localize Command Feedback

[annasong20]

This umbrella issue tracks user feedback for the new alpha command kustomize localize.

[Jell]

Great feature! <3 I noticed one thing though: it seems to be broken for remote transformers? I don't know if that's a bug or a feature :p I have a repository here reproducing the error I'm seeing: https://github.com/Jell/kustomize-localize-remote-transformers-issue

To me this looks like a similar error to: #4958

(not sure if I should open a separate ticket or not, but I saw on the release note I should give feedback on the feature in this issue, so I thought I would start here)

[jleonar]

I think having an --overwrite flag is really needed. We use localize because our git repo is not especially fast. Combined with localize doing everything sequentially, that means pulling resources in our CI pipelines is a no-go as it is too expensive.

So we use localize. However, every change requires us to "relocalize" before commits. Which in turns requires us to have a process to remove all our localized folders since we can't just pass a flag --overwrite.

[annasong20]

@Jell Thank you for uploading the exact setup!

Yes, this behavior is intentional. However, the feature that the alpha version of localize intentionally excluded was not remote transformers, but transformers resulting from a kustomization. The Fields section of the documentation reads "In addition to localizing files" and the plugin footnote both allude to this.

We will add this feature in beta if it has enough popularity.

[NissesSenap]

Don't know if you want this in a separate feature request or not, but I will start here.

So I might be misunderstanding how to localize cmd works, but my understanding is that I can download remote resources from remote repositories like github.

It would be nice to add the possibility of downloading OCI manifests as well.
This is a feature that the flux community have implemented https://fluxcd.io/flux/installation, https://fluxcd.io/flux/cmd/flux_pull_artifact/

So a simple example, you can write the following and it will donwload the OCI artifact an unpack it.

flux pull artifact oci://ghcr.io/grafana-operator/kustomize/grafana-operator:v5.0.0-rc1 --output ./grafana-operator/

For those of us that uses flux it's nothing strange but for none flux users it would be nice to be able to do the same using Kustomize.

So adding oci support to localize to be able to do something like this would be nice:

kustomize localize oci://ghcr.io/grafana-operator/kustomize/grafana-operator:v5.0.0-rc1

[natasha41575]

@NissesSenap Thanks for the comment! I agree that we should try to support oci as a remote format - it seems to be becoming a more and more popular way to store kubernetes manifests.

If we do support oci, we should support it both with kustomize build and kustomize localize.

[NissesSenap]

@natasha41575 , I didn't know that kustomize build supported remote repositories until today. But since it does, it feels natural to add OCI support to the build sub command as well.

[Striar-Yunis]

Is there any documentation on how to update custom generators to give them support for localize? For instance ksops. It provides sops secret encryption but its referenced encrypted manifest files are missed. Is there an interface for generators communicating back to localize?

In the following example secrets/example.yaml is not localized.

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generators:
- secret-generator.yaml

apiVersion: viaduct.ai/v1
kind: ksops
metadata:
  name: secret-generator
files:
  - secrets/example.yaml

[annasong20]

Hi @Striar-Yunis, thank you for the link and exact setup!

Unfortunately, in alpha, localize only knows how to download/copy file references in the built-in plugins listed here: https://kubectl.docs.kubernetes.io/references/kustomize/cmd/localize/#fields. I think the ability to specify file references for custom generators/transformers will be great to discuss for beta.