Skip to content

kustomize: support merging the input OpenAPI schemas with the built-in ones#1258

Open
matheuscscp wants to merge 1 commit into
mainfrom
fix-flux2-5972
Open

kustomize: support merging the input OpenAPI schemas with the built-in ones#1258
matheuscscp wants to merge 1 commit into
mainfrom
fix-flux2-5972

Conversation

@matheuscscp

@matheuscscp matheuscscp commented Jul 3, 2026

Copy link
Copy Markdown
Member

xref: fluxcd/flux2#5972 (Avoiding Closes to keep the issue open until a patch is released)

This PR uses envtest to fully reproduce and verify the fix for the issue above:

  1. A DaemonSet is used.
  2. A strategic merge patch is applied on it.
  3. A dry-run is performed with the result.

With merge, dry-run succeeds. Without merge, the exact dry-run error from fluxcd/flux2#5972 is asserted.

Note: We preserve Kustomize's winning rule for multiple openapi.path occurrences in a given build: overlay wins, otherwise first base wins.

@matheuscscp matheuscscp requested a review from stefanprodan July 3, 2026 18:54
@matheuscscp matheuscscp requested a review from a team as a code owner July 3, 2026 18:54
@matheuscscp matheuscscp added bug Something isn't working area/kustomize Kustomize related issues and pull requests backport:flux/v2.9.x To be backported to flux/v2.9.x labels Jul 3, 2026
Comment thread kustomize/openapi_merge.go
…n ones

Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
if kubernetesOpenAPISchemaErr != nil {
return nil, kubernetesOpenAPISchemaErr
}
return cloneOpenAPISchema(kubernetesOpenAPISchema)

@matheuscscp matheuscscp Jul 3, 2026

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to clone the built-in OpenAPI schema for each openapi.path in the tree because we mutate this clone to merge it with the contents of that openapi.path file.

This effectively results in, per openapi.path, roughly 11.4 MiB of JSON encode/decode plus writing a ~3.8 MiB .flux-openapi-merged.json to disk.

@stefanprodan stefanprodan Jul 3, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All of this happens under the mutex lock?

@matheuscscp matheuscscp Jul 3, 2026

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, like everything else in a kustomize build:

  kustomizeBuildMutex.Lock()
  defer kustomizeBuildMutex.Unlock()

  openapi.ResetOpenAPI()

  if buildOpts.mergeOpenAPIPathWithBuiltins { // defaults to true
      mergeOpenAPIPathWithBuiltins(fs, dirPath)
  }

  k.Run(fs, dirPath)

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wander what's the real memory impact, these clones will accumulate till GC decides to wipe them. For users that don't set openapi.path there is still a price to pay since we have to walk the file tree and parse all kustomization.yaml along the way.

@matheuscscp matheuscscp requested a review from stefanprodan July 3, 2026 20:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area/kustomize Kustomize related issues and pull requests backport:flux/v2.9.x To be backported to flux/v2.9.x bug Something isn't working

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants