How this came up
I was looking into an issue with a Flux Kustomization patch and I noticed that in the example given, one of the patches started with “|” and the other started with “|-“
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: podinfo
namespace: flux-system
spec:
# ...omitted for brevity
patches:
- patch: |-
apiVersion: apps/v1
kind: Deployment
metadata:
name: not-used
spec:
template:
metadata:
annotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
target:
kind: Deployment
labelSelector: "app.kubernetes.io/part-of=my-app"
- patch: |
- op: add
path: /spec/template/spec/securityContext
value:
runAsUser: 10000
fsGroup: 1337
- op: add
path: /spec/template/spec/containers/0/securityContext
value:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
runAsNonRoot: true
capabilities:
drop:
- ALL
target:
kind: Deployment
name: podinfo
namespace: appsWhat are “|” and “|-” in this context?
These are YAML syntax components.
A patch field in a Kustomization expects a YAML or JSON formatted string. You could write it as a single line string with new-line indicators and trailing spaces for indentation but you usually wouldn’t because it is awkward to read.
patch: "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: not-used\nspec:\n template:\n metadata:\n annotations:\n cluster-autoscaler.kubernetes.io/safe-to-evict: \"true\""You would rather write this as multiple lines with the proper indentation. However:
# NO, the value for patch is YAML but not a string
- patch:
- op: add
path: /spec/template/spec/securityContext
value:
runAsUser: 10000
fsGroup: 1337
# NO, this does not preserve newlines and is not recommended
- patch:
"- op: add
path: /spec/template/spec/securityContext
value:
runAsUser: 10000
fsGroup: 1337"
So how do I write a valid YAML string across multiple lines? Use the Literal Block Style Indicator: |
This is how you indicate in YAML that everything nested below this line should be interpreted as a multiline string with internal newlines and indentation preserved.
What about the minus sign then?
It only will matter if there are trailing newlines.
Block Chomping Indicators: The chomping indicator in YAML determines what should be done with trailing newlines in a block scalar. It can be one of three values:
- No indicator: This means that trailing newlines will be included in the value, but a single final newline will be excluded.
- The ‘+’ indicator: This means all trailing newlines will be included in the value.
- The ‘-‘ indicator: This means that all trailing newlines will be excluded from the value.
How do I tell if there are trailing newlines?
You can use cat -e <filename> to see EOL (end-of-line) characters. This displays Unix line endings (\n or LF) as $ and Windows line endings (\r\n or CRLF) as ^M$
Do trailing newlines matter?
It really depends. I suggest adhering closely to the style used in the documentation you are referring to in order to be on the safe side.
Fault Tolerant 