Replacements / Reject: labelSelector does not filter correctly and applies the Replacement to all #6035
Description
What happened?
When using a replacement, trying to reject the replacement for a group of resources with a particular label does not work.
Adding a labelSelector does not add any filtering, instead everything is rejected and the replacement is skipped.
What did you expect to happen?
Adding a labelSelector to the Reject should exclude those resources from being updated.
How can we reproduce it (as minimally and precisely as possible)?
# kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deploy1.yaml
- deploy2.yaml
configMapGenerator:
- name: config
literals:
- PAUSED=true
replacements:
- source:
kind: ConfigMap
name: config
fieldPath: data.PAUSED
targets:
- select:
kind: Deployment
reject:
- kind: Deployment
labelSelector: "app=test2"
# name: test2
fieldPaths:
- spec.pausedPS: uncommenting name: test2 in the reject array will show how it should work and that the configuration is correct.
# deploy1.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: test1
name: test1
spec:
paused: false
replicas: 1
selector:
matchLabels:
app: test1
strategy: {}
template:
metadata:
labels:
app: test1
spec:
containers:
- command:
- tail
- -f
- /dev/null
image: ubuntu
name: ubuntu
resources: {}# deploy2.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: test2
name: test2
spec:
paused: false
replicas: 1
selector:
matchLabels:
app: test2
strategy: {}
template:
metadata:
labels:
app: test2
spec:
containers:
- command:
- tail
- -f
- /dev/null
image: ubuntu
name: ubuntu
resources: {}Expected output
apiVersion: v1
data:
PAUSED: "true"
kind: ConfigMap
metadata:
name: config
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: test1
name: test1
spec:
paused: true
replicas: 1
selector:
matchLabels:
app: test1
strategy: {}
template:
metadata:
labels:
app: test1
spec:
containers:
- command:
- tail
- -f
- /dev/null
image: ubuntu
name: ubuntu
resources: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: test2
name: test2
spec:
paused: false
replicas: 1
selector:
matchLabels:
app: test2
strategy: {}
template:
metadata:
labels:
app: test2
spec:
containers:
- command:
- tail
- -f
- /dev/null
image: ubuntu
name: ubuntu
resources: {}Actual output
apiVersion: v1
data:
PAUSED: "true"
kind: ConfigMap
metadata:
name: config
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: test1
name: test1
spec:
paused: false
replicas: 1
selector:
matchLabels:
app: test1
strategy: {}
template:
metadata:
labels:
app: test1
spec:
containers:
- command:
- tail
- -f
- /dev/null
image: ubuntu
name: ubuntu
resources: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: test2
name: test2
spec:
paused: false
replicas: 1
selector:
matchLabels:
app: test2
strategy: {}
template:
metadata:
labels:
app: test2
spec:
containers:
- command:
- tail
- -f
- /dev/null
image: ubuntu
name: ubuntu
resources: {}Kustomize version
v5.7.1 (latest kubectl v1.34.3) and v5.8.0
Operating system
MacOS