✨ (kustomize/v2; go/v4) feat: improve UX and maintainability by auto-uncommenting webhook blocks when possible

.github/workflows/test-e2e-samples.yml

@@ -39,12 +39,9 @@ jobs:
 
       - name: Prepare project-v4
         run: |
+          # Enable [METRICS-WITH-CERTS] by uncommenting the lines in kustomization.yaml
           KUSTOMIZATION_FILE_PATH="testdata/project-v4/config/default/kustomization.yaml"
-          sed -i '25s/^#//' $KUSTOMIZATION_FILE_PATH
           sed -i '47,49s/^#//' $KUSTOMIZATION_FILE_PATH
-          # Uncomment all cert-manager injections
-          sed -i '59,234s/^#//' $KUSTOMIZATION_FILE_PATH
-          sed -i '236,251s/^#//' $KUSTOMIZATION_FILE_PATH
           cd testdata/project-v4/
           go mod tidy
 
@@ -81,17 +78,6 @@ jobs:
 
       - name: Prepare project-v4-with-plugins
         run: |
-          KUSTOMIZATION_FILE_PATH="testdata/project-v4-with-plugins/config/default/kustomization.yaml"
-          sed -i '25s/^#//' $KUSTOMIZATION_FILE_PATH
-          # Uncomment only ValidatingWebhookConfiguration
-          # from cert-manager replaces; we are leaving defaulting uncommented
-          # since this sample has no defaulting webhooks
-          sed -i '59,77s/^#//' $KUSTOMIZATION_FILE_PATH
-          sed -i '90,107s/^#//' $KUSTOMIZATION_FILE_PATH
-          sed -i '120,186s/^#//' $KUSTOMIZATION_FILE_PATH
-          # Uncomment only --conversion webhooks CA injection
-          sed -i '219,234s/^#//' $KUSTOMIZATION_FILE_PATH
-          sed -i '236,251s/^#//' $KUSTOMIZATION_FILE_PATH
           cd testdata/project-v4-with-plugins/
           go mod tidy
 
@@ -128,13 +114,6 @@ jobs:
 
       - name: Prepare project-v4-multigroup
         run: |
-          KUSTOMIZATION_FILE_PATH="testdata/project-v4-multigroup/config/default/kustomization.yaml"
-          sed -i '25s/^#//' $KUSTOMIZATION_FILE_PATH
-          # Uncomment all cert-manager injections for webhooks only
-          sed -i '59,77s/^#//' $KUSTOMIZATION_FILE_PATH
-          sed -i '90,107s/^#//' $KUSTOMIZATION_FILE_PATH
-          sed -i '120,234s/^#//' $KUSTOMIZATION_FILE_PATH
-          sed -i '236,251s/^#//' $KUSTOMIZATION_FILE_PATH
           cd testdata/project-v4-multigroup
           go mod tidy
 

docs/book/src/cronjob-tutorial/testdata/project/config/default/kustomization.yaml

@@ -215,7 +215,7 @@ replacements:
          delimiter: '/'
          index: 1
          create: true
-#
+
 # - source: # Uncomment the following block if you have a ConversionWebhook (--conversion)
 #     kind: Certificate
 #     group: cert-manager.io

docs/book/src/getting-started/testdata/project/config/default/kustomization.yaml

@@ -86,7 +86,7 @@ patches:
 #         delimiter: '.'
 #         index: 0
 #         create: true
-#
+
 # - source:
 #     kind: Service
 #     version: v1
@@ -116,7 +116,7 @@ patches:
 #         delimiter: '.'
 #         index: 1
 #         create: true
-#
+
 # - source: # Uncomment the following block if you have any webhook
 #     kind: Service
 #     version: v1
@@ -153,7 +153,7 @@ patches:
 #         delimiter: '.'
 #         index: 1
 #         create: true
-#
+
 # - source: # Uncomment the following block if you have a ValidatingWebhook (--programmatic-validation)
 #     kind: Certificate
 #     group: cert-manager.io
@@ -184,7 +184,7 @@ patches:
 #         delimiter: '/'
 #         index: 1
 #         create: true
-#
+
 # - source: # Uncomment the following block if you have a DefaultingWebhook (--defaulting )
 #     kind: Certificate
 #     group: cert-manager.io
@@ -215,7 +215,7 @@ patches:
 #         delimiter: '/'
 #         index: 1
 #         create: true
-#
+
 # - source: # Uncomment the following block if you have a ConversionWebhook (--conversion)
 #     kind: Certificate
 #     group: cert-manager.io

docs/book/src/multiversion-tutorial/testdata/project/.github/workflows/test-chart.yml

@@ -46,19 +46,18 @@ jobs:
         run: |
           helm lint ./dist/chart
 
-# TODO: Uncomment if cert-manager is enabled
-#      - name: Install cert-manager via Helm
-#        run: |
-#          helm repo add jetstack https://charts.jetstack.io
-#          helm repo update
-#          helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --set installCRDs=true
-#
-#      - name: Wait for cert-manager to be ready
-#        run: |
-#          kubectl wait --namespace cert-manager --for=condition=available --timeout=300s deployment/cert-manager
-#          kubectl wait --namespace cert-manager --for=condition=available --timeout=300s deployment/cert-manager-cainjector
-#          kubectl wait --namespace cert-manager --for=condition=available --timeout=300s deployment/cert-manager-webhook
 
+      - name: Install cert-manager via Helm
+        run: |
+          helm repo add jetstack https://charts.jetstack.io
+          helm repo update
+          helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --set installCRDs=true
+
+      - name: Wait for cert-manager to be ready
+        run: |
+          kubectl wait --namespace cert-manager --for=condition=available --timeout=300s deployment/cert-manager
+          kubectl wait --namespace cert-manager --for=condition=available --timeout=300s deployment/cert-manager-cainjector
+          kubectl wait --namespace cert-manager --for=condition=available --timeout=300s deployment/cert-manager-webhook
 # TODO: Uncomment if Prometheus is enabled
 #      - name: Install Prometheus Operator CRDs
 #        run: |

hack/docs/internal/cronjob-tutorial/generate_cronjob.go

@@ -610,11 +610,6 @@ var _ = AfterSuite(func() {
 
 func (sp *Sample) updateKustomization() {
 	var err error
-	err = pluginutil.UncommentCode(
-		filepath.Join(sp.ctx.Dir, "config/default/kustomization.yaml"),
-		`#- ../certmanager`, `#`)
-	hackutils.CheckError("fixing default/kustomization", err)
-
 	err = pluginutil.UncommentCode(
 		filepath.Join(sp.ctx.Dir, "config/default/kustomization.yaml"),
 		`#- ../prometheus`, `#`)
@@ -637,7 +632,7 @@ func (sp *Sample) updateKustomization() {
 
 	err = pluginutil.UncommentCode(
 		filepath.Join(sp.ctx.Dir, "config/default/kustomization.yaml"),
-		certManagerForMetricsAndWebhooks, `#`)
+		certManagerForMetrics, `#`)
 	hackutils.CheckError("fixing default/kustomization", err)
 }
 

hack/docs/internal/cronjob-tutorial/sample.go

@@ -33,8 +33,7 @@ const cronjobSample = `
             - date; echo Hello from the Kubernetes cluster
           restartPolicy: OnFailure`
 
-const certManagerForMetricsAndWebhooks = `#replacements:
-# - source: # Uncomment the following block to enable certificates for metrics
+const certManagerForMetrics = `# - source: # Uncomment the following block to enable certificates for metrics
 #     kind: Service
 #     version: v1
 #     name: controller-manager-metrics-service
@@ -63,7 +62,7 @@ const certManagerForMetricsAndWebhooks = `#replacements:
 #         delimiter: '.'
 #         index: 0
 #         create: true
-#
+
 # - source:
 #     kind: Service
 #     version: v1
@@ -92,103 +91,4 @@ const certManagerForMetricsAndWebhooks = `#replacements:
 #       options:
 #         delimiter: '.'
 #         index: 1
-#         create: true
-#
-# - source: # Uncomment the following block if you have any webhook
-#     kind: Service
-#     version: v1
-#     name: webhook-service
-#     fieldPath: .metadata.name # Name of the service
-#   targets:
-#     - select:
-#         kind: Certificate
-#         group: cert-manager.io
-#         version: v1
-#         name: serving-cert
-#       fieldPaths:
-#         - .spec.dnsNames.0
-#         - .spec.dnsNames.1
-#       options:
-#         delimiter: '.'
-#         index: 0
-#         create: true
-# - source:
-#     kind: Service
-#     version: v1
-#     name: webhook-service
-#     fieldPath: .metadata.namespace # Namespace of the service
-#   targets:
-#     - select:
-#         kind: Certificate
-#         group: cert-manager.io
-#         version: v1
-#         name: serving-cert
-#       fieldPaths:
-#         - .spec.dnsNames.0
-#         - .spec.dnsNames.1
-#       options:
-#         delimiter: '.'
-#         index: 1
-#         create: true
-#
-# - source: # Uncomment the following block if you have a ValidatingWebhook (--programmatic-validation)
-#     kind: Certificate
-#     group: cert-manager.io
-#     version: v1
-#     name: serving-cert # This name should match the one in certificate.yaml
-#     fieldPath: .metadata.namespace # Namespace of the certificate CR
-#   targets:
-#     - select:
-#         kind: ValidatingWebhookConfiguration
-#       fieldPaths:
-#         - .metadata.annotations.[cert-manager.io/inject-ca-from]
-#       options:
-#         delimiter: '/'
-#         index: 0
-#         create: true
-# - source:
-#     kind: Certificate
-#     group: cert-manager.io
-#     version: v1
-#     name: serving-cert
-#     fieldPath: .metadata.name
-#   targets:
-#     - select:
-#         kind: ValidatingWebhookConfiguration
-#       fieldPaths:
-#         - .metadata.annotations.[cert-manager.io/inject-ca-from]
-#       options:
-#         delimiter: '/'
-#         index: 1
-#         create: true
-#
-# - source: # Uncomment the following block if you have a DefaultingWebhook (--defaulting )
-#     kind: Certificate
-#     group: cert-manager.io
-#     version: v1
-#     name: serving-cert
-#     fieldPath: .metadata.namespace # Namespace of the certificate CR
-#   targets:
-#     - select:
-#         kind: MutatingWebhookConfiguration
-#       fieldPaths:
-#         - .metadata.annotations.[cert-manager.io/inject-ca-from]
-#       options:
-#         delimiter: '/'
-#         index: 0
-#         create: true
-# - source:
-#     kind: Certificate
-#     group: cert-manager.io
-#     version: v1
-#     name: serving-cert
-#     fieldPath: .metadata.name
-#   targets:
-#     - select:
-#         kind: MutatingWebhookConfiguration
-#       fieldPaths:
-#         - .metadata.annotations.[cert-manager.io/inject-ca-from]
-#       options:
-#         delimiter: '/'
-#         index: 1
 #         create: true`

hack/docs/internal/multiversion-tutorial/generate_multiversion.go

@@ -103,7 +103,6 @@ func (sp *Sample) UpdateTutorial() {
 	sp.updateConversionFiles()
 	sp.updateSampleV2()
 	sp.updateMain()
-	sp.updateDefaultKustomize()
 }
 
 func (sp *Sample) updateCronjobV1DueForce() {
@@ -281,20 +280,6 @@ interfaces, a conversion webhook will be registered.
 	hackutils.CheckError("fix cronjob v1 tests after each", err)
 }
 
-func (sp *Sample) updateDefaultKustomize() {
-	// Enable CA for Conversion Webhook
-	err := pluginutil.UncommentCode(
-		filepath.Join(sp.ctx.Dir, "config/default/kustomization.yaml"),
-		caInjectionNamespace, `#`)
-	hackutils.CheckError("fixing default/kustomization", err)
-
-	// Enable CA for Conversion Webhook
-	err = pluginutil.UncommentCode(
-		filepath.Join(sp.ctx.Dir, "config/default/kustomization.yaml"),
-		caInjectionCert, `#`)
-	hackutils.CheckError("fixing default/kustomization", err)
-}
-
 func (sp *Sample) updateSampleV2() {
 	path := filepath.Join(sp.ctx.Dir, "config/samples/batch_v2_cronjob.yaml")
 	oldText := `# TODO(user): Add fields here`