kustomize, secretGenerator & patchesStrategicMerge: envFrom.secretRef not reading hashed secret name

9/23/2020

In my kustomization.yaml I have:

...
secretGenerator:
  - name: db-env
    behavior: create
    envs:
      - my.env
patchesStrategicMerge:
  - app.yaml

And then in my app.yaml (the patch) I have:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: app-deployment
spec:
  template:
    spec:
      containers:
        - name: server
          envFrom:
            - secretRef:
                name: db-env

When I try build this via kustomize build k8s/development I get back out:

apiVersion: apps/v1
kind: Deployment
...
    spec:
      containers:
      - envFrom:
        - secretRef:
            name: db-env
        name: server

When it should be:

      - envFrom:
        - secretRef:
            name: db-env-4g95hhmhfc

How do I get the secretGenerator name hashing to apply to patchesStrategicMerge too?

Or alternatively, what's the proper way to inject some environment vars into a deployment for a specific overlay?

This for development.


My file structure is like:

tree k8s
k8s
├── base
│   ├── app.yaml
│   └── kustomization.yaml
├── development
│   ├── app.yaml
│   ├── golinks.sql
│   ├── kustomization.yaml
│   ├── mariadb.yaml
│   ├── my.cnf
│   └── my.env
└── production
    ├── ingress.yaml
    └── kustomization.yaml

Where base/kustomization.yaml is:

namespace: go-mpen
resources:
- app.yaml
images:
- name: server
  newName: reg/proj/server

and development/kustomization.yaml is:

resources:
  - ../base
  - mariadb.yaml
configMapGenerator:
  - name: mariadb-config
    files:
      - my.cnf
  - name: initdb-config
    files:
      - golinks.sql  # TODO: can we mount this w/out a config file?
secretGenerator:
  - name: db-env
    behavior: create
    envs:
      - my.env
patchesStrategicMerge:
  - app.yaml
-- mpen
kubernetes
kustomize

1 Answer

9/23/2020

This works fine for me with kustomize v3.8.4. Can you please check your version and if disableNameSuffixHash is not perhaps set to you true.

Here are the manifests used by me to test this:

app.yaml  deployment.yaml  kustomization.yaml   my.env

app.yaml

kind: Deployment
metadata:
  name: app-deployment
spec:
  template:
    spec:
      containers:
        - name: server
          envFrom:
            - secretRef:
                name: db-env

deplyoment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: app-deployment 
  labels:
    app: nginx
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.14.2
        ports:
        - containerPort: 80

and my kustomization.yaml

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

secretGenerator:
  - name: db-env
    behavior: create
    envs:
      - my.env
patchesStrategicMerge:
  - app.yaml

resources: 
  - deployment.yaml 

And here is the result:

apiVersion: v1
data:
  ASD: MTIz
kind: Secret
metadata:
  name: db-env-f5tt4gtd7d
type: Opaque
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx
  name: app-deployment
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - image: nginx:1.14.2
        name: nginx
        ports:
        - containerPort: 80
      - envFrom:
        - secretRef:
            name: db-env-f5tt4gtd7d
        name: server
-- acid_fuji
Source: StackOverflow