diff --git a/api/go.mod b/api/go.mod
index ddf711b5..53ccf686 100644
--- a/api/go.mod
+++ b/api/go.mod
@@ -4,7 +4,7 @@ go 1.18
require (
github.com/fluxcd/pkg/apis/kustomize v0.6.0
- github.com/fluxcd/pkg/apis/meta v0.16.0
+ github.com/fluxcd/pkg/apis/meta v0.17.0
k8s.io/apiextensions-apiserver v0.25.2
k8s.io/apimachinery v0.25.2
sigs.k8s.io/controller-runtime v0.13.0
diff --git a/api/go.sum b/api/go.sum
index b4a658e6..fc5c4e28 100644
--- a/api/go.sum
+++ b/api/go.sum
@@ -3,8 +3,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/fluxcd/pkg/apis/kustomize v0.6.0 h1:Afxv3Uv+xiuettzqm3sP0ceWikDZTfHdHtLv6u2nFM8=
github.com/fluxcd/pkg/apis/kustomize v0.6.0/go.mod h1:iY0zSpK6eUiPfNt/yR6g0q/wQP+wH+Ax/L7KBOx5x2M=
-github.com/fluxcd/pkg/apis/meta v0.16.0 h1:6Mj9rB0TtvCeTe3IlQDc1i2DH75Oosea9yUqS7XafVg=
-github.com/fluxcd/pkg/apis/meta v0.16.0/go.mod h1:GrOVzWXiu22XjLNgLLe2EBYhQPqZetes5SIADb4bmHE=
+github.com/fluxcd/pkg/apis/meta v0.17.0 h1:Y2dfo1syHZDb9Mexjr2SWdcj1FnxnRXm015hEnhl6wU=
+github.com/fluxcd/pkg/apis/meta v0.17.0/go.mod h1:GrOVzWXiu22XjLNgLLe2EBYhQPqZetes5SIADb4bmHE=
github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI=
github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
diff --git a/api/v1beta2/kustomization_types.go b/api/v1beta2/kustomization_types.go
index cf6817ef..da12fabb 100644
--- a/api/v1beta2/kustomization_types.go
+++ b/api/v1beta2/kustomization_types.go
@@ -68,7 +68,7 @@ type KustomizationSpec struct {
// a controller level fallback for when KustomizationSpec.ServiceAccountName
// is empty.
// +optional
- KubeConfig *KubeConfig `json:"kubeConfig,omitempty"`
+ KubeConfig *meta.KubeConfigReference `json:"kubeConfig,omitempty"`
// Path to the directory containing the kustomization.yaml file, or the
// set of plain YAMLs a kustomization.yaml should be generated for.
@@ -168,21 +168,6 @@ type Decryption struct {
SecretRef *meta.LocalObjectReference `json:"secretRef,omitempty"`
}
-// KubeConfig references a Kubernetes secret that contains a kubeconfig file.
-type KubeConfig struct {
- // SecretRef holds the name of a secret that contains a key with
- // the kubeconfig file as the value. If no key is set, the key will default
- // to 'value'. The secret must be in the same namespace as
- // the Kustomization.
- // It is recommended that the kubeconfig is self-contained, and the secret
- // is regularly updated if credentials such as a cloud-access-token expire.
- // Cloud specific `cmd-path` auth helpers will not function without adding
- // binaries and credentials to the Pod that is responsible for reconciling
- // the Kustomization.
- // +required
- SecretRef meta.SecretKeyReference `json:"secretRef,omitempty"`
-}
-
// PostBuild describes which actions to perform on the YAML manifest
// generated by building the kustomize overlay.
type PostBuild struct {
diff --git a/api/v1beta2/zz_generated.deepcopy.go b/api/v1beta2/zz_generated.deepcopy.go
index 559181df..93ab196c 100644
--- a/api/v1beta2/zz_generated.deepcopy.go
+++ b/api/v1beta2/zz_generated.deepcopy.go
@@ -64,22 +64,6 @@ func (in *Decryption) DeepCopy() *Decryption {
return out
}
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *KubeConfig) DeepCopyInto(out *KubeConfig) {
- *out = *in
- out.SecretRef = in.SecretRef
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeConfig.
-func (in *KubeConfig) DeepCopy() *KubeConfig {
- if in == nil {
- return nil
- }
- out := new(KubeConfig)
- in.DeepCopyInto(out)
- return out
-}
-
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Kustomization) DeepCopyInto(out *Kustomization) {
*out = *in
@@ -160,7 +144,7 @@ func (in *KustomizationSpec) DeepCopyInto(out *KustomizationSpec) {
}
if in.KubeConfig != nil {
in, out := &in.KubeConfig, &out.KubeConfig
- *out = new(KubeConfig)
+ *out = new(meta.KubeConfigReference)
**out = **in
}
if in.PostBuild != nil {
diff --git a/config/crd/bases/kustomize.toolkit.fluxcd.io_kustomizations.yaml b/config/crd/bases/kustomize.toolkit.fluxcd.io_kustomizations.yaml
index f1848bff..b568cb5d 100644
--- a/config/crd/bases/kustomize.toolkit.fluxcd.io_kustomizations.yaml
+++ b/config/crd/bases/kustomize.toolkit.fluxcd.io_kustomizations.yaml
@@ -699,12 +699,12 @@ spec:
secretRef:
description: SecretRef holds the name of a secret that contains
a key with the kubeconfig file as the value. If no key is set,
- the key will default to 'value'. The secret must be in the same
- namespace as the Kustomization. It is recommended that the kubeconfig
- is self-contained, and the secret is regularly updated if credentials
- such as a cloud-access-token expire. Cloud specific `cmd-path`
- auth helpers will not function without adding binaries and credentials
- to the Pod that is responsible for reconciling the Kustomization.
+ the key will default to 'value'. It is recommended that the
+ kubeconfig is self-contained, and the secret is regularly updated
+ if credentials such as a cloud-access-token expire. Cloud specific
+ `cmd-path` auth helpers will not function without adding binaries
+ and credentials to the Pod that is responsible for reconciling
+ Kubernetes resources.
properties:
key:
description: Key in the Secret, when not specified an implementation-specific
@@ -716,6 +716,8 @@ spec:
required:
- name
type: object
+ required:
+ - secretRef
type: object
patches:
description: Strategic merge and JSON patches, defined as inline YAML
diff --git a/controllers/kustomization_acl_test.go b/controllers/kustomization_acl_test.go
index 3eda6fe9..dd587f5a 100644
--- a/controllers/kustomization_acl_test.go
+++ b/controllers/kustomization_acl_test.go
@@ -88,7 +88,7 @@ stringData:
Spec: kustomizev1.KustomizationSpec{
Interval: metav1.Duration{Duration: reconciliationInterval},
Path: "./",
- KubeConfig: &kustomizev1.KubeConfig{
+ KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: "kubeconfig",
},
diff --git a/controllers/kustomization_controller.go b/controllers/kustomization_controller.go
index 1a9675be..548ccbd3 100644
--- a/controllers/kustomization_controller.go
+++ b/controllers/kustomization_controller.go
@@ -363,7 +363,16 @@ func (r *KustomizationReconciler) reconcile(
}
// setup the Kubernetes client for impersonation
- impersonation := NewKustomizeImpersonation(kustomization, r.Client, r.StatusPoller, r.DefaultServiceAccount, r.KubeConfigOpts, r.PollingOpts)
+ impersonation := runtimeClient.NewImpersonator(
+ r.Client,
+ r.StatusPoller,
+ r.PollingOpts,
+ kustomization.Spec.KubeConfig,
+ r.KubeConfigOpts,
+ r.DefaultServiceAccount,
+ kustomization.Spec.ServiceAccountName,
+ kustomization.GetNamespace(),
+ )
kubeClient, statusPoller, err := impersonation.GetClient(ctx)
if err != nil {
return kustomizev1.KustomizationNotReady(
@@ -923,8 +932,17 @@ func (r *KustomizationReconciler) finalize(ctx context.Context, kustomization ku
kustomization.Status.Inventory.Entries != nil {
objects, _ := ListObjectsInInventory(kustomization.Status.Inventory)
- impersonation := NewKustomizeImpersonation(kustomization, r.Client, r.StatusPoller, r.DefaultServiceAccount, r.KubeConfigOpts, r.PollingOpts)
- if impersonation.CanFinalize(ctx) {
+ impersonation := runtimeClient.NewImpersonator(
+ r.Client,
+ r.StatusPoller,
+ r.PollingOpts,
+ kustomization.Spec.KubeConfig,
+ r.KubeConfigOpts,
+ r.DefaultServiceAccount,
+ kustomization.Spec.ServiceAccountName,
+ kustomization.GetNamespace(),
+ )
+ if impersonation.CanImpersonate(ctx) {
kubeClient, _, err := impersonation.GetClient(ctx)
if err != nil {
return ctrl.Result{}, err
diff --git a/controllers/kustomization_decryptor_test.go b/controllers/kustomization_decryptor_test.go
index 38816737..b78576e5 100644
--- a/controllers/kustomization_decryptor_test.go
+++ b/controllers/kustomization_decryptor_test.go
@@ -125,7 +125,7 @@ func TestKustomizationReconciler_Decryptor(t *testing.T) {
Spec: kustomizev1.KustomizationSpec{
Interval: metav1.Duration{Duration: 2 * time.Minute},
Path: "./",
- KubeConfig: &kustomizev1.KubeConfig{
+ KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: "kubeconfig",
},
diff --git a/controllers/kustomization_dependson_test.go b/controllers/kustomization_dependson_test.go
index d8ef33fc..531390f4 100644
--- a/controllers/kustomization_dependson_test.go
+++ b/controllers/kustomization_dependson_test.go
@@ -119,7 +119,7 @@ spec:
Spec: kustomizev1.KustomizationSpec{
Interval: metav1.Duration{Duration: reconciliationInterval},
Path: "./",
- KubeConfig: &kustomizev1.KubeConfig{
+ KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: "kubeconfig",
},
diff --git a/controllers/kustomization_fetcher_test.go b/controllers/kustomization_fetcher_test.go
index 83ade915..3bf0794a 100644
--- a/controllers/kustomization_fetcher_test.go
+++ b/controllers/kustomization_fetcher_test.go
@@ -85,7 +85,7 @@ stringData:
Spec: kustomizev1.KustomizationSpec{
Interval: metav1.Duration{Duration: reconciliationInterval},
Path: "./",
- KubeConfig: &kustomizev1.KubeConfig{
+ KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: "kubeconfig",
},
diff --git a/controllers/kustomization_force_test.go b/controllers/kustomization_force_test.go
index b55354ff..e6d24f61 100644
--- a/controllers/kustomization_force_test.go
+++ b/controllers/kustomization_force_test.go
@@ -85,7 +85,7 @@ stringData:
Spec: kustomizev1.KustomizationSpec{
Interval: metav1.Duration{Duration: reconciliationInterval},
Path: "./",
- KubeConfig: &kustomizev1.KubeConfig{
+ KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: "kubeconfig",
},
diff --git a/controllers/kustomization_fuzzer_test.go b/controllers/kustomization_fuzzer_test.go
index 59dc8bbe..e1cc33ec 100644
--- a/controllers/kustomization_fuzzer_test.go
+++ b/controllers/kustomization_fuzzer_test.go
@@ -210,7 +210,7 @@ func Fuzz_Controllers(f *testing.F) {
},
Spec: kustomizev1.KustomizationSpec{
Path: "./",
- KubeConfig: &kustomizev1.KubeConfig{
+ KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: "kubeconfig",
},
diff --git a/controllers/kustomization_impersonation.go b/controllers/kustomization_impersonation.go
deleted file mode 100644
index a044c487..00000000
--- a/controllers/kustomization_impersonation.go
+++ /dev/null
@@ -1,200 +0,0 @@
-/*
-Copyright 2020 The Flux authors
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package controllers
-
-import (
- "context"
- "fmt"
-
- corev1 "k8s.io/api/core/v1"
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
- "k8s.io/apimachinery/pkg/types"
- "k8s.io/client-go/rest"
- "k8s.io/client-go/tools/clientcmd"
- "sigs.k8s.io/cli-utils/pkg/kstatus/polling"
- "sigs.k8s.io/controller-runtime/pkg/client"
- "sigs.k8s.io/controller-runtime/pkg/client/apiutil"
- "sigs.k8s.io/controller-runtime/pkg/client/config"
-
- kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta2"
-
- runtimeClient "github.com/fluxcd/pkg/runtime/client"
-)
-
-// KustomizeImpersonation holds the state for impersonating a service account.
-type KustomizeImpersonation struct {
- client.Client
- kustomization kustomizev1.Kustomization
- statusPoller *polling.StatusPoller
- defaultServiceAccount string
- pollingOpts polling.Options
- kubeConfigOpts runtimeClient.KubeConfigOptions
-}
-
-// NewKustomizeImpersonation creates a new KustomizeImpersonation.
-func NewKustomizeImpersonation(
- kustomization kustomizev1.Kustomization,
- kubeClient client.Client,
- statusPoller *polling.StatusPoller,
- defaultServiceAccount string,
- kubeConfigOpts runtimeClient.KubeConfigOptions,
- pollingOpts polling.Options) *KustomizeImpersonation {
- return &KustomizeImpersonation{
- defaultServiceAccount: defaultServiceAccount,
- kustomization: kustomization,
- statusPoller: statusPoller,
- Client: kubeClient,
- kubeConfigOpts: kubeConfigOpts,
- pollingOpts: pollingOpts,
- }
-}
-
-// GetClient creates a controller-runtime client for talking to a Kubernetes API server.
-// If spec.KubeConfig is set, use the kubeconfig bytes from the Kubernetes secret.
-// Otherwise will assume running in cluster and use the cluster provided kubeconfig.
-// If a --default-service-account is set and no spec.ServiceAccountName, use the provided kubeconfig and impersonate the default SA.
-// If spec.ServiceAccountName is set, use the provided kubeconfig and impersonate the specified SA.
-func (ki *KustomizeImpersonation) GetClient(ctx context.Context) (client.Client, *polling.StatusPoller, error) {
- switch {
- case ki.kustomization.Spec.KubeConfig != nil:
- return ki.clientForKubeConfig(ctx)
- case ki.defaultServiceAccount != "" || ki.kustomization.Spec.ServiceAccountName != "":
- return ki.clientForServiceAccountOrDefault()
- default:
- return ki.Client, ki.statusPoller, nil
- }
-}
-
-// CanFinalize asserts if the given Kustomization can be finalized using impersonation.
-func (ki *KustomizeImpersonation) CanFinalize(ctx context.Context) bool {
- name := ki.defaultServiceAccount
- if sa := ki.kustomization.Spec.ServiceAccountName; sa != "" {
- name = sa
- }
- if name == "" {
- return true
- }
-
- sa := &corev1.ServiceAccount{
- TypeMeta: metav1.TypeMeta{
- Kind: "ServiceAccount",
- APIVersion: "v1",
- },
- ObjectMeta: metav1.ObjectMeta{
- Name: name,
- Namespace: ki.kustomization.Namespace,
- },
- }
- if err := ki.Client.Get(ctx, client.ObjectKeyFromObject(sa), sa); err != nil {
- return false
- }
-
- return true
-}
-
-func (ki *KustomizeImpersonation) setImpersonationConfig(restConfig *rest.Config) {
- name := ki.defaultServiceAccount
- if sa := ki.kustomization.Spec.ServiceAccountName; sa != "" {
- name = sa
- }
- if name != "" {
- username := fmt.Sprintf("system:serviceaccount:%s:%s", ki.kustomization.GetNamespace(), name)
- restConfig.Impersonate = rest.ImpersonationConfig{UserName: username}
- }
-}
-
-func (ki *KustomizeImpersonation) clientForServiceAccountOrDefault() (client.Client, *polling.StatusPoller, error) {
- restConfig, err := config.GetConfig()
- if err != nil {
- return nil, nil, err
- }
- ki.setImpersonationConfig(restConfig)
-
- restMapper, err := apiutil.NewDynamicRESTMapper(restConfig)
- if err != nil {
- return nil, nil, err
- }
-
- client, err := client.New(restConfig, client.Options{Mapper: restMapper})
- if err != nil {
- return nil, nil, err
- }
-
- statusPoller := polling.NewStatusPoller(client, restMapper, ki.pollingOpts)
- return client, statusPoller, err
-
-}
-
-func (ki *KustomizeImpersonation) clientForKubeConfig(ctx context.Context) (client.Client, *polling.StatusPoller, error) {
- kubeConfigBytes, err := ki.getKubeConfig(ctx)
- if err != nil {
- return nil, nil, err
- }
-
- restConfig, err := clientcmd.RESTConfigFromKubeConfig(kubeConfigBytes)
- if err != nil {
- return nil, nil, err
- }
-
- restConfig = runtimeClient.KubeConfig(restConfig, ki.kubeConfigOpts)
- ki.setImpersonationConfig(restConfig)
-
- restMapper, err := apiutil.NewDynamicRESTMapper(restConfig)
- if err != nil {
- return nil, nil, err
- }
-
- client, err := client.New(restConfig, client.Options{Mapper: restMapper})
- if err != nil {
- return nil, nil, err
- }
-
- statusPoller := polling.NewStatusPoller(client, restMapper, ki.pollingOpts)
-
- return client, statusPoller, err
-}
-
-func (ki *KustomizeImpersonation) getKubeConfig(ctx context.Context) ([]byte, error) {
- secretName := types.NamespacedName{
- Namespace: ki.kustomization.GetNamespace(),
- Name: ki.kustomization.Spec.KubeConfig.SecretRef.Name,
- }
-
- var secret corev1.Secret
- if err := ki.Get(ctx, secretName, &secret); err != nil {
- return nil, fmt.Errorf("unable to read KubeConfig secret '%s' error: %w", secretName.String(), err)
- }
-
- var kubeConfig []byte
- switch {
- case ki.kustomization.Spec.KubeConfig.SecretRef.Key != "":
- key := ki.kustomization.Spec.KubeConfig.SecretRef.Key
- kubeConfig = secret.Data[key]
- if kubeConfig == nil {
- return nil, fmt.Errorf("KubeConfig secret '%s' does not contain a '%s' key with a kubeconfig", secretName, key)
- }
- case secret.Data["value"] != nil:
- kubeConfig = secret.Data["value"]
- case secret.Data["value.yaml"] != nil:
- kubeConfig = secret.Data["value.yaml"]
- default:
- // User did not specify a key, and the 'value' key was not defined.
- return nil, fmt.Errorf("KubeConfig secret '%s' does not contain a 'value' key with a kubeconfig", secretName)
- }
-
- return kubeConfig, nil
-}
diff --git a/controllers/kustomization_impersonation_test.go b/controllers/kustomization_impersonation_test.go
index a0d07b38..f50cc1e9 100644
--- a/controllers/kustomization_impersonation_test.go
+++ b/controllers/kustomization_impersonation_test.go
@@ -91,7 +91,7 @@ data:
Spec: kustomizev1.KustomizationSpec{
Interval: metav1.Duration{Duration: time.Minute},
Path: "./",
- KubeConfig: &kustomizev1.KubeConfig{
+ KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: "kubeconfig",
},
@@ -260,7 +260,7 @@ data:
Spec: kustomizev1.KustomizationSpec{
Interval: metav1.Duration{Duration: time.Minute},
Path: "./",
- KubeConfig: &kustomizev1.KubeConfig{
+ KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: secretName,
Key: secretKey,
diff --git a/controllers/kustomization_inventory_test.go b/controllers/kustomization_inventory_test.go
index a9c843f8..1dc0438c 100644
--- a/controllers/kustomization_inventory_test.go
+++ b/controllers/kustomization_inventory_test.go
@@ -96,7 +96,7 @@ stringData:
Spec: kustomizev1.KustomizationSpec{
Interval: metav1.Duration{Duration: 2 * time.Minute},
Path: "./",
- KubeConfig: &kustomizev1.KubeConfig{
+ KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: "kubeconfig",
},
diff --git a/controllers/kustomization_prune_test.go b/controllers/kustomization_prune_test.go
index f79ab239..5a56585a 100644
--- a/controllers/kustomization_prune_test.go
+++ b/controllers/kustomization_prune_test.go
@@ -97,7 +97,7 @@ data:
Spec: kustomizev1.KustomizationSpec{
Interval: metav1.Duration{Duration: reconciliationInterval},
Path: "./",
- KubeConfig: &kustomizev1.KubeConfig{
+ KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: "kubeconfig",
},
@@ -225,7 +225,7 @@ data:
Spec: kustomizev1.KustomizationSpec{
Interval: metav1.Duration{Duration: reconciliationInterval},
Path: "./",
- KubeConfig: &kustomizev1.KubeConfig{
+ KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: "kubeconfig",
},
@@ -369,7 +369,7 @@ data:
Spec: kustomizev1.KustomizationSpec{
Interval: metav1.Duration{Duration: reconciliationInterval},
Path: "./",
- KubeConfig: &kustomizev1.KubeConfig{
+ KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: "kubeconfig",
},
diff --git a/controllers/kustomization_transformer_test.go b/controllers/kustomization_transformer_test.go
index d241a683..d9c5542b 100644
--- a/controllers/kustomization_transformer_test.go
+++ b/controllers/kustomization_transformer_test.go
@@ -73,7 +73,7 @@ func TestKustomizationReconciler_KustomizeTransformer(t *testing.T) {
Spec: kustomizev1.KustomizationSpec{
Interval: metav1.Duration{Duration: reconciliationInterval},
Path: "./",
- KubeConfig: &kustomizev1.KubeConfig{
+ KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: "kubeconfig",
},
@@ -196,7 +196,7 @@ func TestKustomizationReconciler_KustomizeTransformerFiles(t *testing.T) {
Spec: kustomizev1.KustomizationSpec{
Interval: metav1.Duration{Duration: reconciliationInterval},
Path: "./",
- KubeConfig: &kustomizev1.KubeConfig{
+ KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: "kubeconfig",
},
@@ -315,7 +315,7 @@ func TestKustomizationReconciler_FluxTransformers(t *testing.T) {
Spec: kustomizev1.KustomizationSpec{
Interval: metav1.Duration{Duration: reconciliationInterval},
Path: "./",
- KubeConfig: &kustomizev1.KubeConfig{
+ KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: "kubeconfig",
},
diff --git a/controllers/kustomization_validation_test.go b/controllers/kustomization_validation_test.go
index 4c0940b0..05a6b30f 100644
--- a/controllers/kustomization_validation_test.go
+++ b/controllers/kustomization_validation_test.go
@@ -78,7 +78,7 @@ func TestKustomizationReconciler_Validation(t *testing.T) {
Spec: kustomizev1.KustomizationSpec{
Interval: metav1.Duration{Duration: 2 * time.Minute},
Path: "./",
- KubeConfig: &kustomizev1.KubeConfig{
+ KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: "kubeconfig",
},
diff --git a/controllers/kustomization_varsub_test.go b/controllers/kustomization_varsub_test.go
index 199d238d..2c92cd36 100644
--- a/controllers/kustomization_varsub_test.go
+++ b/controllers/kustomization_varsub_test.go
@@ -119,7 +119,7 @@ stringData:
Namespace: id,
},
Spec: kustomizev1.KustomizationSpec{
- KubeConfig: &kustomizev1.KubeConfig{
+ KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: "kubeconfig",
},
@@ -268,7 +268,7 @@ metadata:
Namespace: id,
},
Spec: kustomizev1.KustomizationSpec{
- KubeConfig: &kustomizev1.KubeConfig{
+ KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: "kubeconfig",
},
diff --git a/controllers/kustomization_wait_test.go b/controllers/kustomization_wait_test.go
index 83c25674..0a951d91 100644
--- a/controllers/kustomization_wait_test.go
+++ b/controllers/kustomization_wait_test.go
@@ -95,7 +95,7 @@ parameters:
Spec: kustomizev1.KustomizationSpec{
Interval: metav1.Duration{Duration: 2 * time.Minute},
Path: "./",
- KubeConfig: &kustomizev1.KubeConfig{
+ KubeConfig: &meta.KubeConfigReference{
SecretRef: meta.SecretKeyReference{
Name: "kubeconfig",
},
diff --git a/docs/api/kustomize.md b/docs/api/kustomize.md
index 5cad4e01..a12e5d0f 100644
--- a/docs/api/kustomize.md
+++ b/docs/api/kustomize.md
@@ -131,8 +131,8 @@ value to retry failures.
kubeConfig
-
-KubeConfig
+
+github.com/fluxcd/pkg/apis/meta.KubeConfigReference
|
@@ -500,48 +500,6 @@ github.com/fluxcd/pkg/apis/meta.LocalObjectReference
-
-
-(Appears on:
-KustomizationSpec)
-
-KubeConfig references a Kubernetes secret that contains a kubeconfig file.
-
@@ -622,8 +580,8 @@ value to retry failures.
kubeConfig
-
-KubeConfig
+
+github.com/fluxcd/pkg/apis/meta.KubeConfigReference
|
diff --git a/go.mod b/go.mod
index ee154362..d2544ce9 100644
--- a/go.mod
+++ b/go.mod
@@ -23,9 +23,9 @@ require (
github.com/fluxcd/kustomize-controller/api v0.29.0
github.com/fluxcd/pkg/apis/acl v0.1.0
github.com/fluxcd/pkg/apis/kustomize v0.6.0
- github.com/fluxcd/pkg/apis/meta v0.16.0
+ github.com/fluxcd/pkg/apis/meta v0.17.0
github.com/fluxcd/pkg/kustomize v0.8.0
- github.com/fluxcd/pkg/runtime v0.19.0
+ github.com/fluxcd/pkg/runtime v0.20.0
github.com/fluxcd/pkg/ssa v0.21.0
github.com/fluxcd/pkg/testserver v0.3.0
github.com/fluxcd/pkg/untar v0.2.0
@@ -223,7 +223,7 @@ require (
gopkg.in/urfave/cli.v1 v1.20.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
- k8s.io/cli-runtime v0.24.0 // indirect
+ k8s.io/cli-runtime v0.25.2 // indirect
k8s.io/component-base v0.25.2 // indirect
k8s.io/klog/v2 v2.80.1 // indirect
k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 // indirect
diff --git a/go.sum b/go.sum
index e5e39b39..5aa25dce 100644
--- a/go.sum
+++ b/go.sum
@@ -288,12 +288,12 @@ github.com/fluxcd/pkg/apis/acl v0.1.0 h1:EoAl377hDQYL3WqanWCdifauXqXbMyFuK82NnX6
github.com/fluxcd/pkg/apis/acl v0.1.0/go.mod h1:zfEZzz169Oap034EsDhmCAGgnWlcWmIObZjYMusoXS8=
github.com/fluxcd/pkg/apis/kustomize v0.6.0 h1:Afxv3Uv+xiuettzqm3sP0ceWikDZTfHdHtLv6u2nFM8=
github.com/fluxcd/pkg/apis/kustomize v0.6.0/go.mod h1:iY0zSpK6eUiPfNt/yR6g0q/wQP+wH+Ax/L7KBOx5x2M=
-github.com/fluxcd/pkg/apis/meta v0.16.0 h1:6Mj9rB0TtvCeTe3IlQDc1i2DH75Oosea9yUqS7XafVg=
-github.com/fluxcd/pkg/apis/meta v0.16.0/go.mod h1:GrOVzWXiu22XjLNgLLe2EBYhQPqZetes5SIADb4bmHE=
+github.com/fluxcd/pkg/apis/meta v0.17.0 h1:Y2dfo1syHZDb9Mexjr2SWdcj1FnxnRXm015hEnhl6wU=
+github.com/fluxcd/pkg/apis/meta v0.17.0/go.mod h1:GrOVzWXiu22XjLNgLLe2EBYhQPqZetes5SIADb4bmHE=
github.com/fluxcd/pkg/kustomize v0.8.0 h1:8AdEvp6y38ISZzoi0H82Si5zkmLXClbeX10W7HevB00=
github.com/fluxcd/pkg/kustomize v0.8.0/go.mod h1:zGtCZF6V3hMWcf46SqrQc10fS9yUlKzi2UcFUeabDAE=
-github.com/fluxcd/pkg/runtime v0.19.0 h1:4lRlnZfJFhWvuaNWgNsAkPQg09633xCRCf9d0SgXIWk=
-github.com/fluxcd/pkg/runtime v0.19.0/go.mod h1:9Kh46LjwQeUu6o1DUQulLGyo5e5wfQxeFf4ONNobT3U=
+github.com/fluxcd/pkg/runtime v0.20.0 h1:F9q9wap0BhjQszboUroJrYOB1C831zkQwTAk2tlMIQc=
+github.com/fluxcd/pkg/runtime v0.20.0/go.mod h1:KVHNQMhccuLTjMDFVCr/SF+4Z554bcMH1LncC4sQf8o=
github.com/fluxcd/pkg/ssa v0.21.0 h1:aeoTohPNf5x7jQjHidyLJAOHw3EyHOQoQN3mN2i+4cc=
github.com/fluxcd/pkg/ssa v0.21.0/go.mod h1:jumyhUbEMDnduN7anSlKfxl2fEoyeyv+Ta5hWCbxI5Q=
github.com/fluxcd/pkg/testserver v0.3.0 h1:oyZW6YWHVZR7FRVNu7lN9F5H808TD2jCzBm8CenFoi0=
@@ -1415,8 +1415,9 @@ k8s.io/apiextensions-apiserver v0.25.2/go.mod h1:iRwwRDlWPfaHhuBfQ0WMa5skdQfrE18
k8s.io/apimachinery v0.24.0/go.mod h1:82Bi4sCzVBdpYjyI4jY6aHX+YCUchUIrZrXKedjd2UM=
k8s.io/apimachinery v0.25.2 h1:WbxfAjCx+AeN8Ilp9joWnyJ6xu9OMeS/fsfjK/5zaQs=
k8s.io/apimachinery v0.25.2/go.mod h1:hqqA1X0bsgsxI6dXsJ4HnNTBOmJNxyPp8dw3u2fSHwA=
-k8s.io/cli-runtime v0.24.0 h1:ot3Qf49T852uEyNApABO1UHHpFIckKK/NqpheZYN2gM=
k8s.io/cli-runtime v0.24.0/go.mod h1:9XxoZDsEkRFUThnwqNviqzljtT/LdHtNWvcNFrAXl0A=
+k8s.io/cli-runtime v0.25.2 h1:XOx+SKRjBpYMLY/J292BHTkmyDffl/qOx3YSuFZkTuc=
+k8s.io/cli-runtime v0.25.2/go.mod h1:OQx3+/0st6x5YpkkJQlEWLC73V0wHsOFMC1/roxV8Oc=
k8s.io/client-go v0.24.0/go.mod h1:VFPQET+cAFpYxh6Bq6f4xyMY80G6jKKktU6G0m00VDw=
k8s.io/client-go v0.25.2 h1:SUPp9p5CwM0yXGQrwYurw9LWz+YtMwhWd0GqOsSiefo=
k8s.io/client-go v0.25.2/go.mod h1:i7cNU7N+yGQmJkewcRD2+Vuj4iz7b30kI8OcL3horQ4=