Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kustomize doesn't support --load-restrictor LoadRestrictionsNone for remote resources #193

Closed
saviogl opened this issue Jun 29, 2022 · 2 comments · Fixed by #194
Closed

Kustomize doesn't support --load-restrictor LoadRestrictionsNone for remote resources #193

saviogl opened this issue Jun 29, 2022 · 2 comments · Fixed by #194
Labels
bug Something isn't working

Comments

@saviogl
Copy link
Contributor

saviogl commented Jun 29, 2022
edited
Loading

Describe the bug
When trying to follow these instructions for deploying FarosCE in Kubernetes I'm getting the following issue:

Error: accumulating resources: accumulation err='accumulating resources from './faros': '/private/var/folders/vx/gbhv_rk12vq1zdf76bpn0nhh0000gq/T/kustomize-1233669672/kube/base/faros' must resolve to a file': recursed accumulation of path '/private/var/folders/vx/gbhv_rk12vq1zdf76bpn0nhh0000gq/T/kustomize-1233669672/kube/base/faros': loading KV pairs: env source files: [./config/.env]: security; file '/private/var/folders/vx/gbhv_rk12vq1zdf76bpn0nhh0000gq/T/kustomize-1233669672/kube/base/faros/config/.env' is not in or below '/private/var/folders/vx/gbhv_rk12vq1zdf76bpn0nhh0000gq/T/kustomize-1233669672/kube/base/faros'

This is caused by the fact that we are trying to re-utilize the existing .env configuration file in the root by symlinking it to kube/faros/config/.env. When kustomize parses this files, it attempts to load a resource that is above the path of the kustomization.yaml file in question which is typically prohibited for security reasons. However this can be bypassed with the flag --load-restrictor LoadRestrictionsNone and that often works but as we have just found out it doesn't seem to hold true for when resources are being referenced remotely like the command above.

Here's a reference to a kustomize Github issue touching on the unexpected behavior.

If one clones the repository and runs

kustomize build --load-restrictor LoadRestrictionsNone kube/base

things work properly, and the --load-restrictor flag is respected

To Reproduce
Steps to reproduce the behavior:

  1. Install kustomize
  2. From a terminal execute kustomize build --load-restrictor LoadRestrictionsNone https://github.com/faros-ai/faros-community-edition/kube/base

Expected behavior
FarosCE K8s manifests are rendered correctly

Screenshots and logs
image

Deployment

  • Kustomize 4.5.5
@saviogl saviogl added the bug Something isn't working label Jun 29, 2022
@thomas-gerber
Copy link
Contributor

I propose we copy the .env file for now until there is a workaround?

@saviogl
Copy link
Contributor Author

saviogl commented Jun 29, 2022
edited
Loading

@thomas-gerber Yeah we can do that in the meantime, the only issue is around maintaining it in sync.

We can add either pre-commit hooks or Github Actions to ensure that these are kept in sync

@thomas-gerber thomas-gerber mentioned this issue Jun 29, 2022
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
2 participants
@thomas-gerber @saviogl