From decf8490a142b75f0ffe57b20217bca128360688 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20N=C3=B8rgaard?= Date: Mon, 26 Jun 2023 13:49:57 +0200 Subject: [PATCH] :recycle: rewrite patchesStrategicMerge to patches --- config/crd/kustomization.yaml | 13 ++++++++----- config/default/kustomization.yaml | 13 ++++++------- .../webhookcainjection_mutating_patch.yaml | 15 +++++++++++++++ ...l => webhookcainjection_validating_patch.yaml} | 14 -------------- 4 files changed, 29 insertions(+), 26 deletions(-) create mode 100644 config/default/webhookcainjection_mutating_patch.yaml rename config/default/{webhookcainjection_patch.yaml => webhookcainjection_validating_patch.yaml} (55%) diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index b3ce651b..36c1e13c 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -1,3 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + # This kustomization.yaml is not intended to be run by itself, # since it depends on service name and namespace that are out of this kustomize package. # It should be run by config/default @@ -6,17 +9,17 @@ resources: - bases/styra.bankdata.dk_globaldatasources.yaml #+kubebuilder:scaffold:crdkustomizeresource -patchesStrategicMerge: +patches: # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. # patches here are for enabling the conversion webhook for each CRD -- patches/webhook_in_styra_systems.yaml -- patches/webhook_in_styra_globaldatasources.yaml +- path: patches/webhook_in_styra_systems.yaml +- path: patches/webhook_in_styra_globaldatasources.yaml #+kubebuilder:scaffold:crdkustomizewebhookpatch # [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix. # patches here are for enabling the CA injection for each CRD -- patches/cainjection_in_styra_systems.yaml -- patches/cainjection_in_styra_globaldatasources.yaml +- path: patches/cainjection_in_styra_systems.yaml +- path: patches/cainjection_in_styra_globaldatasources.yaml #+kubebuilder:scaffold:crdkustomizecainjectionpatch # the following config is for teaching kustomize how to do kustomization for CRDs. diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index 8b9c33b2..af262964 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -26,23 +26,22 @@ resources: # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. #- ../prometheus -patchesStrategicMerge: +patches: # Protect the /metrics endpoint by putting it behind auth. # If you want your controller-manager to expose the /metrics # endpoint w/o any authn/z, please comment the following line. -- manager_auth_proxy_patch.yaml -- manager_config_patch.yaml - - +- path: manager_auth_proxy_patch.yaml +- path: manager_config_patch.yaml # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # crd/kustomization.yaml -- manager_webhook_patch.yaml +- path: manager_webhook_patch.yaml # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. # Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. # 'CERTMANAGER' needs to be enabled to use ca injection -- webhookcainjection_patch.yaml +- path: webhookcainjection_validating_patch.yaml +- path: webhookcainjection_mutating_patch.yaml # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. # Uncomment the following replacements to add the cert-manager CA injection annotations diff --git a/config/default/webhookcainjection_mutating_patch.yaml b/config/default/webhookcainjection_mutating_patch.yaml new file mode 100644 index 00000000..4fa4ca52 --- /dev/null +++ b/config/default/webhookcainjection_mutating_patch.yaml @@ -0,0 +1,15 @@ +# This patch add annotation to admission webhook config and +# CERTIFICATE_NAMESPACE and CERTIFICATE_NAME will be substituted by kustomize +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + labels: + app.kubernetes.io/name: mutatingwebhookconfiguration + app.kubernetes.io/instance: mutating-webhook-configuration + app.kubernetes.io/component: webhook + app.kubernetes.io/created-by: styra-controller + app.kubernetes.io/part-of: styra-controller + app.kubernetes.io/managed-by: kustomize + name: mutating-webhook-configuration + annotations: + cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME diff --git a/config/default/webhookcainjection_patch.yaml b/config/default/webhookcainjection_validating_patch.yaml similarity index 55% rename from config/default/webhookcainjection_patch.yaml rename to config/default/webhookcainjection_validating_patch.yaml index abad6d3d..1500e00e 100644 --- a/config/default/webhookcainjection_patch.yaml +++ b/config/default/webhookcainjection_validating_patch.yaml @@ -1,20 +1,6 @@ # This patch add annotation to admission webhook config and # CERTIFICATE_NAMESPACE and CERTIFICATE_NAME will be substituted by kustomize apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/name: mutatingwebhookconfiguration - app.kubernetes.io/instance: mutating-webhook-configuration - app.kubernetes.io/component: webhook - app.kubernetes.io/created-by: styra-controller - app.kubernetes.io/part-of: styra-controller - app.kubernetes.io/managed-by: kustomize - name: mutating-webhook-configuration - annotations: - cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME ---- -apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: labels: