英文:
kustomize: inherit labels from base on overlay generator
问题
我不知道如何处理它。
我的服务部署在3个环境中:des、pre和pro。
我只需要在des环境中生成密钥。
在pre和pro上,由客户的DevOps团队部署。
我的base/kustomization.yaml:
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
configurations:
- kustomizeconfig/configurations/references-configuration.yaml
transformers:
- kustomizeconfig/transformers/labels-transformer.yaml
generators:
- kustomizeconfig/generators/configmap-generator.yaml
resources:
- resources/deployment.yaml
- resources/service.yaml
如您所见,我创建了一个labels-transformer.yaml,其中包含所有我的通用标签:
apiVersion: builtin
kind: LabelTransformer
metadata:
name: notImportantHere
labels:
app.kubernetes.io/name: security-pwd
app.kubernetes.io/version: "1.0.0"
app.kubernetes.io/component: security-pwd
app.kubernetes.io/part-of: espaidoc
app.kubernetes.io/managed-by: kustomize
fieldSpecs:
- kind: Service
path: metadata/labels
create: true
- kind: Service
path: spec/selector
create: true
- kind: DeploymentConfig
path: metadata/labels
create: true
- kind: DeploymentConfig
path: spec/template/metadata/labels
create: true
- kind: ConfigMap
path: metadata/labels
create: true
- kind: Secret
path: metadata/labels
create: true
在我的des叠加中,我使用了一个secret-generator来创建密钥。
kustomize/overlays/des/kustomization.yaml:
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
transformers:
- kustomizeconfig/transformers/labels-transformer.yaml
- kustomizeconfig/transformers/image-transformer.yaml
generators:
- kustomizeconfig/generators/config-generator.yaml
- kustomizeconfig/generators/secret-generator.yaml
resources:
- ../../base
kustomize/overlays/des/kustomizeconfig/generators/secret-generator.yaml:
apiVersion: builtin
kind: SecretGenerator
metadata:
name: security-pwd
envs:
- env/secret.env
然而,我的密钥没有继承来自基本配置的标签:
apiVersion: v1
data:
XXX:YYY
kind: Secret
metadata:
labels:
stage: development
name: security-pwd-7g4h45kbc8
type: Opaque
如您所见,生成的密钥只有stage: development标签。
我的问题是,我应该如何解决这个问题?
请记住,密钥始终是必需的,但在pre和pro上是由外部提供的。我的意思是,在base层上我不能放置一个空的生成器,因为我不需要在pre和pro上提供它。只在des上需要... 有什么建议吗?
英文:
I don't know how to handle it.
My service is deployed into 3 environments: des, pre and pro.
I only need to generate secret on des environment.
On pre and pro it's deployed by customer devops team.
My base/kustomization.yaml:
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
configurations:
- kustomizeconfig/configurations/references-configuration.yaml
transformers:
- kustomizeconfig/transformers/labels-transformer.yaml
generators:
- kustomizeconfig/generators/configmap-generator.yaml
resources:
- resources/deployment.yaml
- resources/service.yaml
As you can see, I've created a labels-transformer.yaml where I put all my common labels:
apiVersion: builtin
kind: LabelTransformer
metadata:
name: notImportantHere
labels:
app.kubernetes.io/name: security-pwd
app.kubernetes.io/version: "1.0.0"
app.kubernetes.io/component: security-pwd
app.kubernetes.io/part-of: espaidoc
app.kubernetes.io/managed-by: kustomize
fieldSpecs:
- kind: Service
path: metadata/labels
create: true
- kind: Service
path: spec/selector
create: true
- kind: DeploymentConfig
path: metadata/labels
create: true
- kind: DeploymentConfig
path: spec/template/metadata/labels
create: true
- kind: ConfigMap
path: metadata/labels
create: true
- kind: Secret
path: metadata/labels
create: true
Into my des overlay I'm using a secret-generator in order to create the secret.
kustomize/overlays/des/kustomization.yaml:
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
transformers:
# - kustomizeconfig/transformers/name-transformer.yaml
- kustomizeconfig/transformers/labels-transformer.yaml
- kustomizeconfig/transformers/image-transformer.yaml
generators:
- kustomizeconfig/generators/config-generator.yaml
- kustomizeconfig/generators/secret-generator.yaml
resources:
- ../../base
kustomize/overlays/des/kustomizeconfig/generators/secret-generator.yaml:
apiVersion: builtin
kind: SecretGenerator
metadata:
name: security-pwd
envs:
- env/secret.env
However, my secret doesn't inherit labels from base:
apiVersion: v1
data:
XXX:YYY
kind: Secret
metadata:
labels:
stage: development
name: security-pwd-7g4h45kbc8
type: Opaque
As you can see, generated secret has only stage:development label.
My question, how should I address it?
Remember that secret is always needed, nevertheless, on pre and pro is externally provided. I mean, I can't put an empty generator on base layer since, I don't need to provide it on pre and pro. Only on des...
Any ideas?
答案1
得分: 2
使用 kustomize,没有任何东西是 "继承" 的。转换仅应用于由定义转换的 kustomization.yaml 生成的清单。如果您希望一组常见标签应用于 所有 您的资源,您需要在 "最外层" 的 kustomization.yaml 中设置这些标签。
如果您需要在多个叠加层中使用相同的标签集,并且希望避免重复,可以将它们捆绑到一个 component 中。
目录布局
对于这个示例,我的目录布局如下:
.
├── base
│ ├── deployment.yaml
│ ├── kustomization.yaml
│ └── service.yaml
├── components
│ └── common-labels
│ ├── kustomization.yaml
│ └── labels-transformer.yaml
└── overlays
├── des
│ └── kustomization.yaml
└── pro
└── kustomization.yaml
基础配置
在 components/common-labels/kustomization.yaml 中,我有:
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
transformers:
- labels-transformer.yaml
而在 components/common-labels/labels-transformer.yaml 中,我有您问题中的示例。
在 base/kustomization.yaml 中,我有一个 kustomization.yaml,生成一个 deploymentconfig、一个 service 和一个 configmap:
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yaml
- service.yaml
configMapGenerator:
- name: example
literals:
- name=alice
- email=alice@example.com
components:
- ../components/common-labels
从顶层运行 kustomize build base 将生成具有您的常见标签的清单,这些标签将应用于转换配置指定的所有位置:
apiVersion: v1
data:
email: alice@example.com
name: alice
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/component: security-pwd
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: security-pwd
app.kubernetes.io/part-of: espaidoc
app.kubernetes.io/version: 1.0.0
name: example-b5hhtcf222
---
[...]
叠加配置
在 overlays/des/kustomization.yaml 中,我有:
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../base
components:
- ../../components/common-labels
secretGenerator:
- name: security-pwd
literals:
- password=secret
这将输出与 kustomize build base 相同的内容,另外还会添加一个 Secret 资源,也会被适当地标记:
apiVersion: v1
data:
password: c2VjcmV0
kind: Secret
metadata:
labels:
app.kubernetes.io/component: security-pwd
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: security-pwd
app.kubernetes.io/part-of: espaidoc
app.kubernetes.io/version: 1.0.0
name: security-pwd-m4d885dchh
type: Opaque
与您的问题无关,但 OpenShift 建议使用原生的 Deployment 资源,而不是 OpenShift 特定的 DeploymentConfig 资源:
在 OpenShift Container Platform 中支持 Kubernetes Deployment 对象和 OpenShift Container Platform 提供的 DeploymentConfig 对象;但是,建议使用 Deployment 对象,除非您需要 DeploymentConfig 对象提供的特定功能或行为。
如果您使用 Deployment 对象,您不需要 LabelsTransformer 配置(因为 kustomize 知道在 Deployment 对象上应用标签的位置);您只需在 kustomization.yaml 中使用 commonLabels 指令即可。
您可以在 此存储库 中找到本答案中显示的所有代码。
英文:
With kustomize, nothing is "inherited". Transformations are only applied to manifests generated by the kustomization.yaml that defines the transformations. If you want a set of common labels applied to all your resources, you need to set those labels in the "outermost" kustomization.yaml.
If you need the same set of labels in multiple overlays and you want to avoid repeating yourself, you can bundle them into a component.
Directory layout
For this example, my directory layout look like:
.
├── base
│   ├── deployment.yaml
│   ├── kustomization.yaml
│   └── service.yaml
├── components
│   └── common-labels
│   ├── kustomization.yaml
│   └── labels-transformer.yaml
└── overlays
├── des
│   └── kustomization.yaml
└── pro
└── kustomization.yaml
Base configuration
In components/common-labels/kustomization.yaml I have:
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
transformers:
- labels-transformer.yaml
And in components/common-labels/labels-transformer.yaml I have the example from your question.
In base/kustomization.yaml I have a kustomization.yaml that generates a deploymentconfig, a service, and a configmap:
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yaml
- service.yaml
configMapGenerator:
- name: example
literals:
- name=alice
- email=alice@example.com
components:
- ../components/common-labels
Running kustomize build base from the top level will generate manifests that have your common labels applied in all the locations specified by your transformer configuration:
apiVersion: v1
data:
email: alice@example.com
name: alice
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/component: security-pwd
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: security-pwd
app.kubernetes.io/part-of: espaidoc
app.kubernetes.io/version: 1.0.0
name: example-b5hhtcf222
---
[...]
Overlay configuration
In overlays/des/kustomization.yaml, I have:
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../base
components:
- ../../components/common-labels
secretGenerator:
- name: security-pwd
literals:
- password=secret
This outputs the same content as kustomize build base with the addition of a Secret resource, which is also appropriately labelled:
apiVersion: v1
data:
password: c2VjcmV0
kind: Secret
metadata:
labels:
app.kubernetes.io/component: security-pwd
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: security-pwd
app.kubernetes.io/part-of: espaidoc
app.kubernetes.io/version: 1.0.0
name: security-pwd-m4d885dchh
type: Opaque
Unrelated to your question, but openshift recommends using native Deployment resources rather than OpenShift-specific DeploymentConfig resources:
> Both Kubernetes Deployment objects and OpenShift Container Platform-provided DeploymentConfig objects are supported in OpenShift Container Platform; however, it is recommended to use Deployment objects unless you need a specific feature or behavior provided by DeploymentConfig objects.
If you use Deployment objects, you don't need a LabelsTransformer configuration (because kustomize knows where to apply labels on a Deployment object); you can just use the commonLabels directive in your kustomization.yaml.
You can find all the code shown in this answer in this repository.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论