kubernetesgoogle-kubernetes-enginekustomize

Kustomize patch doesn't patch base values - GKE Managed Certs

I'm trying to "templatize" the K8s manifests I currently use to generate my Google managed certificates on GKE. When I run kustomize build it runs successfully, but regardless of what patching type I use, the returned yaml only shows the base configuration, none of the patched values are reflected in the build output. I've tried both strategic merge patching and JSON6902 patching. I've tried including the path to a patch file as well as doing it directly in the kustomization.yaml using both patches: and patchesJson6902: as well as applying kustomize edit fix and results are all the same. The files below are my most recent attempt using patchesJson6902: and a kustomization.yaml in-line patch.

Kustomize v5.5.0 & v5.0.4-0.20230601165947-6ce0bf390ce3 (same results with kubectl included kustomize version)

I have the following file layout:

base
|--managed-cert.yaml
|--kustomization.yaml
overlays
|--newenv
   |--kustomization.yaml

File Contents:

managed-cert.yaml

apiVersion: networking.gke.io/v1
kind: ManagedCertificate
metadata:
  name: some-managed-cert
  namespace: ""
spec:
  domains:
    - ""

kustomization.yaml (base)

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
- managed-cert.yaml

kustomization.yaml (overlay) (Edit - changed target version to reflect suggestion below, no change in behavior)

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../base
namespace: new-env

patchesJson6902:
  - target:
      group: networking.gke.io/v1
      version: v1
      kind: ManagedCertificate
      name: managed-cert
    patch: |-
     - op: replace
       path: /metadata/name
       value: new-cert-name
     - op: replace
       path: /spec/domains/-
       value: new.domain.name

kustomize build output:

# Warning: 'patchesJson6902' is deprecated. Please use 'patches' instead. Run 'kustomize edit fix' to update your Kustomization automatically.
apiVersion: networking.gke.io/v1
kind: ManagedCertificate
metadata:
  name: some-managed-cert
  namespace: new-env
spec:
  domains:
  - ""

As you can see the namspace transformation is happening but nothing else is.

Solution

  • Take off the /v1 from the group as it is matched in the version, like thomas said make sure the name is the same, and remove the /- from the path for the domain name. See if my example below works

    patchesJson6902:
  - target:
      group: networking.gke.io
      version: v1
      kind: ManagedCertificate
      name: some-managed-cert
    patch: |-
      - op: replace
        path: /metadata/name
        value: new-cert-name
      - op: replace
        path: /spec/domains
        value: new.domain.name