How to make Kustomize overlay ignore secretGenerator in base?

I'm writing Kustomize configs for several apps and using overlays to overwrite a base configuration for staging and production environments. The base config creates a secret from a file called dev.json and names that secret -dev-config. The staging environment also runs in dev mode and uses the same secret. Production creates a secret from a file named production.json and names that file -prod-config.

When I spin up an app in the production environment, the dev secret and the prod secret are being created. What do I need to add to the prod kustomization.yaml to tell it to ignore the base secretGenerator? It doesn't seem like that much of a security hole to have the dev config on the prod servers, but I'd like to avoid it anyway.

Solution

I don’t think you can. You would move the dev config to a dev overlay instead. If you really don’t want to, you can use a jsonpatch to delete the content.

Reasons for OOMKilled in kubernetes
Installing multiple nginx ingress controller instances in the same AKS cluster
How to upgrade at once multiple releases with Helm for the same chart
How to pass multiple commands in Kubernetes container?
Envoy Gateway with OIDC and direct bearer token
AKS CrashLoopBackOff for an image working without problem in docker host: logs: error: container containerd://x is not valid for pod flask-app
Helm Convert chart labels multiline string to comma-separated string
What is the relation between "container_memory_working_set_bytes" metric and OOM-killer on the container?
Running the Postgres CLI client from a Kubernetes jumpbox
How to set up RabbitMQ default queue type to quorum queue on bootstrap?
How to pass helm values dynamically
Windows & Linux living together in Kubernetes cluster
NextJS symlinks not updating and crashing the application in Kubernetes deployment
How to parse json format output of : kubectl get pods using jsonpath
I occasionally get such an error "the object has been modified" when I update node or deploy with client-go
Restart Pod when secrets gets updated
kubectl unable to connect to server: x509: certificate signed by unknown authority
kustomization Error: json: cannot unmarshal number into Go struct field Image.images.newTag of type string
Scale deployment with python client in Kubernetes
ValidationError(Ingress.spec.rules[0].http): missing required field "paths"
Execute bash command in pod with kubectl?
Why is my K8s network policy denying access when it should by matching the label
What is the difference between always and on failure for Kubernetes restart policy?
ArgoCd does not trigger on GitOps repo update?
Should I do liveness probe and readiness probe every second?
How to list kubernetes services in k9s?
Connecting K8s and Nomad using a single Consul Server (DC1). Is this even possible or what is the next best way to do so?
What does "eksctl create iamserviceaccount" do under the hood on an EKS cluster?
Helm chart. I cannot send a command to the container via --set
is it possible to shrink the spaces of io.containerd.snapshotter.v1.overlayfs folder in kubernetes