when you use fluxcd2 to allow teams/apps to be seperated into namesapces and wanna use PLOP/limit to the target namespace, be carefull with the following:
-- Errors around secrets are masked as "error: data values must be of type string" as per (this discussion)[https://github.com/fluxcd/flux2/discussions/2355] - disable/remove them for testing, otherwhise you can't debug, this is a gross UX issue.
-- You apply the kustomization(kustomize.toolkit.fluxcd.io/v1beta1) referencing the remote repo/stuff the following mess of namespaces apply:
- - the resource itself goes into namespace A
- - targetNamespace - should place stuff into namespace B
- - telling it to use a "serviceAccountName" -> needs to exist in namespace A but needs to have permission in namespace B
- - use decryption -> secretRef for that needs to be in namespace A
+* Errors around secrets are masked as "error: data values must be of type string" as per (this discussion)[https://github.com/fluxcd/flux2/discussions/2355]
+ - disable/remove them for testing, otherwhise you can't debug, this is a gross UX issue.
+* You apply the kustomization(kustomize.toolkit.fluxcd.io/v1beta1) referencing the remote repo/stuff the following mess of namespaces apply:
+ - the resource itself
+ - goes into namespace A
+ - targetNamespace
+ - should place stuff into namespace B
+ - telling it to use a "serviceAccountName"
+ - needs to exist in namespace A but needs to have permission in namespace B
+ - use decryption
+ - secretRef for that needs to be in namespace A
More to be followed :)
projects / stejau-blog.git / commitdiff