Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tolerate absence of resources in post-build substitution #570

Merged

Conversation

seh
Copy link
Contributor

@seh seh commented Feb 13, 2022

In a Kustomization's post-build substitution sources, introduce a new "Optional" field to allow referencing a Kubernetes ConfigMap or Secret that may not exist at time of reconciliation. Treat substitution when the referenced object is missing as if the object had been present but empty, lacking any variable bindings.

Retain the longstanding behavior of interpreting references to Kubernetes objects being mandatory by default, such that reconciliation fails if such a referenced object does not exist. Only when the "Optional" field is set to true will reconciliation tolerate finding the referenced object to be missing.

Fixes #565.

seh added 2 commits February 13, 2022 16:13
Signed-off-by: Steven E. Harris <seh@panix.com>
When the Docker service isn't running, the test suite can't create a
Vault instance. Trap this failure earlier in the test program to
preclude panicking after tests relying on Vault have failed.

Signed-off-by: Steven E. Harris <seh@panix.com>
@seh seh force-pushed the tolerate-absent-post-build-subst-references branch from 827484c to 8847023 Compare February 13, 2022 21:14
Copy link
Member

@stefanprodan stefanprodan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please update the API docs here https://github.com/fluxcd/kustomize-controller/blob/main/docs/spec/v1beta2/kustomization.md#variable-substitution and mention the Optional field and its behaviour. Please also add it to the example YAML in that section, under cluster-vars.

@stefanprodan stefanprodan added area/varsub Post-build variable substitution related issues and pull requests enhancement New feature or request labels Feb 14, 2022
@seh seh force-pushed the tolerate-absent-post-build-subst-references branch 2 times, most recently from e6ff305 to 2627262 Compare February 14, 2022 20:12
@seh
Copy link
Contributor Author

seh commented Feb 14, 2022

Please let me know if the documentation suits your style. I am amenable to adjusting the voice and level of detail.

Copy link
Member

@makkes makkes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great change, thanks @seh! Just a few nits, otherwise lgtm.

@@ -748,6 +748,16 @@ With `spec.postBuild.substituteFrom` you can provide a list of ConfigMaps and Se
from which the variables are loaded.
The ConfigMap and Secret data keys are used as the var names.

The `spec.postBuild.substituteFrom.optional` field indicates how the
controller should handle a referenced ConfigMap or Secret being absent
at renconciliation time. The controller's default behavior―with
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
at renconciliation time. The controller's default behaviorwith
at renconciliation time. The controller's default behaviorwith

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, spaces around your em dashes, then? I can meet you there.

The `spec.postBuild.substituteFrom.optional` field indicates how the
controller should handle a referenced ConfigMap or Secret being absent
at renconciliation time. The controller's default behavior―with
`optional` unspecified or set to false―has it fail reconciliation if
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
`optional` unspecified or set to falsehas it fail reconciliation if
`optional` unspecified or set to falsehas it fail reconciliation if

at renconciliation time. The controller's default behavior―with
`optional` unspecified or set to false―has it fail reconciliation if
the referenced object is missing. By setting the `optional` field to
true, you can indicate that controller should use the referenced
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
true, you can indicate that controller should use the referenced
`true`, you indicate that controller should use the referenced

seh added 2 commits February 15, 2022 09:27
In a Kustomization's post-build substitution sources, introduce a new
"Optional" field to allow referencing a Kubernetes ConfigMap or Secret
that may not exist at time of reconciliation. Treat substitution when
the referenced object is missing as if the object had been present but
empty, lacking any variable bindings.

Retain the longstanding behavior of interpreting references to
Kubernetes objects being mandatory by default, such that
reconciliation fails if such a referenced object does not exist. Only
when the "Optional" field is set to true will reconciliation tolerate
finding the referenced object to be missing.

Signed-off-by: Steven E. Harris <seh@panix.com>
Signed-off-by: Steven E. Harris <seh@panix.com>
@seh seh force-pushed the tolerate-absent-post-build-subst-references branch from 2627262 to af038d6 Compare February 15, 2022 14:28
Copy link
Member

@stefanprodan stefanprodan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Thanks @seh 🎖️

@stefanprodan stefanprodan merged commit 5666108 into fluxcd:main Feb 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/varsub Post-build variable substitution related issues and pull requests enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Allow ConfigMaps and Secrets in post-build substitution to be absent
3 participants