-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LoadRestrictionsNone does not disable restrictions on remote bases #4052
Comments
@814HiManny FYI, I get the same error in the even simpler case with no local FAILURE:
SUCCESS:
|
/triage accepted |
@814HiManny Probably no surprise but the behavior is the same using SSH. I mention it because I ran into this issue while trying to access a private repo with SSH.
|
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove- lifecycle stale |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
/remove- lifecycle stale |
/remove- lifecycle rotten |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /close |
@k8s-triage-robot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@814HiManny Any solutions for this? Did this just get closed and that's it? |
/remove-lifecycle rotten |
/reopen |
@saviogl: You can't reopen an issue/PR unless you authored it or you are a collaborator. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
until there is support for removing load restrictions in remote directories see: kubernetes-sigs/kustomize#4052
…194) * Copy env file to kube base until there is support for removing load restrictions in remote directories see: kubernetes-sigs/kustomize#4052 * Simplify kubectl commands Possible now that load restrictions are not necessary anymore. * Add drift check on .env file Co-authored-by: Sávio Lucena <saviogl@gmail.com>
I apologize for causing confusion, but I should not have accepted this issue. The fact that the load restrictor cannot be bypassed, even with the flag, for remote bases is an intentional security feature. https://github.com/kubernetes-sigs/kustomize/blob/master/api/loader/fileloader.go#L210-L211 In general, we recommend localizing remote bases for production use and subjecting them to review. This is even more critical, to the point that we require it, when the remote base requires arbitrary filesystem access. We are working on We would accept documentation or warning message improvements to alleviate the confusion around this, but we will not be changing the behaviour. /retitle LoadRestrictionsNone does not disable restrictions on remote bases /triage unresolved |
@KnVerey: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@814HiManny: This issue is currently awaiting triage. SIG CLI takes a lead on issue triage for this repo, but any Kubernetes member can accept issues by applying the The Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
When using LoadRestrictionsNone I expect kustomize to be able to refer to kustomizations in git repositories that reference a configuration that is outside of the directory where the kustomization is. If I do a git clone of a repo, the LoadRestrictionsNone flag correctly works. When the same git repo is referenced via a git resource, it does not work.
kustomization.yaml
Expected output
A valid yaml output
Actual output
Kustomize version
{Version:kustomize/v4.2.0 GitCommit:d53a2ad45d04b0264bcee9e19879437d851cb778 BuildDate:2021-06-30T22:49:26Z GoOs:darwin GoArch:amd64}
Platform
macOS
The text was updated successfully, but these errors were encountered: