Flux: kubectl patch function

Is your question how you can sync state from a manual kubectl patch back to git or how you can partially update a deployment?

The former is not possible, all changes have to be made through git and Flux will undo any mutations made to resources it manages by reapplying state.

The later is possible as Flux performs a kubectl apply -f, this does a merge patch calculation, and it is thus possible to add a manifest to git which only defines the values you want to change/patch.

@hiddeco so the following should be safe then to manage updating the image version only for the coredns deployment? reading the docs you linked I interpret it as it would clear our the missing fields.

---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: coredns
spec:
  template:
    spec:
      containers:
        image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/coredns:v1.2.6

kubectl apply -f will be rejected if we have defined only values we want to change and if required values are not concerned. There will be a validation error and the apply will stop immediatly.
It is annoying when we want to update resources already present in the cluster and not installed by us.
This is for example the case for changing a property of a storage class in an AKS cluster on Azure.

To avoid future compatibility problem, it would be nice if we can change only one property. May be add a Strategy property for a HelmResource : it could be apply (default) or patch.

This is indeed problematic. It makes it difficult to have a cluster fully managed by flux with most managed cluster providers.

I need to patch my default service account to pull images from a private registry. It's the only bootstrap task that I can't automate with Terraform and Flux without doing an ugly hack.