使用 Kustomize 跨多个环境和应用程序的通用配置
Common config across multiple environments and applications with Kustomize
是否可以有一个在多个环境和应用程序之间共享的通用配置文件(例如 ConfigMap)?
我知道在多个环境叠加层中执行此操作很简单,但对于应用程序来说,高于它的级别如何?
如果我有以下结构:
Base
App1
Configmaps
Kustomization.yaml
Global
Configmaps
Overlays
Env1
App1
Configmaps
Deployments
Kustomization.yaml
App2
Configmaps
Deployments
Kustomization.yaml
Env2.. (same as above)
App1..
App2..
是否有可能在所有应用程序中引用一组静态的通用配置值?
在上面的结构中,我只能引用同一文件夹或下面的资源,如果我尝试引用 App 级别之外的父文件夹中的资源,那么你通常会得到一个错误,例如“
错误:AccumulateTarget:rawResources 无法读取资源:从路径加载../../configmaps/base-config.yaml 失败:安全;文件 '../../configmaps/base-config.yaml' 不在或低于 'C:\Code\BUILD-ARTEFACTS\deployment-manifests\base\apps\app-ui'
“
是否可以在父文件夹级别而不是在子文件夹中共享通用配置?
否则我最终会在多个应用程序中重复一些设置,这并不理想。
您看到此错误是为了保护用户免受网络钓鱼攻击。查看 this kustomize issue.
来自 kustomize 常见问题解答:security: file ‘foo’ is not in or below ‘bar:
v2.0 added a security check that prevents kustomizations from reading files outside their own directory root.
This was meant to help protect the person inclined to download kustomization directories from the web and use them without inspection to control their production cluster (see #693, #700, #995 and #998).
Resources (including configmap and secret generators) can still be
shared via the recommended best practice of placing them in a
directory with their own kustomization file, and referring to this
directory as a base from any kustomization that wants to use it. This
encourages modularity and relocatability.
To disable this, use v3, and the load_restrictor flag:
kustomize build --load_restrictor none $target
是否可以有一个在多个环境和应用程序之间共享的通用配置文件(例如 ConfigMap)? 我知道在多个环境叠加层中执行此操作很简单,但对于应用程序来说,高于它的级别如何? 如果我有以下结构:
Base
App1
Configmaps
Kustomization.yaml
Global
Configmaps
Overlays
Env1
App1
Configmaps
Deployments
Kustomization.yaml
App2
Configmaps
Deployments
Kustomization.yaml
Env2.. (same as above)
App1..
App2..
是否有可能在所有应用程序中引用一组静态的通用配置值? 在上面的结构中,我只能引用同一文件夹或下面的资源,如果我尝试引用 App 级别之外的父文件夹中的资源,那么你通常会得到一个错误,例如“ 错误:AccumulateTarget:rawResources 无法读取资源:从路径加载../../configmaps/base-config.yaml 失败:安全;文件 '../../configmaps/base-config.yaml' 不在或低于 'C:\Code\BUILD-ARTEFACTS\deployment-manifests\base\apps\app-ui' “
是否可以在父文件夹级别而不是在子文件夹中共享通用配置? 否则我最终会在多个应用程序中重复一些设置,这并不理想。
您看到此错误是为了保护用户免受网络钓鱼攻击。查看 this kustomize issue.
来自 kustomize 常见问题解答:security: file ‘foo’ is not in or below ‘bar:
v2.0 added a security check that prevents kustomizations from reading files outside their own directory root.
This was meant to help protect the person inclined to download kustomization directories from the web and use them without inspection to control their production cluster (see #693, #700, #995 and #998).
Resources (including configmap and secret generators) can still be shared via the recommended best practice of placing them in a directory with their own kustomization file, and referring to this directory as a base from any kustomization that wants to use it. This encourages modularity and relocatability.
To disable this, use v3, and the load_restrictor flag:
kustomize build --load_restrictor none $target