Skip to content
Permalink
Browse files

kustomize restricts about the scope of var definition

We move var definition one level up to work around this restriction.
  • Loading branch information...
mengqiy committed Jul 10, 2019
1 parent 450508e commit 327fc52878b5c141508ae68b8223d24302b5aad6
Showing with 261 additions and 262 deletions.
  1. +3 −3 docs/book/src/cronjob-tutorial/testdata/project/config/certmanager/certificate.yaml
  2. +0 −8 docs/book/src/cronjob-tutorial/testdata/project/config/certmanager/kustomization.yaml
  3. +6 −0 docs/book/src/cronjob-tutorial/testdata/project/config/crd/kustomization.yaml
  4. +8 −0 docs/book/src/cronjob-tutorial/testdata/project/config/crd/patches/cainjection_in_cronjobs.yaml
  5. +2 −2 ...tutorial/testdata/project/config/crd/patches/{webhook_in_cronjob.yaml → webhook_in_cronjobs.yaml}
  6. +36 −1 docs/book/src/cronjob-tutorial/testdata/project/config/default/kustomization.yaml
  7. +3 −3 docs/book/src/cronjob-tutorial/testdata/project/config/default/webhookcainjection_patch.yaml
  8. +7 −18 go.mod
  9. +6 −127 go.sum
  10. +3 −3 pkg/scaffold/v2/certmanager/certificate.go
  11. +0 −21 pkg/scaffold/v2/certmanager/kustomize.go
  12. +1 −1 pkg/scaffold/v2/crd/enablecainjection_patch.go
  13. +4 −2 pkg/scaffold/v2/crd/kustomization.go
  14. +33 −3 pkg/scaffold/v2/kustomize.go
  15. +1 −1 pkg/scaffold/v2/makefile.go
  16. +3 −3 pkg/scaffold/v2/webhook/enablecainection_patch.go
  17. +1 −1 scripts/install_and_setup.sh
  18. +27 −0 test/e2e/e2e_v2.go
  19. +4 −2 test/e2e/test_context.go
  20. +22 −13 test/e2e/util.go
  21. +1 −1 testdata/project-v2/Makefile
  22. +3 −3 testdata/project-v2/config/certmanager/certificate.yaml
  23. +0 −21 testdata/project-v2/config/certmanager/kustomization.yaml
  24. +15 −0 testdata/project-v2/config/crd/bases/crew.testproject.org_captains.yaml
  25. +15 −0 testdata/project-v2/config/crd/bases/crew.testproject.org_firstmates.yaml
  26. +4 −2 testdata/project-v2/config/crd/kustomization.yaml
  27. +1 −1 testdata/project-v2/config/crd/patches/cainjection_in_captains.yaml
  28. +1 −1 testdata/project-v2/config/crd/patches/cainjection_in_firstmates.yaml
  29. +33 −3 testdata/project-v2/config/default/kustomization.yaml
  30. +3 −3 testdata/project-v2/config/default/webhookcainjection_patch.yaml
  31. +15 −15 testdata/project-v2/config/rbac/role.yaml
@@ -14,10 +14,10 @@ metadata:
name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml
namespace: system
spec:
# $(SERVICENAME) and $(NAMESPACE) will be substituted by kustomize
commonName: $(SERVICENAME).$(NAMESPACE).svc
# $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize
commonName: $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc
dnsNames:
- $(SERVICENAME).$(NAMESPACE).svc.cluster.local
- $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local
issuerRef:
kind: Issuer
name: selfsigned-issuer
@@ -1,13 +1,5 @@
resources:
- certificate.yaml

vars:
- name: CERTIFICATENAME
objref:
kind: Certificate
group: certmanager.k8s.io
version: v1alpha1
name: serving-cert # this name should match the one in certificate.yaml

configurations:
- kustomizeconfig.yaml
@@ -6,10 +6,16 @@ resources:
# +kubebuilder:scaffold:kustomizeresource

patches:
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
# patches here are for enabling the conversion webhook for each CRD
#- patches/webhook_in_cronjobs.yaml
# +kubebuilder:scaffold:kustomizepatch

# [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix.
# patches here are for enabling the CA injection for each CRD
#- patches/cainjection_in_cronjobs.yaml
# +kubebuilder:scaffold:crdkustomizecainjectionpatch

# the following config is for teaching kustomize how to do kustomization for CRDs.
configurations:
- kustomizeconfig.yaml
@@ -0,0 +1,8 @@
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
certmanager.k8s.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
name: cronjobs.batch.tutorial.kubebuilder.io
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
certmanager.k8s.io/inject-ca-from: $(NAMESPACE)/$(CERTIFICATENAME)
certmanager.k8s.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
name: cronjobs.batch.tutorial.kubebuilder.io
spec:
conversion:
@@ -13,6 +13,6 @@ spec:
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
caBundle: XG4=
service:
namespace: $(NAMESPACE)
namespace: $(CERTIFICATE_NAMESPACE)
name: webhook-service
path: /convert-cronjob
@@ -18,7 +18,7 @@ bases:
- ../manager
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in crd/kustomization.yaml
- ../webhook
# [CERTMANAGER] To enable cert-manager, uncomment next line. 'WEBHOOK' components are required.
# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required.
- ../certmanager

patches:
@@ -41,3 +41,38 @@ patches:
# Uncomment 'CAINJECTION' in crd/kustomization.yaml to enable the CA injection in the admission webhooks.
# 'CERTMANAGER' needs to be enabled to use ca injection
- webhookcainjection_patch.yaml

# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'.
# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks.
# 'CERTMANAGER' needs to be enabled to use ca injection
#- webhookcainjection_patch.yaml

# the following config is for teaching kustomize how to do var substitution
vars:
# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
#- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
# objref:
# kind: Certificate
# group: certmanager.k8s.io
# version: v1alpha1
# name: serving-cert # this name should match the one in certificate.yaml
# fieldref:
# fieldpath: metadata.namespace
#- name: CERTIFICATE_NAME
# objref:
# kind: Certificate
# group: certmanager.k8s.io
# version: v1alpha1
# name: serving-cert # this name should match the one in certificate.yaml
#- name: SERVICE_NAMESPACE # namespace of the service
# objref:
# kind: Service
# version: v1
# name: webhook-service
# fieldref:
# fieldpath: metadata.namespace
#- name: SERVICE_NAME
# objref:
# kind: Service
# version: v1
# name: webhook-service
@@ -1,15 +1,15 @@
# This patch add annotation to admission webhook config and
# the variables $(NAMESPACE) and $(CERTIFICATENAME) will be substituted by kustomize.
# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize.
apiVersion: admissionregistration.k8s.io/v1beta1
kind: MutatingWebhookConfiguration
metadata:
name: mutating-webhook-configuration
annotations:
certmanager.k8s.io/inject-ca-from: $(NAMESPACE)/$(CERTIFICATENAME)
certmanager.k8s.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
---
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
name: validating-webhook-configuration
annotations:
certmanager.k8s.io/inject-ca-from: $(NAMESPACE)/$(CERTIFICATENAME)
certmanager.k8s.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
25 go.mod
@@ -3,30 +3,19 @@ module sigs.k8s.io/kubebuilder
go 1.12

require (
github.com/go-logr/logr v0.1.0 // indirect
github.com/go-logr/zapr v0.1.1 // indirect
github.com/gobuffalo/envy v1.6.15 // indirect
github.com/gobuffalo/flect v0.1.5
github.com/imdario/mergo v0.3.7 // indirect
github.com/golang/protobuf v1.3.1 // indirect
github.com/inconshreveable/mousetrap v1.0.0 // indirect
github.com/kr/pretty v0.1.0 // indirect
github.com/onsi/ginkgo v1.8.0
github.com/onsi/gomega v1.5.0
github.com/prometheus/client_golang v1.0.0 // indirect
github.com/robfig/cron v1.2.0 // indirect
github.com/rogpeppe/go-internal v1.2.2 // indirect
github.com/spf13/afero v1.2.2
github.com/spf13/cobra v0.0.3
github.com/spf13/pflag v1.0.3
go.uber.org/atomic v1.4.0 // indirect
go.uber.org/multierr v1.1.0 // indirect
go.uber.org/zap v1.10.0 // indirect
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 // indirect
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 // indirect
golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c
golang.org/x/net v0.0.0-20190620200207-3b0461eec859 // indirect
golang.org/x/sys v0.0.0-20190621203818-d432491b9138 // indirect
golang.org/x/text v0.3.2 // indirect
golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
gopkg.in/yaml.v2 v2.2.2
k8s.io/api v0.0.0-20190627205229-acea843d18eb // indirect
k8s.io/apimachinery v0.0.0-20190628045107-49e757626700 // indirect
k8s.io/client-go v11.0.0+incompatible // indirect
k8s.io/utils v0.0.0-20190607212802-c55fbcfc754a // indirect
sigs.k8s.io/controller-runtime v0.1.12 // indirect
)

0 comments on commit 327fc52

Please sign in to comment.
You can’t perform that action at this time.