From 5a37e19f0488978cb4fa77ddce4e2c521a0e95c5 Mon Sep 17 00:00:00 2001
From: Stefan Prodan <stefan.prodan@gmail.com>
Date: Mon, 18 Jan 2021 12:42:35 +0200
Subject: [PATCH] Disable kyaml Workaround for upstream bug:
 https://github.com/kubernetes-sigs/kustomize/issues/3446

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
---
 controllers/kustomization_controller.go | 36 +++++++------------------
 controllers/kustomization_generator.go  | 28 +++++++++++++++----
 2 files changed, 33 insertions(+), 31 deletions(-)

diff --git a/controllers/kustomization_controller.go b/controllers/kustomization_controller.go
index a70de3954..89d8fa2cd 100644
--- a/controllers/kustomization_controller.go
+++ b/controllers/kustomization_controller.go
@@ -29,6 +29,12 @@ import (
 	"time"
 
 	securejoin "github.com/cyphar/filepath-securejoin"
+	"github.com/fluxcd/pkg/apis/meta"
+	"github.com/fluxcd/pkg/runtime/events"
+	"github.com/fluxcd/pkg/runtime/metrics"
+	"github.com/fluxcd/pkg/runtime/predicates"
+	"github.com/fluxcd/pkg/untar"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 	"github.com/go-logr/logr"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
@@ -47,16 +53,6 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/predicate"
 	"sigs.k8s.io/controller-runtime/pkg/source"
 	"sigs.k8s.io/kustomize/api/filesys"
-	"sigs.k8s.io/kustomize/api/konfig"
-	"sigs.k8s.io/kustomize/api/krusty"
-	kustypes "sigs.k8s.io/kustomize/api/types"
-
-	"github.com/fluxcd/pkg/apis/meta"
-	"github.com/fluxcd/pkg/runtime/events"
-	"github.com/fluxcd/pkg/runtime/metrics"
-	"github.com/fluxcd/pkg/runtime/predicates"
-	"github.com/fluxcd/pkg/untar"
-	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 
 	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta1"
 )
@@ -506,22 +502,9 @@ func (r *KustomizationReconciler) build(kustomization kustomizev1.Kustomization,
 	}
 
 	fs := filesys.MakeFsOnDisk()
-	manifestsFile := filepath.Join(dirPath, fmt.Sprintf("%s.yaml", kustomization.GetUID()))
-
-	buildOptions := &krusty.Options{
-		DoLegacyResourceSort:   true,
-		AddManagedbyLabel:      false,
-		LoadRestrictions:       kustypes.LoadRestrictionsNone,
-		DoPrune:                false,
-		PluginConfig:           konfig.DisabledPluginConfig(),
-		UseKyaml:               false,
-		AllowResourceIdChanges: false,
-	}
-
-	k := krusty.MakeKustomizer(fs, buildOptions)
-	m, err := k.Run(dirPath)
+	m, err := buildKustomization(fs, dirPath)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("kustomize build failed: %w", err)
 	}
 
 	// check if resources are encrypted and decrypt them before generating the final YAML
@@ -543,9 +526,10 @@ func (r *KustomizationReconciler) build(kustomization kustomizev1.Kustomization,
 
 	resources, err := m.AsYaml()
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("kustomize build failed: %w", err)
 	}
 
+	manifestsFile := filepath.Join(dirPath, fmt.Sprintf("%s.yaml", kustomization.GetUID()))
 	if err := fs.WriteFile(manifestsFile, resources); err != nil {
 		return nil, err
 	}
diff --git a/controllers/kustomization_generator.go b/controllers/kustomization_generator.go
index 66929c166..a8e5c62d5 100644
--- a/controllers/kustomization_generator.go
+++ b/controllers/kustomization_generator.go
@@ -28,6 +28,7 @@ import (
 	"sigs.k8s.io/kustomize/api/k8sdeps/kunstruct"
 	"sigs.k8s.io/kustomize/api/konfig"
 	"sigs.k8s.io/kustomize/api/krusty"
+	"sigs.k8s.io/kustomize/api/resmap"
 	kustypes "sigs.k8s.io/kustomize/api/types"
 	"sigs.k8s.io/yaml"
 
@@ -222,11 +223,7 @@ func (kg *KustomizeGenerator) checksum(dirPath string) (string, error) {
 	}
 
 	fs := filesys.MakeFsOnDisk()
-	opt := krusty.MakeDefaultOptions()
-	opt.LoadRestrictions = kustypes.LoadRestrictionsNone
-	opt.DoLegacyResourceSort = true
-	k := krusty.MakeKustomizer(fs, opt)
-	m, err := k.Run(dirPath)
+	m, err := buildKustomization(fs, dirPath)
 	if err != nil {
 		return "", fmt.Errorf("kustomize build failed: %w", err)
 	}
@@ -281,3 +278,24 @@ func (kg *KustomizeGenerator) generateLabelTransformer(checksum, dirPath string)
 
 	return nil
 }
+
+// buildKustomization wraps krusty.MakeKustomizer with the following settings:
+// - disable kyaml due to bug: https://github.com/kubernetes-sigs/kustomize/issues/3446
+// - reorder the resources just before output (Namespaces and Cluster roles/role bindings first, CRDs before CRs, Webhooks last)
+// - load files from outside the kustomization.yaml root
+// - disable plugins except for the builtin ones
+// - prohibit changes to resourceIds, patch name/kind don't overwrite target name/kind
+func buildKustomization(fs filesys.FileSystem, dirPath string) (resmap.ResMap, error) {
+	buildOptions := &krusty.Options{
+		UseKyaml:               false,
+		DoLegacyResourceSort:   true,
+		LoadRestrictions:       kustypes.LoadRestrictionsNone,
+		AddManagedbyLabel:      false,
+		DoPrune:                false,
+		PluginConfig:           konfig.DisabledPluginConfig(),
+		AllowResourceIdChanges: false,
+	}
+
+	k := krusty.MakeKustomizer(fs, buildOptions)
+	return k.Run(dirPath)
+}