ZncIxmPgNIx+ErLcCLnA=
@@ -634,21 +636,27 @@ k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo=
 k8s.io/api v0.20.2 h1:y/HR22XDZY3pniu9hIFDLpUCPq2w5eQ6aV/VFQ7uJMw=
 k8s.io/api v0.20.2/go.mod h1:d7n6Ehyzx+S+cE3VhTGfVNNqtGc/oL9DCdYYahlurV8=
 k8s.io/apiextensions-apiserver v0.20.1/go.mod h1:ntnrZV+6a3dB504qwC5PN/Yg9PBiDNt1EVqbW2kORVk=
+k8s.io/apiextensions-apiserver v0.20.2 h1:rfrMWQ87lhd8EzQWRnbQ4gXrniL/yTRBgYH1x1+BLlo=
+k8s.io/apiextensions-apiserver v0.20.2/go.mod h1:F6TXp389Xntt+LUq3vw6HFOLttPa0V8821ogLGwb6Zs=
 k8s.io/apimachinery v0.20.1/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU=
 k8s.io/apimachinery v0.20.2 h1:hFx6Sbt1oG0n6DZ+g4bFt5f6BoMkOjKWsQFu077M3Vg=
 k8s.io/apimachinery v0.20.2/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU=
 k8s.io/apiserver v0.20.1/go.mod h1:ro5QHeQkgMS7ZGpvf4tSMx6bBOgPfE+f52KwvXfScaU=
+k8s.io/apiserver v0.20.2/go.mod h1:2nKd93WyMhZx4Hp3RfgH2K5PhwyTrprrkWYnI7id7jA=
 k8s.io/client-go v0.20.1/go.mod h1:/zcHdt1TeWSd5HoUe6elJmHSQ6uLLgp4bIJHVEuy+/Y=
 k8s.io/client-go v0.20.2/go.mod h1:kH5brqWqp7HDxUFKoEgiI4v8G1xzbe9giaCenUWJzgE=
 k8s.io/code-generator v0.20.1/go.mod h1:UsqdF+VX4PU2g46NC2JRs4gc+IfrctnwHb76RNbWHJg=
+k8s.io/code-generator v0.20.2/go.mod h1:UsqdF+VX4PU2g46NC2JRs4gc+IfrctnwHb76RNbWHJg=
 k8s.io/component-base v0.20.1/go.mod h1:guxkoJnNoh8LNrbtiQOlyp2Y2XFCZQmrcg2n/DeYNLk=
+k8s.io/component-base v0.20.2/go.mod h1:pzFtCiwe/ASD0iV7ySMu8SYVJjCapNM9bjvk7ptpKh0=
 k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
 k8s.io/gengo v0.0.0-20201113003025-83324d819ded/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
 k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
 k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
 k8s.io/klog/v2 v2.4.0 h1:7+X0fUguPyrKEC4WjH8iGDg3laWgMo5tMnRTIGTTxGQ=
 k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
 k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM=
+k8s.io/utils v0.0.0-20201110183641-67b214c5f920 h1:CbnUZsM497iRC5QMVkHwyl8s2tB3g7yaSHkYPkpgelw=
 k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=

api/v1beta1/kustomization_types.go

@@ -17,12 +17,14 @@ limitations under the License.
 package v1beta1
 
 import (
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	"time"
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 
+	"github.com/fluxcd/pkg/apis/kustomize"
 	"github.com/fluxcd/pkg/apis/meta"
 	"github.com/fluxcd/pkg/runtime/dependency"
 )
@@ -74,9 +76,19 @@ type KustomizationSpec struct {
 	// +optional
 	HealthChecks []meta.NamespacedObjectKindReference `json:"healthChecks,omitempty"`
 
-	// A list of images used to override or set the name and tag for container images.
+	// Strategic merge patches, defined as inline YAML objects.
 	// +optional
-	Images []Image `json:"images,omitempty"`
+	PatchesStrategicMerge []apiextensionsv1.JSON `json:"patchesStrategicMerge,omitempty"`
+
+	// JSON 6902 patches, defined as inline YAML objects.
+	// +optional
+	PatchesJSON6902 []kustomize.JSON6902Patch `json:"patchesJson6902,omitempty"`
+
+	// Images is a list of (image name, new name, new tag or digest)
+	// for changing image names, tags or digests. This can also be achieved with a
+	// patch, but this operator is simpler to specify.
+	// +optional
+	Images []kustomize.Image `json:"images,omitempty"`
 
 	// The name of the Kubernetes service account to impersonate
 	// when reconciling this Kustomization.
@@ -124,21 +136,6 @@ type Decryption struct {
 	SecretRef *meta.LocalObjectReference `json:"secretRef,omitempty"`
 }
 
-// Image contains the name, new name and new tag that will replace the original container image.
-type Image struct {
-	// Name of the image to be replaced.
-	// +required
-	Name string `json:"name"`
-
-	// NewName is the name of the image used to replace the original one.
-	// +required
-	NewName string `json:"newName"`
-
-	// NewTag is the image tag used to replace the original tag.
-	// +required
-	NewTag string `json:"newTag"`
-}
-
 // KubeConfig references a Kubernetes secret that contains a kubeconfig file.
 type KubeConfig struct {
 	// SecretRef holds the name to a secret that contains a 'value' key with

api/v1beta1/zz_generated.deepcopy.go

@@ -114,27 +114,30 @@ spec:
                   type: object
                 type: array
               images:
-                description: A list of images used to override or set the name and
-                  tag for container images.
+                description: Images is a list of (image name, new name, new tag or
+                  digest) for changing image names, tags or digests. This can also
+                  be achieved with a patch, but this operator is simpler to specify.
                 items:
-                  description: Image contains the name, new name and new tag that
-                    will replace the original container image.
+                  description: Image contains an image name, a new name, a new tag
+                    or digest, which will replace the original name and tag.
                   properties:
+                    digest:
+                      description: Digest is the value used to replace the original
+                        image tag. If digest is present NewTag value is ignored.
+                      type: string
                     name:
-                      description: Name of the image to be replaced.
+                      description: Name is a tag-less image name.
                       type: string
                     newName:
-                      description: NewName is the name of the image used to replace
-                        the original one.
+                      description: NewName is the value used to replace the original
+                        name.
                       type: string
                     newTag:
-                      description: NewTag is the image tag used to replace the original
+                      description: NewTag is the value used to replace the original
                         tag.
                       type: string
                   required:
                   - name
-                  - newName
-                  - newTag
                   type: object
                 type: array
               interval:
@@ -162,6 +165,85 @@ spec:
                     - name
                     type: object
                 type: object
+              patchesJson6902:
+                description: JSON 6902 patches, defined as inline YAML objects.
+                items:
+                  description: JSON6902Patch contains a JSON6902 patch and the target
+                    the patch should be applied to.
+                  properties:
+                    patch:
+                      description: Patch contains the JSON6902 patch document with
+                        an array of operation objects.
+                      items:
+                        description: JSON6902 is a JSON6902 operation object. https://tools.ietf.org/html/rfc6902#section-4
+                        properties:
+                          from:
+                            type: string
+                          op:
+                            enum:
+                            - test
+                            - remove
+                            - add
+                            - replace
+                            - move
+                            - copy
+                            type: string
+                          path:
+                            type: string
+                          value:
+                            x-kubernetes-preserve-unknown-fields: true
+                        required:
+                        - op
+                        - path
+                        type: object
+                      type: array
+                    target:
+                      description: Target points to the resources that the patch document
+                        should be applied to.
+                      properties:
+                        annotationSelector:
+                          description: AnnotationSelector is a string that follows
+                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+                            It matches with the resource annotations.
+                          type: string
+                        group:
+                          description: Group is the API group to select resources
+                            from. Together with Version and Kind it is capable of
+                            unambiguously identifying and/or selecting resources.
+                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+                          type: string
+                        kind:
+                          description: Kind of the API Group to select resources from.
+                            Together with Group and Version it is capable of unambiguously
+                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+                          type: string
+                        labelSelector:
+                          description: LabelSelector is a string that follows the
+                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+                            It matches with the resource labels.
+                          type: string
+                        name:
+                          description: Name to match resources with.
+                          type: string
+                        namespace:
+                          description: Namespace to select resources from.
+                          type: string
+                        version:
+                          description: Version of the API Group to select resources
+                            from. Together with Group and Kind it is capable of unambiguously
+                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+                          type: string
+                      type: object
+                  required:
+                  - patch
+                  - target
+                  type: object
+                type: array
+              patchesStrategicMerge:
+                description: Strategic merge patches, defined as inline YAML objects.
+                items:
+                  x-kubernetes-preserve-unknown-fields: true
+                type: array
               path:
                 description: Path to the directory containing the kustomization.yaml
                   file, or the set of plain YAMLs a kustomization.yaml should be generated

config/crd/bases/kustomize.toolkit.fluxcd.io_kustomizations.yaml

@@ -1,13 +1,13 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: override-test
+  name: images-test
 ---
 apiVersion: source.toolkit.fluxcd.io/v1beta1
 kind: GitRepository
 metadata:
   name: podinfo
-  namespace: override-test
+  namespace: images-test
 spec:
   interval: 5m
   url: https://github.com/stefanprodan/podinfo
@@ -18,9 +18,9 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
 kind: Kustomization
 metadata:
   name: podinfo
-  namespace: override-test
+  namespace: images-test
 spec:
-  targetNamespace: override-test
+  targetNamespace: images-test
   interval: 5m
   path: "./kustomize"
   prune: true