Kustomize replaces double quotes with single quotes

[prashant0085]

What happened?

Kustomize build replaces double quotes with single quotes for argo manifests causing argo app to fail while deploying

What did you expect to happen?

I expect it to not replace double quotes with single quotes as I am trying to do add operation in argo app by passing additional values other than what it is present in values.yaml of helm chart.

The other values which I am passing is stored in repo where app of apps pattern helm chart is present but instead of taking values from values.yaml, it taking literal values.

If I do not use kustomize and manually add parameters in manifests with double quotes then correct values are getting in argo app like below:

helm:
    valueFiles:
      - environments/demo/values.yaml
    parameters:
      - name: 'deployment.container[0].image.repository'
        value: xxxxxxxxxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com
      - name: serviceAccount.annotations.eks\.amazonaws\.com/role-arn
        value: 'arn:aws:iam::xxxxxxxxxxx:role/demo-role'
      - name: ingress.annotations.alb\.ingress\.kubernetes\.io/certificate-arn
        value: >-
           arn:aws:acm:us-east-1:xxxxxxxxxxxxxx:certificate/xxxxxxx-xxx-xxxx-xxxx-xxxxxxxxx

How can we reproduce it (as minimally and precisely as possible)?

Kustomization file

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
metadata:
  name: argocd-application-patch
resources:
  - templates/console-api.yaml
patches:
  - target:
      kind: Application
    patch: |-
      - op: replace
        path: /spec/source/targetRevision
        value: test-common-values
      - op: add
        path: /spec/source/helm/parameters
        value:
          - name: "deployment.container[0].image.repository"
            value: "{{ .Values.ecrRepositoryUrl }}"
          - name: "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
            value: "{{ .Values.serviceAccountRoleArn }}"
          - name: "ingress.annotations.alb\\.ingress\\.kubernetes\\.io/certificate-arn"
            value: "{{ .Values.ingressCertificateArn }}"

Argo app manifest targetted by kustomize

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: console-api
  namespace: argocd
  finalizers:
  - resources-finalizer.argocd.argoproj.io
spec:
  project: default
  source:
    repoURL: https://example.com/ocp-console/helm-charts/console-api
    targetRevision: "{{ .Values.targetRevision }}"
    path: .
    helm:
      valueFiles:
      - environments/{{ .Values.clusterName }}/values.yaml
  destination:
    namespace: console-api
    server: "{{ .Values.spec.destination.server }}"
  syncPolicy:
    syncOptions:
       - CreateNamespace=false
    automated:
      prune: true
      allowEmpty: true
      selfHeal: true
    managedNamespaceMetadata:
      labels:
        istio-injection: enabled

Expected output

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  annotations:
    argocd.argoproj.io/sync-wave: "-1"
  name: console-api
  namespace: argocd
  finalizers:
    - resources-finalizer.argocd.argoproj.io
spec:
  project: default
  source:
    repoURL: https://git.omilia.com/ocp-console/helm-charts/console-api.git
    targetRevision: {{ .Values.targetRevision }}
    path: .
    helm:
      valueFiles:
        - "environments/{{ .Values.clusterName }}/values.yaml"
      parameters:
        - name: "deployment.container[0].image.repository"
          value: "{{ .Values.ecrRepositoryUrl }}"
        - name: "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
          value: "{{ .Values.serviceAccountRoleArn }}"
        - name: "ingress.annotations.alb\\.ingress\\.kubernetes\\.io/certificate-arn"
          value: "{{ .Values.ingressCertificateArn }}"
  destination:
    namespace: console-api
    server: "{{ .Values.spec.destination.server }}"
  syncPolicy:
    syncOptions:
      - CreateNamespace=true
    automated:
      prune: true
      allowEmpty: true
      selfHeal: true

Actual output

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  finalizers:
  - resources-finalizer.argocd.argoproj.io
  name: console-api
  namespace: argocd
spec:
  destination:
    namespace: console-api
    server: '{{ .Values.spec.destination.server }}'
  project: default
  source:
    helm:
      parameters:
      - name: deployment.container[0].image.repository
        value: '{{ .Values.ecrRepositoryUrl }}'
      - name: serviceAccount.annotations.eks\.amazonaws\.com/role-arn
        value: '{{ .Values.serviceAccountRoleArn }}'
      - name: ingress.annotations.alb\.ingress\.kubernetes\.io/certificate-arn
        value: '{{ .Values.ingressCertificateArn }}'
      valueFiles:
      - environments/{{ .Values.clusterName }}/values.yaml
    path: .
    repoURL: https://git.omilia.com/ocp-console/helm-charts/console-api
    targetRevision: test-common-values
  syncPolicy:
    automated:
      allowEmpty: true
      prune: true
      selfHeal: true
    managedNamespaceMetadata:
      labels:
        istio-injection: enabled
    syncOptions:
    - CreateNamespace=false

Kustomize version

v5.3.0

Operating system

None

[k8s-ci-robot]

This issue is currently awaiting triage.

SIG CLI takes a lead on issue triage for this repo, but any Kubernetes member can accept issues by applying the triage/accepted label.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.