From 3f1b9207b51fd1e7d8e387dc46467ff35f7910b2 Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Tue, 19 Apr 2022 21:22:24 +0200 Subject: [PATCH] kustomize: use FS from `fluxcd/pkg` This does not change the FS in `internal/build` (yet), as I have to figure out the precise implications and impact of e.g. assumptions around building (locally). Signed-off-by: Hidde Beydals --- internal/bootstrap/bootstrap_plain_git.go | 16 ++++++-- pkg/manifestgen/install/manifests.go | 9 +++-- .../kustomization/kustomization.go | 38 +++++++++++++------ 3 files changed, 44 insertions(+), 19 deletions(-) diff --git a/internal/bootstrap/bootstrap_plain_git.go b/internal/bootstrap/bootstrap_plain_git.go index ea4895fdf0..1b28b969a7 100644 --- a/internal/bootstrap/bootstrap_plain_git.go +++ b/internal/bootstrap/bootstrap_plain_git.go @@ -31,11 +31,11 @@ import ( "k8s.io/cli-runtime/pkg/genericclioptions" "sigs.k8s.io/cli-utils/pkg/object" "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/kustomize/api/filesys" "sigs.k8s.io/kustomize/api/konfig" "sigs.k8s.io/yaml" kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta2" + "github.com/fluxcd/pkg/kustomize/filesys" runclient "github.com/fluxcd/pkg/runtime/client" "github.com/fluxcd/flux2/internal/bootstrap/git" @@ -105,7 +105,7 @@ func NewPlainGitProvider(git git.Git, kube client.Client, opts ...GitOption) (*P return b, nil } -func (b *PlainGitBootstrapper) ReconcileComponents(ctx context.Context, manifestsBase string, options install.Options, secretOpts sourcesecret.Options) error { +func (b *PlainGitBootstrapper) ReconcileComponents(ctx context.Context, manifestsBase string, options install.Options, _ sourcesecret.Options) error { // Clone if not already if _, err := b.git.Status(); err != nil { if err != git.ErrNoGitRepository { @@ -263,13 +263,21 @@ func (b *PlainGitBootstrapper) ReconcileSyncConfig(ctx context.Context, options if err = b.git.Write(manifests.Path, strings.NewReader(manifests.Content)); err != nil { return fmt.Errorf("failed to write manifest %q: %w", manifests.Path, err) } + + // Create secure Kustomize FS + fs, err := filesys.MakeFsOnDiskSecure(b.git.Path()) + if err != nil { + return fmt.Errorf("failed to initialize Kustomize file system: %w", err) + } + + // Generate Kustomization kusManifests, err := kustomization.Generate(kustomization.Options{ - FileSystem: filesys.MakeFsOnDisk(), + FileSystem: fs, BaseDir: b.git.Path(), TargetPath: filepath.Dir(manifests.Path), }) if err != nil { - return fmt.Errorf("kustomization.yaml generation failed: %w", err) + return fmt.Errorf("%s generation failed: %w", konfig.DefaultKustomizationFileName(), err) } if err = b.git.Write(kusManifests.Path, strings.NewReader(kusManifests.Content)); err != nil { return fmt.Errorf("failed to write manifest %q: %w", kusManifests.Path, err) diff --git a/pkg/manifestgen/install/manifests.go b/pkg/manifestgen/install/manifests.go index 3a584ba15c..2d544df629 100644 --- a/pkg/manifestgen/install/manifests.go +++ b/pkg/manifestgen/install/manifests.go @@ -26,8 +26,8 @@ import ( "path/filepath" "strings" + "github.com/fluxcd/pkg/kustomize/filesys" "github.com/fluxcd/pkg/untar" - "sigs.k8s.io/kustomize/api/filesys" "github.com/fluxcd/flux2/pkg/manifestgen/kustomization" ) @@ -126,8 +126,11 @@ func build(base, output string) error { return err } - fs := filesys.MakeFsOnDisk() - if err := fs.WriteFile(output, resources); err != nil { + fs, err := filesys.MakeFsOnDiskSecure(base) + if err != nil { + return err + } + if err = fs.WriteFile(output, resources); err != nil { return err } diff --git a/pkg/manifestgen/kustomization/kustomization.go b/pkg/manifestgen/kustomization/kustomization.go index 676f64b707..b11b51e6fb 100644 --- a/pkg/manifestgen/kustomization/kustomization.go +++ b/pkg/manifestgen/kustomization/kustomization.go @@ -22,18 +22,20 @@ import ( "path/filepath" "sync" - "sigs.k8s.io/kustomize/api/filesys" "sigs.k8s.io/kustomize/api/konfig" "sigs.k8s.io/kustomize/api/krusty" "sigs.k8s.io/kustomize/api/provider" kustypes "sigs.k8s.io/kustomize/api/types" "sigs.k8s.io/yaml" + "github.com/fluxcd/pkg/kustomize/filesys" + "github.com/fluxcd/flux2/pkg/manifestgen" ) -// Generate scans the given directory for Kubernetes manifests and creates a kustomization.yaml -// including all discovered manifests as resources. +// Generate scans the given directory for Kubernetes manifests and creates a +// konfig.DefaultKustomizationFileName file, including all discovered manifests +// as resources. func Generate(options Options) (*manifestgen.Manifest, error) { kfile := filepath.Join(options.TargetPath, konfig.DefaultKustomizationFileName()) abskfile := filepath.Join(options.BaseDir, kfile) @@ -50,7 +52,7 @@ func Generate(options Options) (*manifestgen.Manifest, error) { return nil } if info.IsDir() { - // If a sub-directory contains an existing Kustomization file add the + // If a sub-directory contains an existing Kustomization file, add the // directory as a resource and do not decent into it. for _, kfilename := range konfig.RecognizedKustomizationFileNames() { if options.FileSystem.Exists(filepath.Join(path, kfilename)) { @@ -88,7 +90,9 @@ func Generate(options Options) (*manifestgen.Manifest, error) { if err != nil { return nil, err } - f.Close() + if err = f.Close(); err != nil { + return nil, err + } kus := kustypes.Kustomization{ TypeMeta: kustypes.TypeMeta{ @@ -128,20 +132,30 @@ func Generate(options Options) (*manifestgen.Manifest, error) { }, nil } +// kustomizeBuildMutex is a workaround for a concurrent map read and map write bug. +// TODO(stefan): https://github.com/kubernetes-sigs/kustomize/issues/3659 var kustomizeBuildMutex sync.Mutex -// Build takes a Kustomize overlays and returns the resulting manifests as multi-doc YAML. +// Build takes the path to a directory with a konfig.RecognizedKustomizationFileNames, +// builds it, and returns the resulting manifests as multi-doc YAML. func Build(base string) ([]byte, error) { - // TODO(stefan): temporary workaround for concurrent map read and map write bug - // https://github.com/kubernetes-sigs/kustomize/issues/3659 kustomizeBuildMutex.Lock() defer kustomizeBuildMutex.Unlock() - kfile := filepath.Join(base, konfig.DefaultKustomizationFileName()) + fs, err := filesys.MakeFsOnDiskSecure(base) + if err != nil { + return nil, err + } - fs := filesys.MakeFsOnDisk() - if !fs.Exists(kfile) { - return nil, fmt.Errorf("%s not found", kfile) + var kfile string + for _, f := range konfig.RecognizedKustomizationFileNames() { + if kf := filepath.Join(base, f); fs.Exists(kf) { + kfile = kf + break + } + } + if kfile == "" { + return nil, fmt.Errorf("%s not found", konfig.DefaultKustomizationFileName()) } // TODO(hidde): work around for a bug in kustomize causing it to