From fdfab55969f6bec52a184f5a4732f5f1e950216e Mon Sep 17 00:00:00 2001 From: lowang-bh Date: Mon, 4 Sep 2023 22:30:53 +0800 Subject: [PATCH] stop to generate crd webhooks patches and cainjetions for any CRD/API and projects without webhooks At present, we scaffold config/crd/patches, kustomizations, and CA injections for every CRD, irrespective of whether webhooks are enabled in the project or not. However, these configurations are only relevant and valid if the project has webhooks. Consequently, for projects without webhooks, this leads to failures as documented in kubebuilder pull request #3585. To address this, we are now introducing a test to ensure that projects without enabled webhooks function correctly and as anticipated. Signed-off-by: Camila Macedo <7708031+camilamacedo86@users.noreply.github.com> Co-authored-by: lowang-bh fix: just generate crd webhooks patches and ca injestions when webhooks are created for those --- .../project/config/crd/kustomization.yaml | 21 ---- .../project/config/crd/kustomizeconfig.yaml | 19 ---- .../cainjection_in_projectconfigs.yaml | 7 -- .../patches/webhook_in_projectconfigs.yaml | 16 --- .../project/config/crd/kustomization.yaml | 2 + .../common/kustomize/v2/scaffolds/api.go | 7 -- .../templates/config/crd/kustomization.go | 2 + .../templates/config/crd/kustomizeconfig.go | 12 +-- .../crd/patches/enablecainjection_patch.go | 5 +- .../config/crd/patches/enablewebhook_patch.go | 15 +-- .../common/kustomize/v2/scaffolds/webhook.go | 35 +++--- test/e2e/v4/generate_test.go | 101 +++++++++++------- test/e2e/v4/plugin_cluster_test.go | 92 +++++++++------- .../config/crd/kustomization.yaml | 19 +--- .../crd/patches/cainjection_in_fiz_bars.yaml | 7 -- ...ion_in_foo.policy_healthcheckpolicies.yaml | 7 -- .../crd/patches/cainjection_in_foo_bars.yaml | 7 -- .../cainjection_in_sea-creatures_krakens.yaml | 7 -- ...injection_in_sea-creatures_leviathans.yaml | 7 -- .../crd/patches/webhook_in_fiz_bars.yaml | 16 --- ...ook_in_foo.policy_healthcheckpolicies.yaml | 16 --- .../crd/patches/webhook_in_foo_bars.yaml | 16 --- .../webhook_in_sea-creatures_krakens.yaml | 16 --- .../webhook_in_sea-creatures_leviathans.yaml | 16 --- .../config/crd/kustomization.yaml | 19 +--- .../crd/patches/cainjection_in_fiz_bars.yaml | 7 -- ...ion_in_foo.policy_healthcheckpolicies.yaml | 7 -- .../crd/patches/cainjection_in_foo_bars.yaml | 7 -- .../cainjection_in_sea-creatures_krakens.yaml | 7 -- ...injection_in_sea-creatures_leviathans.yaml | 7 -- .../crd/patches/webhook_in_fiz_bars.yaml | 16 --- ...ook_in_foo.policy_healthcheckpolicies.yaml | 16 --- .../crd/patches/webhook_in_foo_bars.yaml | 16 --- .../webhook_in_sea-creatures_krakens.yaml | 16 --- .../webhook_in_sea-creatures_leviathans.yaml | 16 --- .../config/crd/kustomization.yaml | 5 +- .../crd/patches/cainjection_in_busyboxes.yaml | 7 -- .../crd/patches/webhook_in_busyboxes.yaml | 16 --- .../project-v4/config/crd/kustomization.yaml | 2 + 39 files changed, 153 insertions(+), 479 deletions(-) delete mode 100644 docs/book/src/component-config-tutorial/testdata/project/config/crd/kustomization.yaml delete mode 100644 docs/book/src/component-config-tutorial/testdata/project/config/crd/kustomizeconfig.yaml delete mode 100644 docs/book/src/component-config-tutorial/testdata/project/config/crd/patches/cainjection_in_projectconfigs.yaml delete mode 100644 docs/book/src/component-config-tutorial/testdata/project/config/crd/patches/webhook_in_projectconfigs.yaml delete mode 100644 testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/cainjection_in_fiz_bars.yaml delete mode 100644 testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/cainjection_in_foo.policy_healthcheckpolicies.yaml delete mode 100644 testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/cainjection_in_foo_bars.yaml delete mode 100644 testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/cainjection_in_sea-creatures_krakens.yaml delete mode 100644 testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/cainjection_in_sea-creatures_leviathans.yaml delete mode 100644 testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/webhook_in_fiz_bars.yaml delete mode 100644 testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/webhook_in_foo.policy_healthcheckpolicies.yaml delete mode 100644 testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/webhook_in_foo_bars.yaml delete mode 100644 testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/webhook_in_sea-creatures_krakens.yaml delete mode 100644 testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/webhook_in_sea-creatures_leviathans.yaml delete mode 100644 testdata/project-v4-multigroup/config/crd/patches/cainjection_in_fiz_bars.yaml delete mode 100644 testdata/project-v4-multigroup/config/crd/patches/cainjection_in_foo.policy_healthcheckpolicies.yaml delete mode 100644 testdata/project-v4-multigroup/config/crd/patches/cainjection_in_foo_bars.yaml delete mode 100644 testdata/project-v4-multigroup/config/crd/patches/cainjection_in_sea-creatures_krakens.yaml delete mode 100644 testdata/project-v4-multigroup/config/crd/patches/cainjection_in_sea-creatures_leviathans.yaml delete mode 100644 testdata/project-v4-multigroup/config/crd/patches/webhook_in_fiz_bars.yaml delete mode 100644 testdata/project-v4-multigroup/config/crd/patches/webhook_in_foo.policy_healthcheckpolicies.yaml delete mode 100644 testdata/project-v4-multigroup/config/crd/patches/webhook_in_foo_bars.yaml delete mode 100644 testdata/project-v4-multigroup/config/crd/patches/webhook_in_sea-creatures_krakens.yaml delete mode 100644 testdata/project-v4-multigroup/config/crd/patches/webhook_in_sea-creatures_leviathans.yaml delete mode 100644 testdata/project-v4-with-deploy-image/config/crd/patches/cainjection_in_busyboxes.yaml delete mode 100644 testdata/project-v4-with-deploy-image/config/crd/patches/webhook_in_busyboxes.yaml diff --git a/docs/book/src/component-config-tutorial/testdata/project/config/crd/kustomization.yaml b/docs/book/src/component-config-tutorial/testdata/project/config/crd/kustomization.yaml deleted file mode 100644 index 97cb6432412..00000000000 --- a/docs/book/src/component-config-tutorial/testdata/project/config/crd/kustomization.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# This kustomization.yaml is not intended to be run by itself, -# since it depends on service name and namespace that are out of this kustomize package. -# It should be run by config/default -resources: -- bases/config.tutorial.kubebuilder.io_projectconfigs.yaml -#+kubebuilder:scaffold:crdkustomizeresource - -patches: -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. -# patches here are for enabling the conversion webhook for each CRD -#- path: patches/webhook_in_projectconfigs.yaml -#+kubebuilder:scaffold:crdkustomizewebhookpatch - -# [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix. -# patches here are for enabling the CA injection for each CRD -#- path: patches/cainjection_in_projectconfigs.yaml -#+kubebuilder:scaffold:crdkustomizecainjectionpatch - -# the following config is for teaching kustomize how to do kustomization for CRDs. -configurations: -- kustomizeconfig.yaml diff --git a/docs/book/src/component-config-tutorial/testdata/project/config/crd/kustomizeconfig.yaml b/docs/book/src/component-config-tutorial/testdata/project/config/crd/kustomizeconfig.yaml deleted file mode 100644 index ec5c150a9df..00000000000 --- a/docs/book/src/component-config-tutorial/testdata/project/config/crd/kustomizeconfig.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# This file is for teaching kustomize how to substitute name and namespace reference in CRD -nameReference: -- kind: Service - version: v1 - fieldSpecs: - - kind: CustomResourceDefinition - version: v1 - group: apiextensions.k8s.io - path: spec/conversion/webhook/clientConfig/service/name - -namespace: -- kind: CustomResourceDefinition - version: v1 - group: apiextensions.k8s.io - path: spec/conversion/webhook/clientConfig/service/namespace - create: false - -varReference: -- path: metadata/annotations diff --git a/docs/book/src/component-config-tutorial/testdata/project/config/crd/patches/cainjection_in_projectconfigs.yaml b/docs/book/src/component-config-tutorial/testdata/project/config/crd/patches/cainjection_in_projectconfigs.yaml deleted file mode 100644 index 4d4409aacb8..00000000000 --- a/docs/book/src/component-config-tutorial/testdata/project/config/crd/patches/cainjection_in_projectconfigs.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# The following patch adds a directive for certmanager to inject CA into the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME - name: projectconfigs.config.tutorial.kubebuilder.io diff --git a/docs/book/src/component-config-tutorial/testdata/project/config/crd/patches/webhook_in_projectconfigs.yaml b/docs/book/src/component-config-tutorial/testdata/project/config/crd/patches/webhook_in_projectconfigs.yaml deleted file mode 100644 index 4046e3632f9..00000000000 --- a/docs/book/src/component-config-tutorial/testdata/project/config/crd/patches/webhook_in_projectconfigs.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# The following patch enables a conversion webhook for the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: projectconfigs.config.tutorial.kubebuilder.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: system - name: webhook-service - path: /convert - conversionReviewVersions: - - v1 diff --git a/docs/book/src/cronjob-tutorial/testdata/project/config/crd/kustomization.yaml b/docs/book/src/cronjob-tutorial/testdata/project/config/crd/kustomization.yaml index 726852ee68b..ac447c6e61d 100644 --- a/docs/book/src/cronjob-tutorial/testdata/project/config/crd/kustomization.yaml +++ b/docs/book/src/cronjob-tutorial/testdata/project/config/crd/kustomization.yaml @@ -16,6 +16,8 @@ patches: - path: patches/cainjection_in_cronjobs.yaml #+kubebuilder:scaffold:crdkustomizecainjectionpatch +# [WEBHOOK] To enable webhook, uncomment the following section # the following config is for teaching kustomize how to do kustomization for CRDs. + configurations: - kustomizeconfig.yaml diff --git a/pkg/plugins/common/kustomize/v2/scaffolds/api.go b/pkg/plugins/common/kustomize/v2/scaffolds/api.go index 8bafbf9f9d1..8671d6bff15 100644 --- a/pkg/plugins/common/kustomize/v2/scaffolds/api.go +++ b/pkg/plugins/common/kustomize/v2/scaffolds/api.go @@ -20,13 +20,10 @@ import ( "fmt" log "github.com/sirupsen/logrus" - "sigs.k8s.io/kubebuilder/v3/pkg/config" "sigs.k8s.io/kubebuilder/v3/pkg/machinery" "sigs.k8s.io/kubebuilder/v3/pkg/model/resource" "sigs.k8s.io/kubebuilder/v3/pkg/plugins" - "sigs.k8s.io/kubebuilder/v3/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/crd" - "sigs.k8s.io/kubebuilder/v3/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/crd/patches" "sigs.k8s.io/kubebuilder/v3/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/rbac" "sigs.k8s.io/kubebuilder/v3/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/samples" ) @@ -76,10 +73,6 @@ func (s *apiScaffolder) Scaffold() error { &samples.CRDSample{Force: s.force}, &rbac.CRDEditorRole{}, &rbac.CRDViewerRole{}, - &patches.EnableWebhookPatch{}, - &patches.EnableCAInjectionPatch{}, - &crd.Kustomization{}, - &crd.KustomizeConfig{}, ); err != nil { return fmt.Errorf("error scaffolding kustomize API manifests: %v", err) } diff --git a/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/crd/kustomization.go b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/crd/kustomization.go index 87137778bf8..5706706d743 100644 --- a/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/crd/kustomization.go +++ b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/crd/kustomization.go @@ -125,7 +125,9 @@ patches: # patches here are for enabling the CA injection for each CRD %s +# [WEBHOOK] To enable webhook, uncomment the following section # the following config is for teaching kustomize how to do kustomization for CRDs. + configurations: - kustomizeconfig.yaml ` diff --git a/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/crd/kustomizeconfig.go b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/crd/kustomizeconfig.go index 428bfde8b88..c5006e2b10a 100644 --- a/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/crd/kustomizeconfig.go +++ b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/crd/kustomizeconfig.go @@ -48,23 +48,15 @@ nameReference: version: v1 fieldSpecs: - kind: CustomResourceDefinition - version: {{ .Resource.API.CRDVersion }} + version: v1 group: apiextensions.k8s.io - {{- if ne .Resource.API.CRDVersion "v1" }} - path: spec/conversion/webhookClientConfig/service/name - {{- else }} path: spec/conversion/webhook/clientConfig/service/name - {{- end }} namespace: - kind: CustomResourceDefinition - version: {{ .Resource.API.CRDVersion }} + version: v1 group: apiextensions.k8s.io - {{- if ne .Resource.API.CRDVersion "v1" }} - path: spec/conversion/webhookClientConfig/service/namespace - {{- else }} path: spec/conversion/webhook/clientConfig/service/namespace - {{- end }} create: false varReference: diff --git a/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/crd/patches/enablecainjection_patch.go b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/crd/patches/enablecainjection_patch.go index 1847743ecde..5a734dc6af3 100644 --- a/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/crd/patches/enablecainjection_patch.go +++ b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/crd/patches/enablecainjection_patch.go @@ -49,10 +49,7 @@ func (f *EnableCAInjectionPatch) SetTemplateDefaults() error { //nolint:lll const enableCAInjectionPatchTemplate = `# The following patch adds a directive for certmanager to inject CA into the CRD -{{- if ne .Resource.API.CRDVersion "v1" }} -# CRD conversion requires k8s 1.13 or later. -{{- end }} -apiVersion: apiextensions.k8s.io/{{ .Resource.API.CRDVersion }} +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: diff --git a/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/crd/patches/enablewebhook_patch.go b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/crd/patches/enablewebhook_patch.go index 35662c647ae..19d8df5d8cb 100644 --- a/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/crd/patches/enablewebhook_patch.go +++ b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/crd/patches/enablewebhook_patch.go @@ -49,23 +49,13 @@ func (f *EnableWebhookPatch) SetTemplateDefaults() error { } const enableWebhookPatchTemplate = `# The following patch enables a conversion webhook for the CRD -{{- if ne .Resource.API.CRDVersion "v1" }} -# CRD conversion requires k8s 1.13 or later. -{{- end }} -apiVersion: apiextensions.k8s.io/{{ .Resource.API.CRDVersion }} +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: {{ .Resource.Plural }}.{{ .Resource.QualifiedGroup }} spec: conversion: strategy: Webhook - {{- if ne .Resource.API.CRDVersion "v1" }} - webhookClientConfig: - service: - namespace: system - name: webhook-service - path: /convert - {{- else }} webhook: clientConfig: service: @@ -73,6 +63,5 @@ spec: name: webhook-service path: /convert conversionReviewVersions: - - {{ .Resource.API.CRDVersion }} - {{- end }} + - v1 ` diff --git a/pkg/plugins/common/kustomize/v2/scaffolds/webhook.go b/pkg/plugins/common/kustomize/v2/scaffolds/webhook.go index 57e88d4a58f..f0fdbcaa546 100644 --- a/pkg/plugins/common/kustomize/v2/scaffolds/webhook.go +++ b/pkg/plugins/common/kustomize/v2/scaffolds/webhook.go @@ -19,9 +19,10 @@ package scaffolds import ( "fmt" - pluginutil "sigs.k8s.io/kubebuilder/v3/pkg/plugin/util" - log "github.com/sirupsen/logrus" + pluginutil "sigs.k8s.io/kubebuilder/v3/pkg/plugin/util" + "sigs.k8s.io/kubebuilder/v3/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/crd" + "sigs.k8s.io/kubebuilder/v3/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/crd/patches" "sigs.k8s.io/kubebuilder/v3/pkg/config" "sigs.k8s.io/kubebuilder/v3/pkg/machinery" @@ -71,6 +72,23 @@ func (s *webhookScaffolder) Scaffold() error { return fmt.Errorf("error updating resource: %w", err) } + if err := scaffold.Execute( + &kdefault.WebhookCAInjectionPatch{}, + &kdefault.ManagerWebhookPatch{}, + &webhook.Kustomization{Force: s.force}, + &webhook.KustomizeConfig{}, + &webhook.Service{}, + &certmanager.Certificate{}, + &certmanager.Kustomization{}, + &certmanager.KustomizeConfig{}, + &patches.EnableWebhookPatch{}, + &patches.EnableCAInjectionPatch{}, + &crd.Kustomization{}, + &crd.KustomizeConfig{}, + ); err != nil { + return fmt.Errorf("error scaffolding kustomize webhook manifests: %v", err) + } + kustomizeFilePath := "config/default/kustomization.yaml" err := pluginutil.UncommentCode(kustomizeFilePath, "#- ../webhook", `#`) if err != nil { @@ -100,18 +118,5 @@ func (s *webhookScaffolder) Scaffold() error { } } - if err := scaffold.Execute( - &kdefault.WebhookCAInjectionPatch{}, - &kdefault.ManagerWebhookPatch{}, - &webhook.Kustomization{Force: s.force}, - &webhook.KustomizeConfig{}, - &webhook.Service{}, - &certmanager.Certificate{}, - &certmanager.Kustomization{}, - &certmanager.KustomizeConfig{}, - ); err != nil { - return fmt.Errorf("error scaffolding kustomize webhook manifests: %v", err) - } - return nil } diff --git a/test/e2e/v4/generate_test.go b/test/e2e/v4/generate_test.go index e7056394d34..7fc05c73f95 100644 --- a/test/e2e/v4/generate_test.go +++ b/test/e2e/v4/generate_test.go @@ -33,20 +33,63 @@ import ( "sigs.k8s.io/kubebuilder/v3/test/e2e/utils" ) -// GenerateV4 implements a go/v4(-alpha) plugin project defined by a TestContext. +// GenerateV4 implements a go/v4 plugin project defined by a TestContext. func GenerateV4(kbc *utils.TestContext) { - var err error + initingTheProject(kbc) + creatingAPI(kbc) - By("initializing a project") - err = kbc.Init( - "--plugins", "go/v4", - "--project-version", "3", - "--domain", kbc.Domain, + By("scaffolding mutating and validating webhooks") + err := kbc.CreateWebhook( + "--group", kbc.Group, + "--version", kbc.Version, + "--kind", kbc.Kind, + "--defaulting", + "--programmatic-validation", ) ExpectWithOffset(1, err).NotTo(HaveOccurred()) + By("implementing the mutating and validating webhooks") + err = pluginutil.ImplementWebhooks(filepath.Join( + kbc.Dir, "api", kbc.Version, + fmt.Sprintf("%s_webhook.go", strings.ToLower(kbc.Kind)))) + ExpectWithOffset(1, err).NotTo(HaveOccurred()) + + ExpectWithOffset(1, pluginutil.UncommentCode( + filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"), + "#- ../certmanager", "#")).To(Succeed()) + ExpectWithOffset(1, pluginutil.UncommentCode( + filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"), + "#- ../prometheus", "#")).To(Succeed()) + ExpectWithOffset(1, pluginutil.UncommentCode( + filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"), + "#- webhookcainjection_patch.yaml", "#")).To(Succeed()) + ExpectWithOffset(1, pluginutil.UncommentCode(filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"), + certManagerTarget, "#")).To(Succeed()) + + if kbc.IsRestricted { + By("uncomment kustomize files to ensure that pods are restricted") + uncommentPodStandards(kbc) + } +} + +// GenerateV4WithoutWebhooks implements a go/v4 plugin with APIs and enable Prometheus and CertManager +func GenerateV4WithoutWebhooks(kbc *utils.TestContext) { + initingTheProject(kbc) + creatingAPI(kbc) + + ExpectWithOffset(1, pluginutil.UncommentCode( + filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"), + "#- ../prometheus", "#")).To(Succeed()) + + if kbc.IsRestricted { + By("uncomment kustomize files to ensure that pods are restricted") + uncommentPodStandards(kbc) + } +} + +func creatingAPI(kbc *utils.TestContext) { By("creating API definition") - err = kbc.CreateAPI( + err := kbc.CreateAPI( "--group", kbc.Group, "--version", kbc.Version, "--kind", kbc.Kind, @@ -65,34 +108,20 @@ func GenerateV4(kbc *utils.TestContext) { ` // +optional Count int `+"`"+`json:"count,omitempty"`+"`"+` `)).Should(Succeed()) +} - By("scaffolding mutating and validating webhooks") - err = kbc.CreateWebhook( - "--group", kbc.Group, - "--version", kbc.Version, - "--kind", kbc.Kind, - "--defaulting", - "--programmatic-validation", +func initingTheProject(kbc *utils.TestContext) { + By("initializing a project") + err := kbc.Init( + "--plugins", "go/v4", + "--project-version", "3", + "--domain", kbc.Domain, ) ExpectWithOffset(1, err).NotTo(HaveOccurred()) +} - By("implementing the mutating and validating webhooks") - err = pluginutil.ImplementWebhooks(filepath.Join( - kbc.Dir, "api", kbc.Version, - fmt.Sprintf("%s_webhook.go", strings.ToLower(kbc.Kind)))) - ExpectWithOffset(1, err).NotTo(HaveOccurred()) - - ExpectWithOffset(1, pluginutil.UncommentCode( - filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"), - "#- ../certmanager", "#")).To(Succeed()) - ExpectWithOffset(1, pluginutil.UncommentCode( - filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"), - "#- ../prometheus", "#")).To(Succeed()) - ExpectWithOffset(1, pluginutil.UncommentCode( - filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"), - "#- webhookcainjection_patch.yaml", "#")).To(Succeed()) - ExpectWithOffset(1, pluginutil.UncommentCode(filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"), - `#replacements: +//nolint:lll +const certManagerTarget = `#replacements: # - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs # kind: Certificate # group: cert-manager.io @@ -188,13 +217,7 @@ Count int `+"`"+`json:"count,omitempty"`+"`"+` # options: # delimiter: '.' # index: 1 -# create: true`, "#")).To(Succeed()) - - if kbc.IsRestricted { - By("uncomment kustomize files to ensure that pods are restricted") - uncommentPodStandards(kbc) - } -} +# create: true` func uncommentPodStandards(kbc *utils.TestContext) { configManager := filepath.Join(kbc.Dir, "config", "manager", "manager.yaml") diff --git a/test/e2e/v4/plugin_cluster_test.go b/test/e2e/v4/plugin_cluster_test.go index 65679b6a9b7..72b38fdf152 100644 --- a/test/e2e/v4/plugin_cluster_test.go +++ b/test/e2e/v4/plugin_cluster_test.go @@ -85,13 +85,19 @@ var _ = Describe("kubebuilder", func() { " with restricted pods", func() { kbc.IsRestricted = true GenerateV4(kbc) - Run(kbc) + Run(kbc, true, true) + }) + It("should generate a runnable project without webhooks"+ + " with restricted pods", func() { + kbc.IsRestricted = true + GenerateV4WithoutWebhooks(kbc) + Run(kbc, false, true) }) }) }) // Run runs a set of e2e tests for a scaffolded project defined by a TestContext. -func Run(kbc *utils.TestContext) { +func Run(kbc *utils.TestContext, hasWebhook, hasCertManager bool) { var controllerPodName string var err error @@ -181,13 +187,15 @@ func Run(kbc *utils.TestContext) { _ = curlMetrics(kbc) - By("validating that cert-manager has provisioned the certificate Secret") - EventuallyWithOffset(1, func() error { - _, err := kbc.Kubectl.Get( - true, - "secrets", "webhook-server-cert") - return err - }, time.Minute, time.Second).Should(Succeed()) + if hasCertManager && hasWebhook { + By("validating that cert-manager has provisioned the certificate Secret") + EventuallyWithOffset(1, func() error { + _, err := kbc.Kubectl.Get( + true, + "secrets", "webhook-server-cert") + return err + }, time.Minute, time.Second).Should(Succeed()) + } By("validating that the Prometheus manager has provisioned the Service") EventuallyWithOffset(1, func() error { @@ -203,29 +211,31 @@ func Run(kbc *utils.TestContext) { "ServiceMonitor") ExpectWithOffset(1, err).NotTo(HaveOccurred()) - By("validating that the mutating|validating webhooks have the CA injected") - verifyCAInjection := func() error { - mwhOutput, err := kbc.Kubectl.Get( - false, - "mutatingwebhookconfigurations.admissionregistration.k8s.io", - fmt.Sprintf("e2e-%s-mutating-webhook-configuration", kbc.TestSuffix), - "-o", "go-template={{ range .webhooks }}{{ .clientConfig.caBundle }}{{ end }}") - ExpectWithOffset(2, err).NotTo(HaveOccurred()) - // check that ca should be long enough, because there may be a place holder "\n" - ExpectWithOffset(2, len(mwhOutput)).To(BeNumerically(">", 10)) - - vwhOutput, err := kbc.Kubectl.Get( - false, - "validatingwebhookconfigurations.admissionregistration.k8s.io", - fmt.Sprintf("e2e-%s-validating-webhook-configuration", kbc.TestSuffix), - "-o", "go-template={{ range .webhooks }}{{ .clientConfig.caBundle }}{{ end }}") - ExpectWithOffset(2, err).NotTo(HaveOccurred()) - // check that ca should be long enough, because there may be a place holder "\n" - ExpectWithOffset(2, len(vwhOutput)).To(BeNumerically(">", 10)) - - return nil + if hasWebhook { + By("validating that the mutating|validating webhooks have the CA injected") + verifyCAInjection := func() error { + mwhOutput, err := kbc.Kubectl.Get( + false, + "mutatingwebhookconfigurations.admissionregistration.k8s.io", + fmt.Sprintf("e2e-%s-mutating-webhook-configuration", kbc.TestSuffix), + "-o", "go-template={{ range .webhooks }}{{ .clientConfig.caBundle }}{{ end }}") + ExpectWithOffset(2, err).NotTo(HaveOccurred()) + // check that ca should be long enough, because there may be a place holder "\n" + ExpectWithOffset(2, len(mwhOutput)).To(BeNumerically(">", 10)) + + vwhOutput, err := kbc.Kubectl.Get( + false, + "validatingwebhookconfigurations.admissionregistration.k8s.io", + fmt.Sprintf("e2e-%s-validating-webhook-configuration", kbc.TestSuffix), + "-o", "go-template={{ range .webhooks }}{{ .clientConfig.caBundle }}{{ end }}") + ExpectWithOffset(2, err).NotTo(HaveOccurred()) + // check that ca should be long enough, because there may be a place holder "\n" + ExpectWithOffset(2, len(vwhOutput)).To(BeNumerically(">", 10)) + + return nil + } + EventuallyWithOffset(1, verifyCAInjection, time.Minute, time.Second).Should(Succeed()) } - EventuallyWithOffset(1, verifyCAInjection, time.Minute, time.Second).Should(Succeed()) By("creating an instance of the CR") // currently controller-runtime doesn't provide a readiness probe, we retry a few times @@ -274,15 +284,17 @@ func Run(kbc *utils.TestContext) { strings.ToLower(kbc.Kind), ))) - By("validating that mutating and validating webhooks are working fine") - cnt, err := kbc.Kubectl.Get( - true, - "-f", sampleFile, - "-o", "go-template={{ .spec.count }}") - ExpectWithOffset(1, err).NotTo(HaveOccurred()) - count, err := strconv.Atoi(cnt) - ExpectWithOffset(1, err).NotTo(HaveOccurred()) - ExpectWithOffset(1, count).To(BeNumerically("==", 5)) + if hasWebhook { + By("validating that mutating and validating webhooks are working fine") + cnt, err := kbc.Kubectl.Get( + true, + "-f", sampleFile, + "-o", "go-template={{ .spec.count }}") + ExpectWithOffset(1, err).NotTo(HaveOccurred()) + count, err := strconv.Atoi(cnt) + ExpectWithOffset(1, err).NotTo(HaveOccurred()) + ExpectWithOffset(1, count).To(BeNumerically("==", 5)) + } } // curlMetrics curl's the /metrics endpoint, returning all logs once a 200 status is returned. diff --git a/testdata/project-v4-multigroup-with-deploy-image/config/crd/kustomization.yaml b/testdata/project-v4-multigroup-with-deploy-image/config/crd/kustomization.yaml index 51fa2481343..cf4fac972b8 100644 --- a/testdata/project-v4-multigroup-with-deploy-image/config/crd/kustomization.yaml +++ b/testdata/project-v4-multigroup-with-deploy-image/config/crd/kustomization.yaml @@ -6,11 +6,6 @@ resources: - bases/ship.testproject.org_frigates.yaml - bases/ship.testproject.org_destroyers.yaml - bases/ship.testproject.org_cruisers.yaml -- bases/sea-creatures.testproject.org_krakens.yaml -- bases/sea-creatures.testproject.org_leviathans.yaml -- bases/foo.policy.testproject.org_healthcheckpolicies.yaml -- bases/foo.testproject.org_bars.yaml -- bases/fiz.testproject.org_bars.yaml - bases/testproject.org_lakers.yaml #+kubebuilder:scaffold:crdkustomizeresource @@ -21,12 +16,7 @@ patches: - path: patches/webhook_in_ship_frigates.yaml - path: patches/webhook_in_ship_destroyers.yaml - path: patches/webhook_in_ship_cruisers.yaml -- path: patches/webhook_in_sea-creatures_krakens.yaml -#- path: patches/webhook_in_sea-creatures_leviathans.yaml -#- path: patches/webhook_in_foo.policy_healthcheckpolicies.yaml -#- path: patches/webhook_in_foo_bars.yaml -#- path: patches/webhook_in_fiz_bars.yaml -#- path: patches/webhook_in__lakers.yaml +- path: patches/webhook_in__lakers.yaml #+kubebuilder:scaffold:crdkustomizewebhookpatch # [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix. @@ -35,14 +25,11 @@ patches: #- path: patches/cainjection_in_ship_frigates.yaml #- path: patches/cainjection_in_ship_destroyers.yaml #- path: patches/cainjection_in_ship_cruisers.yaml -#- path: patches/cainjection_in_sea-creatures_krakens.yaml -#- path: patches/cainjection_in_sea-creatures_leviathans.yaml -#- path: patches/cainjection_in_foo.policy_healthcheckpolicies.yaml -#- path: patches/cainjection_in_foo_bars.yaml -#- path: patches/cainjection_in_fiz_bars.yaml #- path: patches/cainjection_in__lakers.yaml #+kubebuilder:scaffold:crdkustomizecainjectionpatch +# [WEBHOOK] To enable webhook, uncomment the following section # the following config is for teaching kustomize how to do kustomization for CRDs. + configurations: - kustomizeconfig.yaml diff --git a/testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/cainjection_in_fiz_bars.yaml b/testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/cainjection_in_fiz_bars.yaml deleted file mode 100644 index c6dfcc97f3e..00000000000 --- a/testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/cainjection_in_fiz_bars.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# The following patch adds a directive for certmanager to inject CA into the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME - name: bars.fiz.testproject.org diff --git a/testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/cainjection_in_foo.policy_healthcheckpolicies.yaml b/testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/cainjection_in_foo.policy_healthcheckpolicies.yaml deleted file mode 100644 index 887d632ef1d..00000000000 --- a/testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/cainjection_in_foo.policy_healthcheckpolicies.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# The following patch adds a directive for certmanager to inject CA into the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME - name: healthcheckpolicies.foo.policy.testproject.org diff --git a/testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/cainjection_in_foo_bars.yaml b/testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/cainjection_in_foo_bars.yaml deleted file mode 100644 index 7cacea184db..00000000000 --- a/testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/cainjection_in_foo_bars.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# The following patch adds a directive for certmanager to inject CA into the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME - name: bars.foo.testproject.org diff --git a/testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/cainjection_in_sea-creatures_krakens.yaml b/testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/cainjection_in_sea-creatures_krakens.yaml deleted file mode 100644 index b16c174c7b2..00000000000 --- a/testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/cainjection_in_sea-creatures_krakens.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# The following patch adds a directive for certmanager to inject CA into the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME - name: krakens.sea-creatures.testproject.org diff --git a/testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/cainjection_in_sea-creatures_leviathans.yaml b/testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/cainjection_in_sea-creatures_leviathans.yaml deleted file mode 100644 index 35b16d717cb..00000000000 --- a/testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/cainjection_in_sea-creatures_leviathans.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# The following patch adds a directive for certmanager to inject CA into the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME - name: leviathans.sea-creatures.testproject.org diff --git a/testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/webhook_in_fiz_bars.yaml b/testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/webhook_in_fiz_bars.yaml deleted file mode 100644 index eddaa868fdd..00000000000 --- a/testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/webhook_in_fiz_bars.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# The following patch enables a conversion webhook for the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: bars.fiz.testproject.org -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: system - name: webhook-service - path: /convert - conversionReviewVersions: - - v1 diff --git a/testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/webhook_in_foo.policy_healthcheckpolicies.yaml b/testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/webhook_in_foo.policy_healthcheckpolicies.yaml deleted file mode 100644 index 61381b747c5..00000000000 --- a/testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/webhook_in_foo.policy_healthcheckpolicies.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# The following patch enables a conversion webhook for the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: healthcheckpolicies.foo.policy.testproject.org -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: system - name: webhook-service - path: /convert - conversionReviewVersions: - - v1 diff --git a/testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/webhook_in_foo_bars.yaml b/testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/webhook_in_foo_bars.yaml deleted file mode 100644 index 831ad1b8164..00000000000 --- a/testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/webhook_in_foo_bars.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# The following patch enables a conversion webhook for the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: bars.foo.testproject.org -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: system - name: webhook-service - path: /convert - conversionReviewVersions: - - v1 diff --git a/testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/webhook_in_sea-creatures_krakens.yaml b/testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/webhook_in_sea-creatures_krakens.yaml deleted file mode 100644 index 620a12faaee..00000000000 --- a/testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/webhook_in_sea-creatures_krakens.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# The following patch enables a conversion webhook for the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: krakens.sea-creatures.testproject.org -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: system - name: webhook-service - path: /convert - conversionReviewVersions: - - v1 diff --git a/testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/webhook_in_sea-creatures_leviathans.yaml b/testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/webhook_in_sea-creatures_leviathans.yaml deleted file mode 100644 index 5cb95bc7b38..00000000000 --- a/testdata/project-v4-multigroup-with-deploy-image/config/crd/patches/webhook_in_sea-creatures_leviathans.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# The following patch enables a conversion webhook for the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: leviathans.sea-creatures.testproject.org -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: system - name: webhook-service - path: /convert - conversionReviewVersions: - - v1 diff --git a/testdata/project-v4-multigroup/config/crd/kustomization.yaml b/testdata/project-v4-multigroup/config/crd/kustomization.yaml index 51fa2481343..cf4fac972b8 100644 --- a/testdata/project-v4-multigroup/config/crd/kustomization.yaml +++ b/testdata/project-v4-multigroup/config/crd/kustomization.yaml @@ -6,11 +6,6 @@ resources: - bases/ship.testproject.org_frigates.yaml - bases/ship.testproject.org_destroyers.yaml - bases/ship.testproject.org_cruisers.yaml -- bases/sea-creatures.testproject.org_krakens.yaml -- bases/sea-creatures.testproject.org_leviathans.yaml -- bases/foo.policy.testproject.org_healthcheckpolicies.yaml -- bases/foo.testproject.org_bars.yaml -- bases/fiz.testproject.org_bars.yaml - bases/testproject.org_lakers.yaml #+kubebuilder:scaffold:crdkustomizeresource @@ -21,12 +16,7 @@ patches: - path: patches/webhook_in_ship_frigates.yaml - path: patches/webhook_in_ship_destroyers.yaml - path: patches/webhook_in_ship_cruisers.yaml -- path: patches/webhook_in_sea-creatures_krakens.yaml -#- path: patches/webhook_in_sea-creatures_leviathans.yaml -#- path: patches/webhook_in_foo.policy_healthcheckpolicies.yaml -#- path: patches/webhook_in_foo_bars.yaml -#- path: patches/webhook_in_fiz_bars.yaml -#- path: patches/webhook_in__lakers.yaml +- path: patches/webhook_in__lakers.yaml #+kubebuilder:scaffold:crdkustomizewebhookpatch # [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix. @@ -35,14 +25,11 @@ patches: #- path: patches/cainjection_in_ship_frigates.yaml #- path: patches/cainjection_in_ship_destroyers.yaml #- path: patches/cainjection_in_ship_cruisers.yaml -#- path: patches/cainjection_in_sea-creatures_krakens.yaml -#- path: patches/cainjection_in_sea-creatures_leviathans.yaml -#- path: patches/cainjection_in_foo.policy_healthcheckpolicies.yaml -#- path: patches/cainjection_in_foo_bars.yaml -#- path: patches/cainjection_in_fiz_bars.yaml #- path: patches/cainjection_in__lakers.yaml #+kubebuilder:scaffold:crdkustomizecainjectionpatch +# [WEBHOOK] To enable webhook, uncomment the following section # the following config is for teaching kustomize how to do kustomization for CRDs. + configurations: - kustomizeconfig.yaml diff --git a/testdata/project-v4-multigroup/config/crd/patches/cainjection_in_fiz_bars.yaml b/testdata/project-v4-multigroup/config/crd/patches/cainjection_in_fiz_bars.yaml deleted file mode 100644 index c6dfcc97f3e..00000000000 --- a/testdata/project-v4-multigroup/config/crd/patches/cainjection_in_fiz_bars.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# The following patch adds a directive for certmanager to inject CA into the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME - name: bars.fiz.testproject.org diff --git a/testdata/project-v4-multigroup/config/crd/patches/cainjection_in_foo.policy_healthcheckpolicies.yaml b/testdata/project-v4-multigroup/config/crd/patches/cainjection_in_foo.policy_healthcheckpolicies.yaml deleted file mode 100644 index 887d632ef1d..00000000000 --- a/testdata/project-v4-multigroup/config/crd/patches/cainjection_in_foo.policy_healthcheckpolicies.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# The following patch adds a directive for certmanager to inject CA into the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME - name: healthcheckpolicies.foo.policy.testproject.org diff --git a/testdata/project-v4-multigroup/config/crd/patches/cainjection_in_foo_bars.yaml b/testdata/project-v4-multigroup/config/crd/patches/cainjection_in_foo_bars.yaml deleted file mode 100644 index 7cacea184db..00000000000 --- a/testdata/project-v4-multigroup/config/crd/patches/cainjection_in_foo_bars.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# The following patch adds a directive for certmanager to inject CA into the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME - name: bars.foo.testproject.org diff --git a/testdata/project-v4-multigroup/config/crd/patches/cainjection_in_sea-creatures_krakens.yaml b/testdata/project-v4-multigroup/config/crd/patches/cainjection_in_sea-creatures_krakens.yaml deleted file mode 100644 index b16c174c7b2..00000000000 --- a/testdata/project-v4-multigroup/config/crd/patches/cainjection_in_sea-creatures_krakens.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# The following patch adds a directive for certmanager to inject CA into the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME - name: krakens.sea-creatures.testproject.org diff --git a/testdata/project-v4-multigroup/config/crd/patches/cainjection_in_sea-creatures_leviathans.yaml b/testdata/project-v4-multigroup/config/crd/patches/cainjection_in_sea-creatures_leviathans.yaml deleted file mode 100644 index 35b16d717cb..00000000000 --- a/testdata/project-v4-multigroup/config/crd/patches/cainjection_in_sea-creatures_leviathans.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# The following patch adds a directive for certmanager to inject CA into the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME - name: leviathans.sea-creatures.testproject.org diff --git a/testdata/project-v4-multigroup/config/crd/patches/webhook_in_fiz_bars.yaml b/testdata/project-v4-multigroup/config/crd/patches/webhook_in_fiz_bars.yaml deleted file mode 100644 index eddaa868fdd..00000000000 --- a/testdata/project-v4-multigroup/config/crd/patches/webhook_in_fiz_bars.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# The following patch enables a conversion webhook for the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: bars.fiz.testproject.org -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: system - name: webhook-service - path: /convert - conversionReviewVersions: - - v1 diff --git a/testdata/project-v4-multigroup/config/crd/patches/webhook_in_foo.policy_healthcheckpolicies.yaml b/testdata/project-v4-multigroup/config/crd/patches/webhook_in_foo.policy_healthcheckpolicies.yaml deleted file mode 100644 index 61381b747c5..00000000000 --- a/testdata/project-v4-multigroup/config/crd/patches/webhook_in_foo.policy_healthcheckpolicies.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# The following patch enables a conversion webhook for the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: healthcheckpolicies.foo.policy.testproject.org -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: system - name: webhook-service - path: /convert - conversionReviewVersions: - - v1 diff --git a/testdata/project-v4-multigroup/config/crd/patches/webhook_in_foo_bars.yaml b/testdata/project-v4-multigroup/config/crd/patches/webhook_in_foo_bars.yaml deleted file mode 100644 index 831ad1b8164..00000000000 --- a/testdata/project-v4-multigroup/config/crd/patches/webhook_in_foo_bars.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# The following patch enables a conversion webhook for the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: bars.foo.testproject.org -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: system - name: webhook-service - path: /convert - conversionReviewVersions: - - v1 diff --git a/testdata/project-v4-multigroup/config/crd/patches/webhook_in_sea-creatures_krakens.yaml b/testdata/project-v4-multigroup/config/crd/patches/webhook_in_sea-creatures_krakens.yaml deleted file mode 100644 index 620a12faaee..00000000000 --- a/testdata/project-v4-multigroup/config/crd/patches/webhook_in_sea-creatures_krakens.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# The following patch enables a conversion webhook for the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: krakens.sea-creatures.testproject.org -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: system - name: webhook-service - path: /convert - conversionReviewVersions: - - v1 diff --git a/testdata/project-v4-multigroup/config/crd/patches/webhook_in_sea-creatures_leviathans.yaml b/testdata/project-v4-multigroup/config/crd/patches/webhook_in_sea-creatures_leviathans.yaml deleted file mode 100644 index 5cb95bc7b38..00000000000 --- a/testdata/project-v4-multigroup/config/crd/patches/webhook_in_sea-creatures_leviathans.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# The following patch enables a conversion webhook for the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: leviathans.sea-creatures.testproject.org -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: system - name: webhook-service - path: /convert - conversionReviewVersions: - - v1 diff --git a/testdata/project-v4-with-deploy-image/config/crd/kustomization.yaml b/testdata/project-v4-with-deploy-image/config/crd/kustomization.yaml index c4fb2e1b99b..673cbc32751 100644 --- a/testdata/project-v4-with-deploy-image/config/crd/kustomization.yaml +++ b/testdata/project-v4-with-deploy-image/config/crd/kustomization.yaml @@ -3,22 +3,21 @@ # It should be run by config/default resources: - bases/example.com.testproject.org_memcacheds.yaml -- bases/example.com.testproject.org_busyboxes.yaml #+kubebuilder:scaffold:crdkustomizeresource patches: # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. # patches here are for enabling the conversion webhook for each CRD - path: patches/webhook_in_memcacheds.yaml -#- path: patches/webhook_in_busyboxes.yaml #+kubebuilder:scaffold:crdkustomizewebhookpatch # [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix. # patches here are for enabling the CA injection for each CRD #- path: patches/cainjection_in_memcacheds.yaml -#- path: patches/cainjection_in_busyboxes.yaml #+kubebuilder:scaffold:crdkustomizecainjectionpatch +# [WEBHOOK] To enable webhook, uncomment the following section # the following config is for teaching kustomize how to do kustomization for CRDs. + configurations: - kustomizeconfig.yaml diff --git a/testdata/project-v4-with-deploy-image/config/crd/patches/cainjection_in_busyboxes.yaml b/testdata/project-v4-with-deploy-image/config/crd/patches/cainjection_in_busyboxes.yaml deleted file mode 100644 index 5f6b0384f48..00000000000 --- a/testdata/project-v4-with-deploy-image/config/crd/patches/cainjection_in_busyboxes.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# The following patch adds a directive for certmanager to inject CA into the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME - name: busyboxes.example.com.testproject.org diff --git a/testdata/project-v4-with-deploy-image/config/crd/patches/webhook_in_busyboxes.yaml b/testdata/project-v4-with-deploy-image/config/crd/patches/webhook_in_busyboxes.yaml deleted file mode 100644 index 5dbd9da7176..00000000000 --- a/testdata/project-v4-with-deploy-image/config/crd/patches/webhook_in_busyboxes.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# The following patch enables a conversion webhook for the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: busyboxes.example.com.testproject.org -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: system - name: webhook-service - path: /convert - conversionReviewVersions: - - v1 diff --git a/testdata/project-v4/config/crd/kustomization.yaml b/testdata/project-v4/config/crd/kustomization.yaml index 55a06bf09c9..22270f5b729 100644 --- a/testdata/project-v4/config/crd/kustomization.yaml +++ b/testdata/project-v4/config/crd/kustomization.yaml @@ -22,6 +22,8 @@ patches: #- path: patches/cainjection_in_admirales.yaml #+kubebuilder:scaffold:crdkustomizecainjectionpatch +# [WEBHOOK] To enable webhook, uncomment the following section # the following config is for teaching kustomize how to do kustomization for CRDs. + configurations: - kustomizeconfig.yaml