SovereignCloudStack · kranurag7 · Jun 24, 2024
diff --git a/Makefile b/Makefile
@@ -97,7 +97,7 @@ $(CONTROLLER_GEN): # Build controller-gen from tools folder.
 KUSTOMIZE := $(abspath $(TOOLS_BIN_DIR)/kustomize)
 kustomize: $(KUSTOMIZE) ## Build a local copy of kustomize
 $(KUSTOMIZE): # Build kustomize from tools folder.
-	go install sigs.k8s.io/kustomize/kustomize/[email protected]
+	go install sigs.k8s.io/kustomize/kustomize/[email protected]
 
 TILT := $(abspath $(TOOLS_BIN_DIR)/tilt)
 tilt: $(TILT) ## Build a local copy of tilt

diff --git a/config/certmanager/certificate.yaml b/config/certmanager/certificate.yaml
@@ -15,10 +15,10 @@ metadata:
   name: serving-cert  # this name should match the one appeared in kustomizeconfig.yaml
   namespace: system
 spec:
-  # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize
+  # SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize
   dnsNames:
-  - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc
-  - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local
+  - SERVICE_NAME.SERVICE_NAMESPACE.svc
+  - SERVICE_NAME.SERVICE_NAMESPACE.svc.cluster.local
   issuerRef:
     kind: Issuer
     name: selfsigned-issuer

diff --git a/config/certmanager/kustomization.yaml b/config/certmanager/kustomization.yaml
@@ -3,3 +3,5 @@ resources:
 
 configurations:
 - kustomizeconfig.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml
@@ -1,5 +1,3 @@
-commonlabels:
-  cluster.x-k8s.io/v1beta1: v1beta1
 
 # This kustomization.yaml is not intended to be run by itself,
 # since it depends on service name and namespace that are out of this kustomize package.
@@ -10,7 +8,6 @@ resources:
 - bases/clusterstack.x-k8s.io_clusteraddons.yaml
 #+kubebuilder:scaffold:crdkustomizeresource
 
-patchesStrategicMerge:
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
 # patches here are for enabling the conversion webhook for each CRD
 #- patches/webhook_in_clusterstacks.yaml
@@ -28,3 +25,9 @@ patchesStrategicMerge:
 # the following config is for teaching kustomize how to do kustomization for CRDs.
 configurations:
 - kustomizeconfig.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+labels:
+- includeSelectors: true
+  pairs:
+    cluster.x-k8s.io/v1beta1: v1beta1
diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
@@ -2,45 +2,102 @@ namespace: cso-system
 
 namePrefix: cso-
 
-commonLabels:
-  cluster.x-k8s.io/provider: "cluster-stack-operator"
 
 resources:
-  - ../crd
-  - ../rbac
-  - ../manager
-  - ../webhook
-  - ../certmanager
+- ../crd
+- ../rbac
+- ../manager
+- ../webhook
+- ../certmanager
 
-patchesStrategicMerge:
-  - manager_config_patch.yaml
-  - manager_webhook_patch.yaml
-  - webhookcainjection_patch.yaml
-  - manager_pull_policy.yaml
-vars:
-  - name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
-    objref:
-      kind: Certificate
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+labels:
+- includeSelectors: true
+  pairs:
+    cluster.x-k8s.io/provider: cluster-stack-operator
+patches:
+- path: manager_config_patch.yaml
+- path: manager_webhook_patch.yaml
+- path: webhookcainjection_patch.yaml
+- path: manager_pull_policy.yaml
+replacements:
+- source:
+    fieldPath: metadata.namespace
+    kind: Certificate
+    name: serving-cert
+  targets:
+  - fieldPaths:
+    - metadata.annotations.[cert-manager.io/inject-ca-from]
+    options:
+      delimiter: /
+    select: {}
+- source:
+    kind: Certificate
+    name: serving-cert
+  targets:
+  - fieldPaths:
+    - metadata.annotations.[cert-manager.io/inject-ca-from]
+    options:
+      delimiter: /
+      index: 1
+    select: {}
+- source:
+    fieldPath: metadata.namespace
+    kind: Service
+    name: webhook-service
+  targets:
+  - fieldPaths:
+    - |-
+      spec.# $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize
+      dnsNames.0
+    options:
+      delimiter: .
+      index: 1
+    select:
       group: cert-manager.io
-      version: v1
-      name: serving-cert # this name should match the one in certificate.yaml
-    fieldref:
-      fieldpath: metadata.namespace
-  - name: CERTIFICATE_NAME
-    objref:
       kind: Certificate
+      name: serving-cert
+      namespace: system
+      version: v1
+  - fieldPaths:
+    - |-
+      spec.# $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize
+      dnsNames.1
+    options:
+      delimiter: .
+      index: 1
+    select:
       group: cert-manager.io
+      kind: Certificate
+      name: serving-cert
+      namespace: system
       version: v1
-      name: serving-cert # this name should match the one in certificate.yaml
-  - name: SERVICE_NAMESPACE # namespace of the service
-    objref:
-      kind: Service
+- source:
+    kind: Service
+    name: webhook-service
+  targets:
+  - fieldPaths:
+    - |-
+      spec.# $(SERVICE_NAME) and SERVICE_NAMESPACE will be substituted by kustomize
+      dnsNames.0
+    options:
+      delimiter: .
+    select:
+      group: cert-manager.io
+      kind: Certificate
+      name: serving-cert
+      namespace: system
       version: v1
-      name: webhook-service
-    fieldref:
-      fieldpath: metadata.namespace
-  - name: SERVICE_NAME
-    objref:
-      kind: Service
+  - fieldPaths:
+    - |-
+      spec.# $(SERVICE_NAME) and SERVICE_NAMESPACE will be substituted by kustomize
+      dnsNames.1
+    options:
+      delimiter: .
+    select:
+      group: cert-manager.io
+      kind: Certificate
+      name: serving-cert
+      namespace: system
       version: v1
-      name: webhook-service
diff --git a/config/default/webhookcainjection_patch.yaml b/config/default/webhookcainjection_patch.yaml
@@ -1,9 +1,9 @@
 # This patch add annotation to admission webhook config and
-# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize.
+# the variables CERTIFICATE_NAMESPACE and CERTIFICATE_NAME will be substituted by kustomize.
 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
   name: validating-webhook-configuration
   annotations:
-    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+    cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME
diff --git a/config/localmode/kustomization.yaml b/config/localmode/kustomization.yaml
@@ -2,45 +2,102 @@ namespace: cso-system
 
 namePrefix: cso-
 
-commonLabels:
-  cluster.x-k8s.io/provider: "cluster-stack-operator"
 
 resources:
-  - ../crd
-  - ../rbac
-  - ../manager
-  - ../webhook
-  - ../certmanager
+- ../crd
+- ../rbac
+- ../manager
+- ../webhook
+- ../certmanager
 
-patchesStrategicMerge:
-  - manager_config_patch.yaml
-  - manager_webhook_patch.yaml
-  - webhookcainjection_patch.yaml
-  - manager_pull_policy.yaml
-vars:
-  - name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
-    objref:
-      kind: Certificate
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+labels:
+- includeSelectors: true
+  pairs:
+    cluster.x-k8s.io/provider: cluster-stack-operator
+patches:
+- path: manager_config_patch.yaml
+- path: manager_webhook_patch.yaml
+- path: webhookcainjection_patch.yaml
+- path: manager_pull_policy.yaml
+replacements:
+- source:
+    fieldPath: metadata.namespace
+    kind: Certificate
+    name: serving-cert
+  targets:
+  - fieldPaths:
+    - metadata.annotations.[cert-manager.io/inject-ca-from]
+    options:
+      delimiter: /
+    select: {}
+- source:
+    kind: Certificate
+    name: serving-cert
+  targets:
+  - fieldPaths:
+    - metadata.annotations.[cert-manager.io/inject-ca-from]
+    options:
+      delimiter: /
+      index: 1
+    select: {}
+- source:
+    fieldPath: metadata.namespace
+    kind: Service
+    name: webhook-service
+  targets:
+  - fieldPaths:
+    - |-
+      spec.# $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize
+      dnsNames.0
+    options:
+      delimiter: .
+      index: 1
+    select:
       group: cert-manager.io
-      version: v1
-      name: serving-cert # this name should match the one in certificate.yaml
-    fieldref:
-      fieldpath: metadata.namespace
-  - name: CERTIFICATE_NAME
-    objref:
       kind: Certificate
+      name: serving-cert
+      namespace: system
+      version: v1
+  - fieldPaths:
+    - |-
+      spec.# $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize
+      dnsNames.1
+    options:
+      delimiter: .
+      index: 1
+    select:
       group: cert-manager.io
+      kind: Certificate
+      name: serving-cert
+      namespace: system
       version: v1
-      name: serving-cert # this name should match the one in certificate.yaml
-  - name: SERVICE_NAMESPACE # namespace of the service
-    objref:
-      kind: Service
+- source:
+    kind: Service
+    name: webhook-service
+  targets:
+  - fieldPaths:
+    - |-
+      spec.# $(SERVICE_NAME) and SERVICE_NAMESPACE will be substituted by kustomize
+      dnsNames.0
+    options:
+      delimiter: .
+    select:
+      group: cert-manager.io
+      kind: Certificate
+      name: serving-cert
+      namespace: system
       version: v1
-      name: webhook-service
-    fieldref:
-      fieldpath: metadata.namespace
-  - name: SERVICE_NAME
-    objref:
-      kind: Service
+  - fieldPaths:
+    - |-
+      spec.# $(SERVICE_NAME) and SERVICE_NAMESPACE will be substituted by kustomize
+      dnsNames.1
+    options:
+      delimiter: .
+    select:
+      group: cert-manager.io
+      kind: Certificate
+      name: serving-cert
+      namespace: system
       version: v1
-      name: webhook-service
diff --git a/config/localmode/webhookcainjection_patch.yaml b/config/localmode/webhookcainjection_patch.yaml
@@ -1,9 +1,9 @@
 # This patch add annotation to admission webhook config and
-# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize.
+# the variables CERTIFICATE_NAMESPACE and CERTIFICATE_NAME will be substituted by kustomize.
 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
   name: validating-webhook-configuration
   annotations:
-    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+    cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME
diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
@@ -1,3 +1,5 @@
 resources:
 - manager.yaml
 - credentials.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml
@@ -1,12 +1,13 @@
-resources:
 # All RBAC will be applied under this service account in
 # the deployment namespace. You may comment out this resource
 # if your manager will use a service account that exists at
 # runtime. Be sure to update RoleBinding and ClusterRoleBinding
 # subjects if changing service account names.
+resources:
 - service_account.yaml
 - role.yaml
 - role_binding.yaml
 - leader_election_role.yaml
 - leader_election_role_binding.yaml
-
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
diff --git a/config/webhook/kustomization.yaml b/config/webhook/kustomization.yaml
@@ -4,3 +4,5 @@ resources:
 
 configurations:
 - kustomizeconfig.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization