patch.Helper doesn't work with secrets and configmaps

[errordeveloper]

I was using patcher in a project and discovered the hard way that it doesn't actually patch secrets.

The reason behind that is to do with this logic:

pkg/runtime/patch/patch.go

Lines 239 to 242 in a04ccbf

	func (h *Helper) patch(ctx context.Context, obj client.Object, opts ...client.PatchOption) error {
	if !h.shouldPatch("metadata") && !h.shouldPatch("spec") {
	return nil
	}

So it very deliberately checks spec field, which is something secrets and configmaps don't have.

[errordeveloper]

Of course, there are more examples of resources that don't have spec.

[stefanprodan]

I suggest you use ssa.apply to patch Kubernetes native resources, the patcher is for custom resources which subscribe to the spec/status standard.

[errordeveloper]

@stefanprodan maybe that should be made more explicit in the docs?

[stefanprodan]

Yes for sure, patcher is for controllers to set finalizers and status conditions, we use it as such in Flux, and we should clearly state it’s purpose in docs.