From b6c4970a18da9067aa8704d2664187dddbf32551 Mon Sep 17 00:00:00 2001 From: Nour <1257310+nourspace@users.noreply.github.com> Date: Sat, 16 Dec 2023 01:16:34 +0400 Subject: [PATCH] fix(kube): cleanup config manifests (#401) - Use patches instead of deprecated patchesStrategicMerge - Remove hardcoded namespace from resources This is automatically added by the config kustomization. Having it requires overlays to specify `namespace: system` or others in their `patches: target` which is confusing. --- config/crd/kustomization.yaml | 14 +++++++------- config/crd/patches/webhook_in_cosmosfullnodes.yaml | 1 - config/crd/patches/webhook_in_hostedsnapshots.yaml | 1 - .../webhook_in_scheduledvolumesnapshots.yaml | 1 - config/default/kustomization.yaml | 10 +++++----- config/default/manager_auth_proxy_patch.yaml | 1 - config/default/manager_config_patch.yaml | 1 - config/manager/manager.yaml | 3 +-- config/prometheus/monitor.yaml | 1 - config/rbac/auth_proxy_role_binding.yaml | 1 - config/rbac/auth_proxy_service.yaml | 1 - config/rbac/leader_election_role_binding.yaml | 1 - config/rbac/role_binding.yaml | 1 - config/rbac/service_account.yaml | 1 - 14 files changed, 13 insertions(+), 25 deletions(-) diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index 9e70e6ac..d4eac045 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -7,19 +7,19 @@ resources: - bases/cosmos.strange.love_scheduledvolumesnapshots.yaml #+kubebuilder:scaffold:crdkustomizeresource -patchesStrategicMerge: +patches: # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. # patches here are for enabling the conversion webhook for each CRD -#- patches/webhook_in_cosmosfullnodes.yaml -#- patches/webhook_in_statefuljobs.yaml -#- patches/webhook_in_scheduledvolumesnapshots.yaml +#- path: patches/webhook_in_cosmosfullnodes.yaml +#- path: patches/webhook_in_statefuljobs.yaml +#- path: patches/webhook_in_scheduledvolumesnapshots.yaml #+kubebuilder:scaffold:crdkustomizewebhookpatch # [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix. # patches here are for enabling the CA injection for each CRD -#- patches/cainjection_in_cosmosfullnodes.yaml -#- patches/cainjection_in_statefuljobs.yaml -#- patches/cainjection_in_scheduledvolumesnapshots.yaml +#- path: patches/cainjection_in_cosmosfullnodes.yaml +#- path: patches/cainjection_in_statefuljobs.yaml +#- path: patches/cainjection_in_scheduledvolumesnapshots.yaml #+kubebuilder:scaffold:crdkustomizecainjectionpatch # the following config is for teaching kustomize how to do kustomization for CRDs. diff --git a/config/crd/patches/webhook_in_cosmosfullnodes.yaml b/config/crd/patches/webhook_in_cosmosfullnodes.yaml index 88c36f50..647e24bc 100644 --- a/config/crd/patches/webhook_in_cosmosfullnodes.yaml +++ b/config/crd/patches/webhook_in_cosmosfullnodes.yaml @@ -9,7 +9,6 @@ spec: webhook: clientConfig: service: - namespace: system name: webhook-service path: /convert conversionReviewVersions: diff --git a/config/crd/patches/webhook_in_hostedsnapshots.yaml b/config/crd/patches/webhook_in_hostedsnapshots.yaml index cae90a1c..59907bab 100644 --- a/config/crd/patches/webhook_in_hostedsnapshots.yaml +++ b/config/crd/patches/webhook_in_hostedsnapshots.yaml @@ -9,7 +9,6 @@ spec: webhook: clientConfig: service: - namespace: system name: webhook-service path: /convert conversionReviewVersions: diff --git a/config/crd/patches/webhook_in_scheduledvolumesnapshots.yaml b/config/crd/patches/webhook_in_scheduledvolumesnapshots.yaml index 6795d178..122ff346 100644 --- a/config/crd/patches/webhook_in_scheduledvolumesnapshots.yaml +++ b/config/crd/patches/webhook_in_scheduledvolumesnapshots.yaml @@ -9,7 +9,6 @@ spec: webhook: clientConfig: service: - namespace: system name: webhook-service path: /convert conversionReviewVersions: diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index c44622e1..4e6aa284 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -24,24 +24,24 @@ resources: # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. #- ../prometheus -patchesStrategicMerge: +patches: # Protect the /metrics endpoint by putting it behind auth. # If you want your controller-manager to expose the /metrics # endpoint w/o any authn/z, please comment the following line. -- manager_auth_proxy_patch.yaml +- path: manager_auth_proxy_patch.yaml # Mount the controller config file for loading manager configurations # through a ComponentConfig type -#- manager_config_patch.yaml +#- path: manager_config_patch.yaml # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # crd/kustomization.yaml -#- manager_webhook_patch.yaml +#- path: manager_webhook_patch.yaml # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. # Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. # 'CERTMANAGER' needs to be enabled to use ca injection -#- webhookcainjection_patch.yaml +#- path: webhookcainjection_patch.yaml # the following config is for teaching kustomize how to do var substitution vars: diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml index 28a6ef7c..c609e019 100644 --- a/config/default/manager_auth_proxy_patch.yaml +++ b/config/default/manager_auth_proxy_patch.yaml @@ -4,7 +4,6 @@ apiVersion: apps/v1 kind: Deployment metadata: name: controller-manager - namespace: system spec: template: spec: diff --git a/config/default/manager_config_patch.yaml b/config/default/manager_config_patch.yaml index 6c400155..e846a379 100644 --- a/config/default/manager_config_patch.yaml +++ b/config/default/manager_config_patch.yaml @@ -2,7 +2,6 @@ apiVersion: apps/v1 kind: Deployment metadata: name: controller-manager - namespace: system spec: template: spec: diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 16811868..857677ce 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -3,13 +3,12 @@ kind: Namespace metadata: labels: control-plane: controller-manager - name: system + name: cosmos-operator-system --- apiVersion: apps/v1 kind: Deployment metadata: name: controller-manager - namespace: system labels: control-plane: controller-manager spec: diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml index d19136ae..1734ad29 100644 --- a/config/prometheus/monitor.yaml +++ b/config/prometheus/monitor.yaml @@ -6,7 +6,6 @@ metadata: labels: control-plane: controller-manager name: controller-manager-metrics-monitor - namespace: system spec: endpoints: - path: /metrics diff --git a/config/rbac/auth_proxy_role_binding.yaml b/config/rbac/auth_proxy_role_binding.yaml index ec7acc0a..6c622c03 100644 --- a/config/rbac/auth_proxy_role_binding.yaml +++ b/config/rbac/auth_proxy_role_binding.yaml @@ -9,4 +9,3 @@ roleRef: subjects: - kind: ServiceAccount name: controller-manager - namespace: system diff --git a/config/rbac/auth_proxy_service.yaml b/config/rbac/auth_proxy_service.yaml index 71f17972..c54a5335 100644 --- a/config/rbac/auth_proxy_service.yaml +++ b/config/rbac/auth_proxy_service.yaml @@ -4,7 +4,6 @@ metadata: labels: control-plane: controller-manager name: controller-manager-metrics-service - namespace: system spec: ports: - name: https diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml index 1d1321ed..df9defbf 100644 --- a/config/rbac/leader_election_role_binding.yaml +++ b/config/rbac/leader_election_role_binding.yaml @@ -9,4 +9,3 @@ roleRef: subjects: - kind: ServiceAccount name: controller-manager - namespace: system diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml index 2070ede4..542a0738 100644 --- a/config/rbac/role_binding.yaml +++ b/config/rbac/role_binding.yaml @@ -9,4 +9,3 @@ roleRef: subjects: - kind: ServiceAccount name: controller-manager - namespace: system diff --git a/config/rbac/service_account.yaml b/config/rbac/service_account.yaml index 7cd6025b..69ece2e4 100644 --- a/config/rbac/service_account.yaml +++ b/config/rbac/service_account.yaml @@ -2,4 +2,3 @@ apiVersion: v1 kind: ServiceAccount metadata: name: controller-manager - namespace: system