Skip to content

Constant rewriting of the CRD #1138

Open
#1627
Open
Constant rewriting of the CRD#1138
#1627
@tropnikovvl

Description

@tropnikovvl
tropnikovvl
opened on Apr 16, 2024

Hello!

Using Flux, I deployed the external-secrets operator and its CRD.

The fact is that the external-secrets operator stores the caBundle directly in the CRD and therefore Flux constantly overwrites it.

Question: is it possible to add some manifest fields to those ignored by Kustomization?

 {"level":"info","ts":"2024-04-16T11:13:17.992Z","msg":"server-side apply for cluster definitions completed","controller":"kustomization","controllerGroup":"kustomize.toolkit.fluxcd.io","controllerKind":"Kustomization","Kustomization":{"name":"crds-stack","namespace":"flux-system"},"namespace":"flux-system","name":"crds-stack","reconcileID":"c2167182-e883-4189-814e-7d895b0da69f","output":{"CustomResourceDefinition/clustersecretstores.external-secrets.io":"configured","CustomResourceDefinition/externalsecrets.external-secrets.io":"configured","CustomResourceDefinition/secretstores.external-secrets.io":"configured"}}

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
  - https://raw.githubusercontent.com/external-secrets/external-secrets/v0.9.14/deploy/crds/bundle.yaml

 apiVersion: apiextensions.k8s.io/v1                                                                                                                                                                                                                                                                                                                                      
 kind: CustomResourceDefinition                                                                                                                                                                                                                                                                                                                                           
 metadata:                                                                                                                                                                                                                                                                                                                                                                
   annotations:                                                                                                                                                                                                                                                                                                                                                           
     controller-gen.kubebuilder.io/version: v0.14.0                                                                                                                                                                                                                                                                                                                       
   creationTimestamp: "2024-04-10T09:58:54Z"                                                                                                                                                                                                                                                                                                                              
   generation: 190                                                                                                                                                                                                                                                                                                                                                        
   labels:                                                                                                                                                                                                                                                                                                                                                                
     kustomize.toolkit.fluxcd.io/name: crds-stack                                                                                                                                                                                                                                                                                                                         
     kustomize.toolkit.fluxcd.io/namespace: flux-system                                                                                                                                                                                                                                                                                                                   
   name: clustersecretstores.external-secrets.io                                                                                                                                                                                                                                                                                                                          
   resourceVersion: "1265682"                                                                                                                                                                                                                                                                                                                                             
   uid: 89ad4f41-1a9c-4bd8-951a-b38ae52dbca5                                                                                                                                                                                                                                                                                                                              
 spec:                                                                                                                                                                                                                                                                                                                                                                    
   conversion:                                                                                                                                                                                                                                                                                                                                                            
     strategy: Webhook                                                                                                                                                                                                                                                                                                                                                    
     webhook:                                                                                                                                                                                                                                                                                                                                                             
       clientConfig:                                                                                                                                                                                                                                                                                                                                                      
         caBundle: long caBundle                                                                                                                                                                          
         service:                                                                                                                                                                                                                                                                                                                                                         
           name: external-secrets-webhook                                                                                                                                                                                                                                                                                                                                 
           namespace: external-secrets                                                                                                                                                                                                                                                                                                                                    
           path: /convert                                                                                                                                                                                                                                                                                                                                                 
           port: 443                                                                                                                                                                                                                                                                                                                                                      
       conversionReviewVersions:                                                                                                                                                                                                                                                                                                                                          
       - v1                                                                                                                                                                                                                                                                                                                                                               
   group: external-secrets.io                                                                                                                                                                                                                                                                                                                                             
   names:                                                                                                                                                                                                                                                                                                                                                                 
     categories:                                                                                                                                                                                                                                                                                                                                                          
     - externalsecrets                                                                                                                                                                                                                                                                                                                                                    
     kind: ClusterSecretStore                                                                                                                                                                                                                                                                                                                                             
     listKind: ClusterSecretStoreList                                                                                                                                                                                                                                                                                                                                     
     plural: clustersecretstores                                                                                                                                                                                                                                                                                                                                          
     shortNames:                                                                                                                                                                                                                                                                                                                                                          
     - css                                                                                                                                                                                                                                                                                                                                                                
     singular: clustersecretstore                                                                                                                                                                                                                                                                                                                                         
   scope: Cluster

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions