From 38d0bc3229c9b68a09e42c5751bfe5a3265da9c3 Mon Sep 17 00:00:00 2001 From: stephan48 Date: Thu, 20 Apr 2023 20:34:12 +0200 Subject: [PATCH] --- ...luxcd2-kustomization-delegation-caveats.mdwn | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/posts/2023-04-20-fluxcd2-kustomization-delegation-caveats.mdwn b/posts/2023-04-20-fluxcd2-kustomization-delegation-caveats.mdwn index 3bb6d24..db7856f 100644 --- a/posts/2023-04-20-fluxcd2-kustomization-delegation-caveats.mdwn +++ b/posts/2023-04-20-fluxcd2-kustomization-delegation-caveats.mdwn @@ -2,11 +2,16 @@ Hi, when you use fluxcd2 to allow teams/apps to be seperated into namesapces and wanna use PLOP/limit to the target namespace, be carefull with the following: -- Errors around secrets are masked as "error: data values must be of type string" as per (this discussion)[https://github.com/fluxcd/flux2/discussions/2355] - disable/remove them for testing, otherwhise you can't debug, this is a gross UX issue. -- You apply the kustomization(kustomize.toolkit.fluxcd.io/v1beta1) referencing the remote repo/stuff the following mess of namespaces apply: - - the resource itself goes into namespace A - - targetNamespace - should place stuff into namespace B - - telling it to use a "serviceAccountName" -> needs to exist in namespace A but needs to have permission in namespace B - - use decryption -> secretRef for that needs to be in namespace A +* Errors around secrets are masked as "error: data values must be of type string" as per (this discussion)[https://github.com/fluxcd/flux2/discussions/2355] + - disable/remove them for testing, otherwhise you can't debug, this is a gross UX issue. +* You apply the kustomization(kustomize.toolkit.fluxcd.io/v1beta1) referencing the remote repo/stuff the following mess of namespaces apply: + - the resource itself + - goes into namespace A + - targetNamespace + - should place stuff into namespace B + - telling it to use a "serviceAccountName" + - needs to exist in namespace A but needs to have permission in namespace B + - use decryption + - secretRef for that needs to be in namespace A More to be followed :) -- 2.30.2