-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
namespace
Transformer Does Not Update Namespace in nginx.ingress.kubernetes.io/auth-tls-secret
#4365
Comments
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
/remove-lifecycle rotten |
/triage accepted It seems like the fix would be a simple update to the Namespace transformer fieldspecs. We would be happy to review a PR to resolve this issue. |
/assign |
@natasha41575 The auth-tls-secret requires partial namespace update, I'm afraid that's not what namespace transformer can support ? related to #4457 |
@yuwenma is right--when we triaged this, we missed the fact that the request is to update a substring within an annotation. That is indeed something that fieldSpec-driven transformers do not support, so this is not easy to address. In this case, the transformer in question is NameReferenceTransformer. #4457 was closed because it implied unstructured edit support, which is not acceptable in Kustomize. This particular substring can be targeted structurally, but the only transformer we have that can do so right now is Replacements, specifically with its delimiter and index options. Related: #4512 (comment) Now that I look at this again, I'm surprised we added support for this annotation in the builtin field specs in the first place, since it is related to an out-of-tree controller. |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /close not-planned |
@k8s-triage-robot: Closing this issue, marking it as "Not Planned". In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Describe the bug
#1302 added support for Kustomize to update secret names referenced by
nginx.ingress.kubernetes.io/auth-tls-secret
annotations when those names are affected by prefix/suffix transformers, but it does not appear that thenamespace
transformer is able to update these annotations.Files that can reproduce the issue
ingress.yaml
secrets.yaml
kustomization.yaml
Expected output
Actual output
Kustomize version
Platform
5.4.91-microsoft-standard-WSL2 #1 SMP Mon Jan 25 18:39:31 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Additional context
If
ingress.yaml
is changed to the following:Then the output becomes the following:
The text was updated successfully, but these errors were encountered: