Kustomize: Update internal references that are going to be changes using namePrefix or nameSuffix

2 min read | by Jordi Prats

When using namePrefix or nameSuffix to change the names of the resources we are deplying using Kustomize, we need to make sure the cross object references get updated as well.

For example, if we have a SecretStore like this one:

apiVersion: external-secrets.io/v1beta1 kind: SecretStore metadata:  name: testvault-backend  annotations:  argocd.argoproj.io/sync-wave: "1" spec:  provider:  vault:  server: "http://testvault.testvault.svc.cluster.local:80"  path: "secret"  version: "v2"  auth:  tokenSecretRef:  name: "vault-token"  key: "token" 

We'll need to make sure that the spec.secretStoreRef still points to that object after updating it's name with namePrefix and nameSuffix:

apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata:  name: eso-demo  annotations:  argocd.argoproj.io/sync-wave: "2" spec:  refreshInterval: "15s"  secretStoreRef:  name: testvault-backend  kind: SecretStore  data:  - secretKey: demo  remoteRef:  key: secret/demo  property: test 

To do so we'll need to add a configurations entry to our kustomization.yaml like follows:

configurations: - nameReference.yaml 

The nameReference.yaml file will contain the references that needs updating. With the following configuration we are going to tell Kustomize to update the field spec.secretStoreRef.name from the ExternalSecret with the updated name for the SecretStore object.

nameReference:  - kind: SecretStore  fieldSpecs:  - kind: ExternalSecret  path: spec/secretStoreRef/name 

When we have multiple objects, we just need to make sure that the initial objects are pointing to the right one: Kustomize is going to take it from here to update references.

Posted on 05/01/2023