(feat) Add PatchesFrom

Profiles can now references ConfigMap/Secret instances containing
StrategicMerge or JSON Patch.

The namespace/name of the referenced ConfigMap/Secret can be expressed
as template.

Author: gianlucam76

api/v1beta1/clusterpromotion_types.go

@@ -156,6 +156,15 @@ type ProfileSpec struct {
 	// +optional
 	Patches []libsveltosv1beta1.Patch `json:"patches,omitempty"`
 
+	// PatchesFrom can reference ConfigMap/Secret instances. Within the ConfigMap or Secret data,
+	// it is possible to store additional Kustomize inline Patches applied for all resources on this profile
+	// These values can be static or leverage Go templates for dynamic customization.
+	// When expressed as templates, the values are filled in using information from
+	// resources within the management cluster before deployment (Cluster and TemplateResourceRefs)
+	// +listType=atomic
+	// +optional
+	PatchesFrom []ValueFrom `json:"patchesFrom,omitempty"`
+
 	// DriftExclusions is a list of configuration drift exclusions to be applied when syncMode is
 	// set to ContinuousWithDriftDetection. Each exclusion specifies JSON6902 paths to ignore
 	// when evaluating drift, optionally targeting specific resources and features.

api/v1beta1/spec.go

@@ -784,6 +784,15 @@ type Spec struct {
 	// +optional
 	Patches []libsveltosv1beta1.Patch `json:"patches,omitempty"`
 
+	// PatchesFrom can reference ConfigMap/Secret instances. Within the ConfigMap or Secret data,
+	// it is possible to store additional Kustomize inline Patches applied for all resources on this profile
+	// These values can be static or leverage Go templates for dynamic customization.
+	// When expressed as templates, the values are filled in using information from
+	// resources within the management cluster before deployment (Cluster and TemplateResourceRefs)
+	// +listType=atomic
+	// +optional
+	PatchesFrom []ValueFrom `json:"patchesFrom,omitempty"`
+
 	// DriftExclusions is a list of configuration drift exclusions to be applied when syncMode is
 	// set to ContinuousWithDriftDetection. Each exclusion specifies JSON6902 paths to ignore
 	// when evaluating drift, optionally targeting specific resources and features.

api/v1beta1/zz_generated.deepcopy.go

@@ -888,6 +888,50 @@ spec:
                   type: object
                 type: array
                 x-kubernetes-list-type: atomic
+              patchesFrom:
+                description: |-
+                  PatchesFrom can reference ConfigMap/Secret instances. Within the ConfigMap or Secret data,
+                  it is possible to store additional Kustomize inline Patches applied for all resources on this profile
+                  These values can be static or leverage Go templates for dynamic customization.
+                  When expressed as templates, the values are filled in using information from
+                  resources within the management cluster before deployment (Cluster and TemplateResourceRefs)
+                items:
+                  properties:
+                    kind:
+                      description: |-
+                        Kind of the resource. Supported kinds are:
+                        - ConfigMap/Secret
+                      enum:
+                      - ConfigMap
+                      - Secret
+                      type: string
+                    name:
+                      description: |-
+                        Name of the referenced resource.
+                        Name can be expressed as a template and instantiate using any cluster field.
+                      minLength: 1
+                      type: string
+                    namespace:
+                      description: |-
+                        Namespace of the referenced resource.
+                        For ClusterProfile namespace can be left empty. In such a case, namespace will
+                        be implicit set to cluster's namespace.
+                        For Profile namespace must be left empty. The Profile namespace will be used.
+                        Namespace can be expressed as a template and instantiate using any cluster field.
+                      type: string
+                    optional:
+                      default: false
+                      description: |-
+                        Optional indicates that the referenced resource is not mandatory.
+                        If set to true and the resource is not found, the error will be ignored,
+                        and Sveltos will continue processing other ValueFroms.
+                      type: boolean
+                  required:
+                  - kind
+                  - name
+                  type: object
+                type: array
+                x-kubernetes-list-type: atomic
               policyRefs:
                 description: |-
                   PolicyRefs references all the ConfigMaps/Secrets/Flux Sources containing kubernetes resources

config/crd/bases/config.projectsveltos.io_clusterprofiles.yaml

@@ -789,6 +789,50 @@ spec:
                       type: object
                     type: array
                     x-kubernetes-list-type: atomic
+                  patchesFrom:
+                    description: |-
+                      PatchesFrom can reference ConfigMap/Secret instances. Within the ConfigMap or Secret data,
+                      it is possible to store additional Kustomize inline Patches applied for all resources on this profile
+                      These values can be static or leverage Go templates for dynamic customization.
+                      When expressed as templates, the values are filled in using information from
+                      resources within the management cluster before deployment (Cluster and TemplateResourceRefs)
+                    items:
+                      properties:
+                        kind:
+                          description: |-
+                            Kind of the resource. Supported kinds are:
+                            - ConfigMap/Secret
+                          enum:
+                          - ConfigMap
+                          - Secret
+                          type: string
+                        name:
+                          description: |-
+                            Name of the referenced resource.
+                            Name can be expressed as a template and instantiate using any cluster field.
+                          minLength: 1
+                          type: string
+                        namespace:
+                          description: |-
+                            Namespace of the referenced resource.
+                            For ClusterProfile namespace can be left empty. In such a case, namespace will
+                            be implicit set to cluster's namespace.
+                            For Profile namespace must be left empty. The Profile namespace will be used.
+                            Namespace can be expressed as a template and instantiate using any cluster field.
+                          type: string
+                        optional:
+                          default: false
+                          description: |-
+                            Optional indicates that the referenced resource is not mandatory.
+                            If set to true and the resource is not found, the error will be ignored,
+                            and Sveltos will continue processing other ValueFroms.
+                          type: boolean
+                      required:
+                      - kind
+                      - name
+                      type: object
+                    type: array
+                    x-kubernetes-list-type: atomic
                   policyRefs:
                     description: |-
                       PolicyRefs references all the ConfigMaps/Secrets/Flux Sources containing kubernetes resources

config/crd/bases/config.projectsveltos.io_clusterpromotions.yaml

@@ -926,6 +926,50 @@ spec:
                       type: object
                     type: array
                     x-kubernetes-list-type: atomic
+                  patchesFrom:
+                    description: |-
+                      PatchesFrom can reference ConfigMap/Secret instances. Within the ConfigMap or Secret data,
+                      it is possible to store additional Kustomize inline Patches applied for all resources on this profile
+                      These values can be static or leverage Go templates for dynamic customization.
+                      When expressed as templates, the values are filled in using information from
+                      resources within the management cluster before deployment (Cluster and TemplateResourceRefs)
+                    items:
+                      properties:
+                        kind:
+                          description: |-
+                            Kind of the resource. Supported kinds are:
+                            - ConfigMap/Secret
+                          enum:
+                          - ConfigMap
+                          - Secret
+                          type: string
+                        name:
+                          description: |-
+                            Name of the referenced resource.
+                            Name can be expressed as a template and instantiate using any cluster field.
+                          minLength: 1
+                          type: string
+                        namespace:
+                          description: |-
+                            Namespace of the referenced resource.
+                            For ClusterProfile namespace can be left empty. In such a case, namespace will
+                            be implicit set to cluster's namespace.
+                            For Profile namespace must be left empty. The Profile namespace will be used.
+                            Namespace can be expressed as a template and instantiate using any cluster field.
+                          type: string
+                        optional:
+                          default: false
+                          description: |-
+                            Optional indicates that the referenced resource is not mandatory.
+                            If set to true and the resource is not found, the error will be ignored,
+                            and Sveltos will continue processing other ValueFroms.
+                          type: boolean
+                      required:
+                      - kind
+                      - name
+                      type: object
+                    type: array
+                    x-kubernetes-list-type: atomic
                   policyRefs:
                     description: |-
                       PolicyRefs references all the ConfigMaps/Secrets/Flux Sources containing kubernetes resources

config/crd/bases/config.projectsveltos.io_clustersummaries.yaml

@@ -888,6 +888,50 @@ spec:
                   type: object
                 type: array
                 x-kubernetes-list-type: atomic
+              patchesFrom:
+                description: |-
+                  PatchesFrom can reference ConfigMap/Secret instances. Within the ConfigMap or Secret data,
+                  it is possible to store additional Kustomize inline Patches applied for all resources on this profile
+                  These values can be static or leverage Go templates for dynamic customization.
+                  When expressed as templates, the values are filled in using information from
+                  resources within the management cluster before deployment (Cluster and TemplateResourceRefs)
+                items:
+                  properties:
+                    kind:
+                      description: |-
+                        Kind of the resource. Supported kinds are:
+                        - ConfigMap/Secret
+                      enum:
+                      - ConfigMap
+                      - Secret
+                      type: string
+                    name:
+                      description: |-
+                        Name of the referenced resource.
+                        Name can be expressed as a template and instantiate using any cluster field.
+                      minLength: 1
+                      type: string
+                    namespace:
+                      description: |-
+                        Namespace of the referenced resource.
+                        For ClusterProfile namespace can be left empty. In such a case, namespace will
+                        be implicit set to cluster's namespace.
+                        For Profile namespace must be left empty. The Profile namespace will be used.
+                        Namespace can be expressed as a template and instantiate using any cluster field.
+                      type: string
+                    optional:
+                      default: false
+                      description: |-
+                        Optional indicates that the referenced resource is not mandatory.
+                        If set to true and the resource is not found, the error will be ignored,
+                        and Sveltos will continue processing other ValueFroms.
+                      type: boolean
+                  required:
+                  - kind
+                  - name
+                  type: object
+                type: array
+                x-kubernetes-list-type: atomic
               policyRefs:
                 description: |-
                   PolicyRefs references all the ConfigMaps/Secrets/Flux Sources containing kubernetes resources

config/crd/bases/config.projectsveltos.io_profiles.yaml

@@ -975,6 +975,12 @@ func (r *ClusterSummaryReconciler) getCurrentReferences(ctx context.Context,
 	}
 	currentReferences.Append(helmRefs)
 
+	patchesFromReferences, err := getPatchesFrom(ctx, clusterSummaryScope.ClusterSummary)
+	if err != nil {
+		return nil, err
+	}
+	currentReferences.Append(patchesFromReferences)
+
 	return currentReferences, nil
 }
 
@@ -1743,3 +1749,35 @@ func (r *ClusterSummaryReconciler) processUndeployError(clusterSummaryScope *sco
 
 	return reconcile.Result{Requeue: true, RequeueAfter: deleteRequeueAfter}, nil
 }
+
+// getPatchesFrom gets referenced ConfigMap/Secret in a PatchesFrom.
+func getPatchesFrom(ctx context.Context, clusterSummary *configv1beta1.ClusterSummary) (*libsveltosset.Set, error) {
+	currentValuesFromReferences := &libsveltosset.Set{}
+
+	patchesFrom := clusterSummary.Spec.ClusterProfileSpec.PatchesFrom
+	for i := range patchesFrom {
+		referencedNamespace := patchesFrom[i].Namespace
+		namespace, err := libsveltostemplate.GetReferenceResourceNamespace(ctx, getManagementClusterClient(),
+			clusterSummary.Spec.ClusterNamespace, clusterSummary.Spec.ClusterName, referencedNamespace,
+			clusterSummary.Spec.ClusterType)
+		if err != nil {
+			return nil, err
+		}
+
+		referencedName, err := libsveltostemplate.GetReferenceResourceName(ctx, getManagementClusterClient(),
+			clusterSummary.Spec.ClusterNamespace, clusterSummary.Spec.ClusterName, patchesFrom[i].Name,
+			clusterSummary.Spec.ClusterType)
+		if err != nil {
+			return nil, err
+		}
+
+		currentValuesFromReferences.Insert(&corev1.ObjectReference{
+			APIVersion: corev1.SchemeGroupVersion.String(),
+			Kind:       patchesFrom[i].Kind,
+			Namespace:  namespace,
+			Name:       referencedName,
+		})
+	}
+
+	return currentValuesFromReferences, nil
+}

controllers/clustersummary_controller.go

@@ -1341,4 +1341,63 @@ var _ = Describe("ClusterSummaryReconciler: requeue methods", func() {
 
 		Expect(testEnv.Delete(context.TODO(), ns)).To(Succeed())
 	})
+
+	It("getPatchesFrom returns list of all ConfigMap/Secret instances referenced in PatchesFrom section", func() {
+		ns := &corev1.Namespace{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: namespace,
+			},
+		}
+		Expect(testEnv.Create(context.TODO(), ns)).To(Succeed())
+		Expect(waitForObject(context.TODO(), testEnv, ns))
+
+		Expect(testEnv.Create(context.TODO(), cluster)).To(Succeed())
+		Expect(waitForObject(context.TODO(), testEnv.Client, cluster)).To(Succeed())
+
+		clusterSummary := &configv1beta1.ClusterSummary{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      randomString(),
+				Namespace: ns.Name,
+			},
+			Spec: configv1beta1.ClusterSummarySpec{
+				ClusterNamespace: cluster.Namespace,
+				ClusterName:      cluster.Name,
+				ClusterType:      libsveltosv1beta1.ClusterTypeCapi,
+				ClusterProfileSpec: configv1beta1.Spec{
+					PatchesFrom: []configv1beta1.ValueFrom{
+						{
+							Kind:      string(libsveltosv1beta1.ConfigMapReferencedResourceKind),
+							Namespace: "{{ .Cluster.metadata.name }}",
+							Name:      "{{ .Cluster.metadata.name }}-patch",
+						},
+						{
+							Kind:      string(libsveltosv1beta1.SecretReferencedResourceKind),
+							Namespace: "{{ .Cluster.metadata.name }}",
+							Name:      "{{ .Cluster.metadata.name }}-patch",
+						},
+					},
+				},
+			},
+		}
+
+		Expect(testEnv.Create(context.TODO(), clusterSummary)).To(Succeed())
+		Expect(waitForObject(context.TODO(), testEnv, clusterSummary))
+
+		patchesFrom, err := controllers.GetPatchesFrom(context.TODO(), clusterSummary)
+		Expect(err).To(BeNil())
+		Expect(patchesFrom.Len()).To(Equal(2))
+		Expect(patchesFrom.Has(&corev1.ObjectReference{
+			APIVersion: corev1.SchemeGroupVersion.String(),
+			Kind:       string(libsveltosv1beta1.ConfigMapReferencedResourceKind),
+			Namespace:  cluster.Namespace,
+			Name:       fmt.Sprintf("%s-patch", cluster.Name),
+		}))
+
+		Expect(patchesFrom.Has(&corev1.ObjectReference{
+			APIVersion: corev1.SchemeGroupVersion.String(),
+			Kind:       string(libsveltosv1beta1.SecretReferencedResourceKind),
+			Namespace:  cluster.Namespace,
+			Name:       fmt.Sprintf("%s-patch", cluster.Name),
+		}))
+	})
 })