Skip to content

Additional documentation on kustomize patches with sops #1394

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Additional documentation on kustomize patches with sops #1394

wants to merge 1 commit into from

Conversation

@nagygergo
Copy link

@nagygergo nagygergo commented Mar 15, 2025
edited
Loading

Adding some documentation on how Kustomize controller works with patch files and sops decryption. There is a mention of something like this in the SOPS user guide (https://fluxcd.io/flux/guides/mozilla-sops/#sops-encrypted_regex-conflict), but probably it is also good to describe both cases (secretsGenerator and patchfiles) in the kustomize controller, besides each other.

@matheuscscp
Copy link
Member

matheuscscp commented Mar 26, 2025

Hey @vlasov-y would you have time to review this PR? 🙏 I think it's a bit related to what you worked on recently? Thanks!!! 🙏

vlasov-y
vlasov-y suggested changes Mar 26, 2025
View reviewed changes
Copy link
Contributor

@vlasov-y vlasov-y left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Once these comments are changed, it is clear to go and merge. Thanks @nagygergo!

matheuscscp
matheuscscp approved these changes Mar 26, 2025
View reviewed changes
Copy link
Member

@matheuscscp matheuscscp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks very much you both!!! 🙏

seh
seh reviewed Mar 26, 2025
View reviewed changes
@stefanprodan stefanprodan added the hold Issues and pull requests put on hold label Mar 26, 2025
stefanprodan
stefanprodan reviewed Apr 10, 2025
View reviewed changes
docs/spec/v1/kustomizations.md
metadata:
name: secret
stringData:
publicConifg: "my-public-config"
Copy link
Member

@stefanprodan stefanprodan Apr 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think Flux docs should tell users to leave Secrets in plain text in the repo. I think the base Secret should contain no keys.

Copy link
Author

@nagygergo nagygergo Apr 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does that apply to the "Kustomize secretGenerator" chapter as well?

Copy link
Member

@stefanprodan stefanprodan Apr 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we tell people to leave secrets in plain text in that chapter?

Copy link
Author

@nagygergo nagygergo Apr 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, put the comment in the wrong place... My question was directed at this comment.

A better place for this documentation is here: https://fluxcd.io/flux/guides/mozilla-sops/
@nagygergo please copy the section from this PR into https://github.com/fluxcd/website/edit/main/content/en/flux/guides/mozilla-sops.md

@stefanprodan
Copy link
Member

stefanprodan commented Apr 10, 2025

A better place for this documentation is here: https://fluxcd.io/flux/guides/mozilla-sops/

@nagygergo please copy the section from this PR into https://github.com/fluxcd/website/edit/main/content/en/flux/guides/mozilla-sops.md

@nagygergo
Copy link
Author

nagygergo commented Apr 10, 2025

A better place for this documentation is here: https://fluxcd.io/flux/guides/mozilla-sops/

@nagygergo please copy the section from this PR into https://github.com/fluxcd/website/edit/main/content/en/flux/guides/mozilla-sops.md

Does that apply to the "Kustomize secretGenerator" chapter as well?

@stefanprodan
Copy link
Member

stefanprodan commented Apr 10, 2025

Does that apply to the "Kustomize secretGenerator" chapter as well?

This applies to what's in this PR. I'm not suggesting deleting anything from the current docs.

@nagygergo nagygergo mentioned this pull request Apr 15, 2025
Open
@nagygergo
Copy link
Author

nagygergo commented Apr 15, 2025

Closing in favor of fluxcd/website#2200 as @stefanprodan asked.

@nagygergo nagygergo closed this Apr 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@matheuscscp matheuscscp matheuscscp approved these changes

@stefanprodan stefanprodan stefanprodan left review comments

+2 more reviewers

@seh seh seh left review comments

@vlasov-y vlasov-y vlasov-y requested changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

hold Issues and pull requests put on hold

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@nagygergo @matheuscscp @stefanprodan @seh @vlasov-y