[kustomize] kustomize build时提示Error: no matches for OriginalId apps_v1_Deployment|system xxxx

1. 问题

  需要部署Redis Operator，使用了v0.13.0 tag,在执行make deploy时，kustomize提示：no matches for OriginalId apps_v1_Deployment|system|controller-manager

[root@8f7059cd1fc5 ~/workspace/gitlib99/redis-operator]# make deploy
/root/workspace/gitlib99/redis-operator/bin/controller-gen "crd:trivialVersions=true,preserveUnknownFields=false" rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases
cd config/manager && /root/workspace/gitlib99/redis-operator/bin/kustomize edit set image controller=quay.io/opstree/redis-operator:v0.13.0
/root/workspace/gitlib99/redis-operator/bin/kustomize build config/default > redis-deploy.yaml
Error: no matches for OriginalId apps_v1_Deployment|system|controller-manager; no matches for CurrentId apps_v1_Deployment|system|controller-manager; failed to find unique target for patch apps_v1_Deployment|controller-manager
make: *** [deploy] Error 1

2. 问题解决

  由于对Kustomize的语法不是特别熟悉，其执行原理也不算特别清除，于是在网上寻求解决方案。仅仅发现了no matches for OriginalId apps_v1_Deployment|~x这边文章比较相关

  然并卵，github的那个问题非常类似，但是并不一样，并没有解决我的问题。不过，可以大致推测出，应该不是Kustomize的Bug，而是Kustomize语法有问题。

  在搜求无果的情况下，我只能硬着头皮自己去解决问题。简单复习了一下Kustomzie的语法以及原理，再根据问题提示，测测应该是kustomize命令执行的时候想要替换某些数据，但是没有找到需要替换的那个文件。

  查看config/default/kustomization.yaml文件，发现有个patchesStrategicMerge声明，如下：

patchesStrategicMerge:
# Protect the /metrics endpoint by putting it behind auth.
# If you want your controller-manager to expose the /metrics
# endpoint w/o any authn/z, please comment the following line.
- manager_auth_proxy_patch.yaml

  找到manager_auth_proxy_patch.yaml文件，其内容如下：

# This patch inject a sidecar container which is a HTTP proxy for the
# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
apiVersion: apps/v1
kind: Deployment
metadata:
  name: controller-manager
  namespace: system
spec:
  template:
    spec:
      containers:
      - name: kube-rbac-proxy
        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0
        args:
        - "--secure-listen-address=0.0.0.0:8443"
        - "--upstream=http://127.0.0.1:8080/"
        - "--logtostderr=true"
        - "--v=10"
        ports:
        - containerPort: 8443
          name: https
      - name: manager
        args:
        - "--health-probe-bind-address=:8081"
        - "--metrics-bind-address=127.0.0.1:8080"
        - "--leader-elect"

  根据patchesStrategicMerge语法的定义，这玩意就是想要替换一个名为controller-manager，并在且再system名称空间下，同时是一个Dpeloyment资源。从定义上看，这个patch文件其实要替换的就是redis-operator manager的资源清单，于是，查看了一下config/manager/manager.yaml，内容如下：

---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    control-plane: redis-operator
  name: ot-operators
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: redis-operator
  namespace: ot-operators
  labels:
    control-plane: redis-operator
spec:
  selector:
    matchLabels:
      control-plane: redis-operator
  replicas: 1
  template:
    metadata:
      labels:
        control-plane: redis-operator
    spec:
      securityContext:
        runAsNonRoot: true
      containers:
      - command:
        - /manager
        args:
        - --leader-elect
        - -zap-log-level=info
        image: quay.io/opstree/redis-operator:v0.12.0
        imagePullPolicy: Always
        name: manager
        securityContext:
          allowPrivilegeEscalation: false
        livenessProbe:
          httpGet:
            path: /healthz
            port: 8081
          initialDelaySeconds: 15
          periodSeconds: 20
        readinessProbe:
          httpGet:
            path: /readyz
            port: 8081
          initialDelaySeconds: 5
          periodSeconds: 10
        resources:
          limits:
            cpu: 100m
            memory: 100Mi
          requests:
            cpu: 100m
            memory: 100Mi
      terminationGracePeriodSeconds: 10
      serviceAccount: redis-operator
      serviceAccountName: redis-operator

  我发现，这玩意的名称空间为ot-operators，并且名字为：redis-operator。猜测是这个原因导致的，于是修改config/manager/manager.yaml资源文件的名称空间为：system，资源名为：controller-manager。在此执行make deploy，没有报任何错误，完美解决问题，执行过程如下：

[root@8f7059cd1fc5 ~/workspace/gitlib99/redis-operator]# make deploy
/root/workspace/gitlib99/redis-operator/bin/controller-gen "crd:trivialVersions=true,preserveUnknownFields=false" rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases
cd config/manager && /root/workspace/gitlib99/redis-operator/bin/kustomize edit set image controller=quay.io/opstree/redis-operator:v0.13.0
/root/workspace/gitlib99/redis-operator/bin/kustomize build config/default > redis-deploy.yaml
[root@8f7059cd1fc5 ~/workspace/gitlib99/redis-operator]# 

3. 总结

  现在回过头来看看kustomize的错误提示，实际上apps_v1_Deployment|system|controller-manager这个OriginalId说的是apps/v1版本的Deployment资源，并且这个资源在system名称空间下，名字为：controller-manager。kustomize提示说没有找到这个资源。

  是不是这么一看这个提示信息，发现kustomize的提示还是很清晰的，直接去定位这个资源文件就能发现问题所在。