I have an air-gapped cluster deployed with FluxCD for GitOps. Due to the air-gap I'm rendering Helm charts using helm template .... One of them (WikiJS) doesn't contain any way to override the startup command, which is necessary because data is stored on an SMB share (I'm using csi-driver-smb) and the database (PostgresQL; included in the Helm chart) expects the data folder to be chowned to either 0700 or 0600. SMB has no understanding of *NIX permissions.
To tackle this issue I've tried to patch the rendered Helm chart using a Kustomize file. This results in the following problem on the cluster: kustomize build failed: accumulating resources: accumulation err='accumulating resources from './apps/wikijs/app/overlays/prod': read /tmp/kustomization-3367117022/clusters/prod/apps/wikijs/app/overlays/prod: is a directory': recursed merging from path '/tmp/kustomization-3367117022/clusters/prod/apps/wikijs/app/overlays/prod': may not add resource with an already registered id: Namespace.v1.[noGrp]/wikijs.[noNs].
I understand that this tells me that a resource already exists but I can assure that there absolutely nothing, nada, niente. There is no namespace called wikijs and the rendered template doesn't contain duplicate resources.
As already briefly explained I have tried - in order to keep my git repo "reproduceable" - to patch the rendered Helm chart using a Kustomize file. In my dev-environment this renders fine but FluxCD has problems doing the same. I've discovered through some other post that it doesn't just kubectl kustomize <path/to/kustomization.yaml> but rather goes kubectl kustomize --load-restrictor=LoadRestrictionsNone <path/to/kustomization.yaml> | kubectl apply --server-side --dry-run=server -f- (like explained here) but that doesn't make any difference.
My directory structure looks like the following:
clusters/prod/apps/wikijs/app
|- ks.yml
|- base
| |- helm_template.yml
| |- kustomization.yml
| |- namespace.yml
| |- values.yml
|
|- overlays/prod
|- kustomization.yml
|- patch.yml
ks.yml
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: wikijs
namespace: flux-system
spec:
interval: 1m0s
path: ./clusters/prod/apps/wikijs/app/overlays/prod
prune: true
sourceRef:
kind: GitRepository
name: flux-system
base/helm_template.yml
Generate using: helm template wikijs requarks/wiki --namespace wikijs --values values.yml > helm_template.yml
base/kustomization.yml
Just a kustomization that includes the resources namespace.yml and helm_template.yml
base/namespace.yml
Duh, a namespace...
base/values.yml
image:
repository: internal.registry/requarks/wiki
ingress:
annotations:
cert-manager.io/cluster-issuer: "prod"
hosts:
- host: wiki.somedomain
paths:
- path: "/"
pathType: Prefix
tls:
- secretName: wikijs-ingress-tls
hosts:
- wiki.somedomain
postgresql:
persistence:
storageClass: smb
overlays/prod/kustomization.yml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../base
patchesJson6902:
- target:
group: apps
version: v1
kind: StatefulSet
name: wikijs-postgresql
path: patch.yml
patch.yml
- op: add
path: /spec/template/spec/containers/0/command
value:
- sh
- -c
- |
mkdir -p /bitnami/postgresql/data
chmod 700 /bitnami/postgresql/data
find /bitnami/postgresql -mindepth 0 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \
xargs chown -R 1001:1001
/entrypoint.sh
I really hope it's just a dumb mistake. TIA