From 6aeff8c924ee3c48574f638ab16daa6c6a8f316a Mon Sep 17 00:00:00 2001 From: Nick Stogner Date: Sun, 10 Apr 2022 21:44:06 -0400 Subject: [PATCH] Support defining a KubeConfig Secret data key Signed-off-by: Nick Stogner --- api/go.mod | 2 +- api/go.sum | 4 +- api/v1beta2/kustomization_types.go | 7 +- ...mize.toolkit.fluxcd.io_kustomizations.yaml | 22 ++-- controllers/kustomization_acl_test.go | 2 +- controllers/kustomization_decryptor_test.go | 2 +- controllers/kustomization_dependson_test.go | 2 +- controllers/kustomization_force_test.go | 2 +- controllers/kustomization_impersonation.go | 21 ++-- .../kustomization_impersonation_test.go | 112 +++++++++++++++++- controllers/kustomization_inventory_test.go | 2 +- controllers/kustomization_prune_test.go | 6 +- controllers/kustomization_transformer_test.go | 6 +- controllers/kustomization_validation_test.go | 2 +- controllers/kustomization_varsub_test.go | 4 +- controllers/kustomization_wait_test.go | 2 +- docs/api/kustomize.md | 9 +- go.mod | 4 +- go.sum | 8 +- tests/fuzz/controllers_fuzzer.go | 2 +- 20 files changed, 171 insertions(+), 50 deletions(-) diff --git a/api/go.mod b/api/go.mod index aefc762e..07501c40 100644 --- a/api/go.mod +++ b/api/go.mod @@ -4,7 +4,7 @@ go 1.17 require ( github.com/fluxcd/pkg/apis/kustomize v0.3.3 - github.com/fluxcd/pkg/apis/meta v0.12.2 + github.com/fluxcd/pkg/apis/meta v0.13.0 k8s.io/apiextensions-apiserver v0.23.5 k8s.io/apimachinery v0.23.5 sigs.k8s.io/controller-runtime v0.11.2 diff --git a/api/go.sum b/api/go.sum index 3652feec..14583ede 100644 --- a/api/go.sum +++ b/api/go.sum @@ -122,8 +122,8 @@ github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5Kwzbycv github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/fluxcd/pkg/apis/kustomize v0.3.3 h1:bPN29SdVzWl0yhgivuf/83IAe2R6vUuDVcB3LzyVU8E= github.com/fluxcd/pkg/apis/kustomize v0.3.3/go.mod h1:5HTOFZfQFVMMqR2rvuxpbZhpb+sQpcTT6RCQZOhjFzA= -github.com/fluxcd/pkg/apis/meta v0.12.2 h1:AiKAZxLyPtV150y63WC+mL1Qm4x5qWQmW6r4mLy1i8c= -github.com/fluxcd/pkg/apis/meta v0.12.2/go.mod h1:Z26X5uTU5LxAyWETGueRQY7TvdPaGfKU7Wye9bdUlho= +github.com/fluxcd/pkg/apis/meta v0.13.0 h1:0QuNKEExSjk+Rv0I6a85p2H3xOlWhdxZRsh10waEL/c= +github.com/fluxcd/pkg/apis/meta v0.13.0/go.mod h1:Z26X5uTU5LxAyWETGueRQY7TvdPaGfKU7Wye9bdUlho= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= diff --git a/api/v1beta2/kustomization_types.go b/api/v1beta2/kustomization_types.go index 12109470..55dfde45 100644 --- a/api/v1beta2/kustomization_types.go +++ b/api/v1beta2/kustomization_types.go @@ -164,8 +164,9 @@ type Decryption struct { // KubeConfig references a Kubernetes secret that contains a kubeconfig file. type KubeConfig struct { - // SecretRef holds the name to a secret that contains a 'value' key with - // the kubeconfig file as the value. It must be in the same namespace as + // SecretRef holds the name of a secret that contains a key with + // the kubeconfig file as the value. If no key is set, the key will default + // to 'value'. The secret must be in the same namespace as // the Kustomization. // It is recommended that the kubeconfig is self-contained, and the secret // is regularly updated if credentials such as a cloud-access-token expire. @@ -173,7 +174,7 @@ type KubeConfig struct { // binaries and credentials to the Pod that is responsible for reconciling // the Kustomization. // +required - SecretRef meta.LocalObjectReference `json:"secretRef,omitempty"` + SecretRef meta.SecretKeyReference `json:"secretRef,omitempty"` } // PostBuild describes which actions to perform on the YAML manifest diff --git a/config/crd/bases/kustomize.toolkit.fluxcd.io_kustomizations.yaml b/config/crd/bases/kustomize.toolkit.fluxcd.io_kustomizations.yaml index 17f8f598..1eba9e40 100644 --- a/config/crd/bases/kustomize.toolkit.fluxcd.io_kustomizations.yaml +++ b/config/crd/bases/kustomize.toolkit.fluxcd.io_kustomizations.yaml @@ -698,17 +698,21 @@ spec: is empty. properties: secretRef: - description: SecretRef holds the name to a secret that contains - a 'value' key with the kubeconfig file as the value. It must - be in the same namespace as the Kustomization. It is recommended - that the kubeconfig is self-contained, and the secret is regularly - updated if credentials such as a cloud-access-token expire. - Cloud specific `cmd-path` auth helpers will not function without - adding binaries and credentials to the Pod that is responsible - for reconciling the Kustomization. + description: SecretRef holds the name of a secret that contains + a key with the kubeconfig file as the value. If no key is set, + the key will default to 'value'. The secret must be in the same + namespace as the Kustomization. It is recommended that the kubeconfig + is self-contained, and the secret is regularly updated if credentials + such as a cloud-access-token expire. Cloud specific `cmd-path` + auth helpers will not function without adding binaries and credentials + to the Pod that is responsible for reconciling the Kustomization. properties: + key: + description: Key in the Secret, when not specified an implementation-specific + default key is used. + type: string name: - description: Name of the referent. + description: Name of the Secret. type: string required: - name diff --git a/controllers/kustomization_acl_test.go b/controllers/kustomization_acl_test.go index 3a0fb31b..3eda6fe9 100644 --- a/controllers/kustomization_acl_test.go +++ b/controllers/kustomization_acl_test.go @@ -89,7 +89,7 @@ stringData: Interval: metav1.Duration{Duration: reconciliationInterval}, Path: "./", KubeConfig: &kustomizev1.KubeConfig{ - SecretRef: meta.LocalObjectReference{ + SecretRef: meta.SecretKeyReference{ Name: "kubeconfig", }, }, diff --git a/controllers/kustomization_decryptor_test.go b/controllers/kustomization_decryptor_test.go index dfde174f..02bddc7a 100644 --- a/controllers/kustomization_decryptor_test.go +++ b/controllers/kustomization_decryptor_test.go @@ -146,7 +146,7 @@ func TestKustomizationReconciler_Decryptor(t *testing.T) { Interval: metav1.Duration{Duration: 2 * time.Minute}, Path: "./", KubeConfig: &kustomizev1.KubeConfig{ - SecretRef: meta.LocalObjectReference{ + SecretRef: meta.SecretKeyReference{ Name: "kubeconfig", }, }, diff --git a/controllers/kustomization_dependson_test.go b/controllers/kustomization_dependson_test.go index 103f6ec3..bc4f937c 100644 --- a/controllers/kustomization_dependson_test.go +++ b/controllers/kustomization_dependson_test.go @@ -143,7 +143,7 @@ spec: Interval: metav1.Duration{Duration: reconciliationInterval}, Path: "./", KubeConfig: &kustomizev1.KubeConfig{ - SecretRef: meta.LocalObjectReference{ + SecretRef: meta.SecretKeyReference{ Name: "kubeconfig", }, }, diff --git a/controllers/kustomization_force_test.go b/controllers/kustomization_force_test.go index 8c1a8e95..b55354ff 100644 --- a/controllers/kustomization_force_test.go +++ b/controllers/kustomization_force_test.go @@ -86,7 +86,7 @@ stringData: Interval: metav1.Duration{Duration: reconciliationInterval}, Path: "./", KubeConfig: &kustomizev1.KubeConfig{ - SecretRef: meta.LocalObjectReference{ + SecretRef: meta.SecretKeyReference{ Name: "kubeconfig", }, }, diff --git a/controllers/kustomization_impersonation.go b/controllers/kustomization_impersonation.go index 7879b43f..1ca47c49 100644 --- a/controllers/kustomization_impersonation.go +++ b/controllers/kustomization_impersonation.go @@ -177,15 +177,20 @@ func (ki *KustomizeImpersonation) getKubeConfig(ctx context.Context) ([]byte, er } var kubeConfig []byte - for k := range secret.Data { - if k == "value" || k == "value.yaml" { - kubeConfig = secret.Data[k] - break + switch { + case ki.kustomization.Spec.KubeConfig.SecretRef.Key != "": + key := ki.kustomization.Spec.KubeConfig.SecretRef.Key + kubeConfig = secret.Data[key] + if kubeConfig == nil { + return nil, fmt.Errorf("KubeConfig secret '%s' does not contain a '%s' key with a kubeconfig", secretName, key) } - } - - if len(kubeConfig) == 0 { - return nil, fmt.Errorf("KubeConfig secret '%s' doesn't contain a 'value' key ", secretName.String()) + case secret.Data["value"] != nil: + kubeConfig = secret.Data["value"] + case secret.Data["value.yaml"] != nil: + kubeConfig = secret.Data["value.yaml"] + default: + // User did not specify a key, and the 'value' key was not defined. + return nil, fmt.Errorf("KubeConfig secret '%s' does not contain a 'value' key with a kubeconfig", secretName) } return kubeConfig, nil diff --git a/controllers/kustomization_impersonation_test.go b/controllers/kustomization_impersonation_test.go index accadc60..a0d07b38 100644 --- a/controllers/kustomization_impersonation_test.go +++ b/controllers/kustomization_impersonation_test.go @@ -92,7 +92,7 @@ data: Interval: metav1.Duration{Duration: time.Minute}, Path: "./", KubeConfig: &kustomizev1.KubeConfig{ - SecretRef: meta.LocalObjectReference{ + SecretRef: meta.SecretKeyReference{ Name: "kubeconfig", }, }, @@ -208,3 +208,113 @@ data: g.Expect(apierrors.IsNotFound(err)).To(BeTrue()) }) } + +func TestKustomizationReconciler_KubeConfig(t *testing.T) { + g := NewWithT(t) + id := "kc-" + randStringRunes(5) + revision := "v1.0.0" + + err := createNamespace(id) + g.Expect(err).NotTo(HaveOccurred(), "failed to create test namespace") + + manifests := func(name string, data string) []testserver.File { + return []testserver.File{ + { + Name: "config.yaml", + Body: fmt.Sprintf(`--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: %[1]s +data: + key: "%[2]s" +`, name, data), + }, + } + } + + artifact, err := testServer.ArtifactFromFiles(manifests(id, randStringRunes(5))) + g.Expect(err).NotTo(HaveOccurred(), "failed to create artifact from files") + + repositoryName := types.NamespacedName{ + Name: randStringRunes(5), + Namespace: id, + } + + err = applyGitRepository(repositoryName, artifact, revision) + g.Expect(err).NotTo(HaveOccurred()) + + const ( + secretName = "user-defined-name" + secretKey = "user-defined-key" + ) + kustomizationKey := types.NamespacedName{ + Name: randStringRunes(5), + Namespace: id, + } + kustomization := &kustomizev1.Kustomization{ + ObjectMeta: metav1.ObjectMeta{ + Name: kustomizationKey.Name, + Namespace: kustomizationKey.Namespace, + }, + Spec: kustomizev1.KustomizationSpec{ + Interval: metav1.Duration{Duration: time.Minute}, + Path: "./", + KubeConfig: &kustomizev1.KubeConfig{ + SecretRef: meta.SecretKeyReference{ + Name: secretName, + Key: secretKey, + }, + }, + SourceRef: kustomizev1.CrossNamespaceSourceReference{ + Name: repositoryName.Name, + Namespace: repositoryName.Namespace, + Kind: sourcev1.GitRepositoryKind, + }, + TargetNamespace: id, + Prune: true, + }, + } + + g.Expect(k8sClient.Create(context.Background(), kustomization)).To(Succeed()) + + resultK := &kustomizev1.Kustomization{} + readyCondition := &metav1.Condition{} + + t.Run("fails to reconcile with missing kubeconfig secret", func(t *testing.T) { + g.Eventually(func() bool { + _ = k8sClient.Get(context.Background(), client.ObjectKeyFromObject(kustomization), resultK) + readyCondition = apimeta.FindStatusCondition(resultK.Status.Conditions, meta.ReadyCondition) + return apimeta.IsStatusConditionFalse(resultK.Status.Conditions, meta.ReadyCondition) + }, timeout, time.Second).Should(BeTrue()) + + g.Expect(readyCondition.Reason).To(Equal(kustomizev1.ReconciliationFailedReason)) + g.Expect(readyCondition.Message).To(ContainSubstring(`Secret "%s" not found`, secretName)) + }) + + secret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: secretName, + Namespace: id, + }, + Data: map[string][]byte{ + secretKey: kubeConfig, + }, + } + g.Expect(k8sClient.Create(context.Background(), secret)).NotTo(HaveOccurred(), "failed to create kubeconfig secret") + + t.Run("reconciles successfully after secret is created", func(t *testing.T) { + revision = "v2.0.0" + err = applyGitRepository(repositoryName, artifact, revision) + g.Expect(err).NotTo(HaveOccurred()) + + g.Eventually(func() bool { + _ = k8sClient.Get(context.Background(), client.ObjectKeyFromObject(kustomization), resultK) + readyCondition = apimeta.FindStatusCondition(resultK.Status.Conditions, meta.ReadyCondition) + return resultK.Status.LastAppliedRevision == revision + }, timeout, time.Second).Should(BeTrue()) + + g.Expect(readyCondition.Reason).To(Equal(kustomizev1.ReconciliationSucceededReason)) + }) + +} diff --git a/controllers/kustomization_inventory_test.go b/controllers/kustomization_inventory_test.go index 24da466e..a9c843f8 100644 --- a/controllers/kustomization_inventory_test.go +++ b/controllers/kustomization_inventory_test.go @@ -97,7 +97,7 @@ stringData: Interval: metav1.Duration{Duration: 2 * time.Minute}, Path: "./", KubeConfig: &kustomizev1.KubeConfig{ - SecretRef: meta.LocalObjectReference{ + SecretRef: meta.SecretKeyReference{ Name: "kubeconfig", }, }, diff --git a/controllers/kustomization_prune_test.go b/controllers/kustomization_prune_test.go index e3572e97..f79ab239 100644 --- a/controllers/kustomization_prune_test.go +++ b/controllers/kustomization_prune_test.go @@ -98,7 +98,7 @@ data: Interval: metav1.Duration{Duration: reconciliationInterval}, Path: "./", KubeConfig: &kustomizev1.KubeConfig{ - SecretRef: meta.LocalObjectReference{ + SecretRef: meta.SecretKeyReference{ Name: "kubeconfig", }, }, @@ -226,7 +226,7 @@ data: Interval: metav1.Duration{Duration: reconciliationInterval}, Path: "./", KubeConfig: &kustomizev1.KubeConfig{ - SecretRef: meta.LocalObjectReference{ + SecretRef: meta.SecretKeyReference{ Name: "kubeconfig", }, }, @@ -370,7 +370,7 @@ data: Interval: metav1.Duration{Duration: reconciliationInterval}, Path: "./", KubeConfig: &kustomizev1.KubeConfig{ - SecretRef: meta.LocalObjectReference{ + SecretRef: meta.SecretKeyReference{ Name: "kubeconfig", }, }, diff --git a/controllers/kustomization_transformer_test.go b/controllers/kustomization_transformer_test.go index 782e981a..672ccbfc 100644 --- a/controllers/kustomization_transformer_test.go +++ b/controllers/kustomization_transformer_test.go @@ -74,7 +74,7 @@ func TestKustomizationReconciler_KustomizeTransformer(t *testing.T) { Interval: metav1.Duration{Duration: reconciliationInterval}, Path: "./", KubeConfig: &kustomizev1.KubeConfig{ - SecretRef: meta.LocalObjectReference{ + SecretRef: meta.SecretKeyReference{ Name: "kubeconfig", }, }, @@ -197,7 +197,7 @@ func TestKustomizationReconciler_KustomizeTransformerFiles(t *testing.T) { Interval: metav1.Duration{Duration: reconciliationInterval}, Path: "./", KubeConfig: &kustomizev1.KubeConfig{ - SecretRef: meta.LocalObjectReference{ + SecretRef: meta.SecretKeyReference{ Name: "kubeconfig", }, }, @@ -316,7 +316,7 @@ func TestKustomizationReconciler_FluxTransformers(t *testing.T) { Interval: metav1.Duration{Duration: reconciliationInterval}, Path: "./", KubeConfig: &kustomizev1.KubeConfig{ - SecretRef: meta.LocalObjectReference{ + SecretRef: meta.SecretKeyReference{ Name: "kubeconfig", }, }, diff --git a/controllers/kustomization_validation_test.go b/controllers/kustomization_validation_test.go index 43b794c4..4c0940b0 100644 --- a/controllers/kustomization_validation_test.go +++ b/controllers/kustomization_validation_test.go @@ -79,7 +79,7 @@ func TestKustomizationReconciler_Validation(t *testing.T) { Interval: metav1.Duration{Duration: 2 * time.Minute}, Path: "./", KubeConfig: &kustomizev1.KubeConfig{ - SecretRef: meta.LocalObjectReference{ + SecretRef: meta.SecretKeyReference{ Name: "kubeconfig", }, }, diff --git a/controllers/kustomization_varsub_test.go b/controllers/kustomization_varsub_test.go index 4a2ddc3e..199d238d 100644 --- a/controllers/kustomization_varsub_test.go +++ b/controllers/kustomization_varsub_test.go @@ -120,7 +120,7 @@ stringData: }, Spec: kustomizev1.KustomizationSpec{ KubeConfig: &kustomizev1.KubeConfig{ - SecretRef: meta.LocalObjectReference{ + SecretRef: meta.SecretKeyReference{ Name: "kubeconfig", }, }, @@ -269,7 +269,7 @@ metadata: }, Spec: kustomizev1.KustomizationSpec{ KubeConfig: &kustomizev1.KubeConfig{ - SecretRef: meta.LocalObjectReference{ + SecretRef: meta.SecretKeyReference{ Name: "kubeconfig", }, }, diff --git a/controllers/kustomization_wait_test.go b/controllers/kustomization_wait_test.go index e40f7127..36fad1e8 100644 --- a/controllers/kustomization_wait_test.go +++ b/controllers/kustomization_wait_test.go @@ -85,7 +85,7 @@ data: Interval: metav1.Duration{Duration: 2 * time.Minute}, Path: "./", KubeConfig: &kustomizev1.KubeConfig{ - SecretRef: meta.LocalObjectReference{ + SecretRef: meta.SecretKeyReference{ Name: "kubeconfig", }, }, diff --git a/docs/api/kustomize.md b/docs/api/kustomize.md index ab417b22..5cad4e01 100644 --- a/docs/api/kustomize.md +++ b/docs/api/kustomize.md @@ -521,14 +521,15 @@ github.com/fluxcd/pkg/apis/meta.LocalObjectReference secretRef
- -github.com/fluxcd/pkg/apis/meta.LocalObjectReference + +github.com/fluxcd/pkg/apis/meta.SecretKeyReference -

SecretRef holds the name to a secret that contains a ‘value’ key with -the kubeconfig file as the value. It must be in the same namespace as +

SecretRef holds the name of a secret that contains a key with +the kubeconfig file as the value. If no key is set, the key will default +to ‘value’. The secret must be in the same namespace as the Kustomization. It is recommended that the kubeconfig is self-contained, and the secret is regularly updated if credentials such as a cloud-access-token expire. diff --git a/go.mod b/go.mod index 68db031b..160b030a 100644 --- a/go.mod +++ b/go.mod @@ -15,9 +15,9 @@ require ( github.com/fluxcd/kustomize-controller/api v0.24.4 github.com/fluxcd/pkg/apis/acl v0.0.3 github.com/fluxcd/pkg/apis/kustomize v0.3.3 - github.com/fluxcd/pkg/apis/meta v0.12.2 + github.com/fluxcd/pkg/apis/meta v0.13.0 github.com/fluxcd/pkg/kustomize v0.3.0 - github.com/fluxcd/pkg/runtime v0.14.1 + github.com/fluxcd/pkg/runtime v0.14.2 github.com/fluxcd/pkg/ssa v0.15.2 github.com/fluxcd/pkg/testserver v0.2.0 github.com/fluxcd/pkg/untar v0.1.0 diff --git a/go.sum b/go.sum index 9691eec8..4e2e7c97 100644 --- a/go.sum +++ b/go.sum @@ -274,12 +274,12 @@ github.com/fluxcd/pkg/apis/acl v0.0.3 h1:Lw0ZHdpnO4G7Zy9KjrzwwBmDZQuy4qEjaU/RvA6 github.com/fluxcd/pkg/apis/acl v0.0.3/go.mod h1:XPts6lRJ9C9fIF9xVWofmQwftvhY25n1ps7W9xw0XLU= github.com/fluxcd/pkg/apis/kustomize v0.3.3 h1:bPN29SdVzWl0yhgivuf/83IAe2R6vUuDVcB3LzyVU8E= github.com/fluxcd/pkg/apis/kustomize v0.3.3/go.mod h1:5HTOFZfQFVMMqR2rvuxpbZhpb+sQpcTT6RCQZOhjFzA= -github.com/fluxcd/pkg/apis/meta v0.12.2 h1:AiKAZxLyPtV150y63WC+mL1Qm4x5qWQmW6r4mLy1i8c= -github.com/fluxcd/pkg/apis/meta v0.12.2/go.mod h1:Z26X5uTU5LxAyWETGueRQY7TvdPaGfKU7Wye9bdUlho= +github.com/fluxcd/pkg/apis/meta v0.13.0 h1:0QuNKEExSjk+Rv0I6a85p2H3xOlWhdxZRsh10waEL/c= +github.com/fluxcd/pkg/apis/meta v0.13.0/go.mod h1:Z26X5uTU5LxAyWETGueRQY7TvdPaGfKU7Wye9bdUlho= github.com/fluxcd/pkg/kustomize v0.3.0 h1:mrUsbONJxw1YapmIhim4C7yDGNILmQnAEFolrUdRx+s= github.com/fluxcd/pkg/kustomize v0.3.0/go.mod h1:Qczvl7vNY9NJBpyaFrldsxfGjj6uaMcMmKGsSJ6hcxc= -github.com/fluxcd/pkg/runtime v0.14.1 h1:ZbS3RzR+f+wu1e6Y7GoCxY9PFZkOgX6/gL7Enr75CY0= -github.com/fluxcd/pkg/runtime v0.14.1/go.mod h1:eS4378ydLlWPt2fFjcrAAnJegGJNj3Q/iqYZqjBeWlM= +github.com/fluxcd/pkg/runtime v0.14.2 h1:ktyUjcX4pHoC8DRoBmhEP6eMHbmR6+/MYoARe4YulZY= +github.com/fluxcd/pkg/runtime v0.14.2/go.mod h1:NZr3PRK7xX2M1bl0LdtugvQyWkOmu2NcW3NrZH6U0is= github.com/fluxcd/pkg/ssa v0.15.2 h1:hLEIh7Ymlt6ihfQHIEx7DjAa+FCndBpHW6wyELToVsI= github.com/fluxcd/pkg/ssa v0.15.2/go.mod h1:wwDtLfi7a31/yQuC/oeHXZpaSHGrkZk835uhdHDNyik= github.com/fluxcd/pkg/testserver v0.2.0 h1:Mj0TapmKaywI6Fi5wvt1LAZpakUHmtzWQpJNKQ0Krt4= diff --git a/tests/fuzz/controllers_fuzzer.go b/tests/fuzz/controllers_fuzzer.go index b62b8d1b..779fcd22 100644 --- a/tests/fuzz/controllers_fuzzer.go +++ b/tests/fuzz/controllers_fuzzer.go @@ -266,7 +266,7 @@ func FuzzControllers(data []byte) int { Spec: kustomizev1.KustomizationSpec{ Path: "./", KubeConfig: &kustomizev1.KubeConfig{ - SecretRef: meta.LocalObjectReference{ + SecretRef: meta.SecretKeyReference{ Name: "kubeconfig", }, },