diff --git a/CHANGELOG.md b/CHANGELOG.md index e3836fe8..23c8c034 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Add network policies for egress also for `capi-kubeadm-bootstrap-controller-manager`. +### Changed + +- Replace deprecated kustomize config `patchesStrategicMerge` + ## [1.12.0] - 2023-05-17 ### Added diff --git a/README.md b/README.md index 88e1f4f6..c4d9ebcd 100644 --- a/README.md +++ b/README.md @@ -6,11 +6,8 @@ This is a meta App that provides deployment packaging for Cluster API core, boot ## Upgrading CAPI -If you want to upgrade the CAPI version used in this app, there is a value in the `values.yaml` file of the helm chart that controls which CAPI version to use. +See README of [cluster-api fork](https://github.com/giantswarm/cluster-api/blob/main/README.md) for testing and releasing changes. -Once you have changed that value, you may run `make generate` so that the app helm manifests and CRDs are regenerated using that version of CAPI. -Manifests will be generated automatically from the source manifests attached to the Github release of the selected version. +It is important to run `make generate` so that the patches, app manifests and CRDs are regenerated using the new version of CAPI. -There is one thing that needs manual intervention though. **When new webhooks are added upstream** we need to add them to the following `kustomize` patches: -- webhook-certificate.yaml -- webhook-watchfilter.yaml +There is one thing that needs manual intervention though: **when new webhooks are added upstream**, we need to manually add them to the relevant patches (`config/helm/certificate*.yaml`). diff --git a/config/helm/certificate-kubeadm-bootstrap.yaml b/config/helm/certificate-kubeadm-bootstrap.yaml new file mode 100644 index 00000000..f406b96e --- /dev/null +++ b/config/helm/certificate-kubeadm-bootstrap.yaml @@ -0,0 +1,14 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: capi-kubeadm-bootstrap-serving-cert + namespace: capi-kubeadm-bootstrap-system +spec: + dnsNames: + - capi-kubeadm-bootstrap-webhook-service.{{ .Release.Namespace }}.svc + - capi-kubeadm-bootstrap-webhook-service.{{ .Release.Namespace }}.svc.cluster.local + issuerRef: + group: cert-manager.io + kind: ClusterIssuer + name: selfsigned-giantswarm + secretName: capi-kubeadm-bootstrap-webhook-service-cert diff --git a/config/helm/certificate-kubeadm-control-plane.yaml b/config/helm/certificate-kubeadm-control-plane.yaml new file mode 100644 index 00000000..fe27d09f --- /dev/null +++ b/config/helm/certificate-kubeadm-control-plane.yaml @@ -0,0 +1,14 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: capi-kubeadm-control-plane-serving-cert + namespace: capi-kubeadm-control-plane-system +spec: + dnsNames: + - capi-kubeadm-control-plane-webhook-service.{{ .Release.Namespace }}.svc + - capi-kubeadm-control-plane-webhook-service.{{ .Release.Namespace }}.svc.cluster.local + issuerRef: + group: cert-manager.io + kind: ClusterIssuer + name: selfsigned-giantswarm + secretName: capi-kubeadm-control-plane-webhook-service-cert diff --git a/config/helm/certificate.yaml b/config/helm/certificate.yaml index a02936ec..891754b3 100644 --- a/config/helm/certificate.yaml +++ b/config/helm/certificate.yaml @@ -1,4 +1,3 @@ ---- apiVersion: cert-manager.io/v1 kind: Certificate metadata: @@ -13,33 +12,3 @@ spec: kind: ClusterIssuer name: selfsigned-giantswarm secretName: capi-webhook-service-cert ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: capi-kubeadm-control-plane-serving-cert - namespace: capi-kubeadm-control-plane-system -spec: - dnsNames: - - capi-kubeadm-control-plane-webhook-service.{{ .Release.Namespace }}.svc - - capi-kubeadm-control-plane-webhook-service.{{ .Release.Namespace }}.svc.cluster.local - issuerRef: - group: cert-manager.io - kind: ClusterIssuer - name: selfsigned-giantswarm - secretName: capi-kubeadm-control-plane-webhook-service-cert ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: capi-kubeadm-bootstrap-serving-cert - namespace: capi-kubeadm-bootstrap-system -spec: - dnsNames: - - capi-kubeadm-bootstrap-webhook-service.{{ .Release.Namespace }}.svc - - capi-kubeadm-bootstrap-webhook-service.{{ .Release.Namespace }}.svc.cluster.local - issuerRef: - group: cert-manager.io - kind: ClusterIssuer - name: selfsigned-giantswarm - secretName: capi-kubeadm-bootstrap-webhook-service-cert diff --git a/config/helm/delete-issuers.yaml b/config/helm/delete-issuers.yaml deleted file mode 100644 index 181f5337..00000000 --- a/config/helm/delete-issuers.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# We have our Issuer already deployed to clusters. ---- -$patch: delete -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: capi-selfsigned-issuer - namespace: capi-system ---- -$patch: delete -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: capi-kubeadm-bootstrap-selfsigned-issuer - namespace: capi-kubeadm-bootstrap-system ---- -$patch: delete -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: capi-kubeadm-control-plane-selfsigned-issuer - namespace: capi-kubeadm-control-plane-system diff --git a/config/helm/delete-leader-election.yaml b/config/helm/delete-leader-election.yaml deleted file mode 100644 index 8d5743e2..00000000 --- a/config/helm/delete-leader-election.yaml +++ /dev/null @@ -1,44 +0,0 @@ -# We are not using leader election in our current release, since we are -# only deploying a single webhook pod. ---- -$patch: delete -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: capi-leader-election-role - namespace: capi-system ---- -$patch: delete -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: capi-leader-election-rolebinding - namespace: capi-system ---- -$patch: delete -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: capi-kubeadm-bootstrap-leader-election-role - namespace: capi-kubeadm-bootstrap-system ---- -$patch: delete -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: capi-kubeadm-bootstrap-leader-election-rolebinding - namespace: capi-kubeadm-bootstrap-system ---- -$patch: delete -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: capi-kubeadm-control-plane-leader-election-role - namespace: capi-kubeadm-control-plane-system ---- -$patch: delete -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: capi-kubeadm-control-plane-leader-election-rolebinding - namespace: capi-kubeadm-control-plane-system diff --git a/config/helm/deployment-args-controller-manager.yaml b/config/helm/deployment-args-controller-manager.yaml new file mode 100644 index 00000000..935e1d0e --- /dev/null +++ b/config/helm/deployment-args-controller-manager.yaml @@ -0,0 +1,16 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: capi-controller-manager + namespace: capi-system +spec: + template: + spec: + containers: + - name: manager + args: + - --metrics-bind-addr=0.0.0.0:8080 + - --feature-gates=MachinePool=true,ClusterResourceSet=true,ClusterTopology=true + - --watch-filter={{ .Values.watchFilter }} + - --v=0 + image: '{{.Values.images.domain}}/{{.Values.images.core.name}}:{{.Values.images.core.tag | default .Values.images.tag}}' diff --git a/config/helm/deployment-args-kubeadm-bootstrap-controller-manager.yaml b/config/helm/deployment-args-kubeadm-bootstrap-controller-manager.yaml new file mode 100644 index 00000000..268c7038 --- /dev/null +++ b/config/helm/deployment-args-kubeadm-bootstrap-controller-manager.yaml @@ -0,0 +1,16 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: capi-kubeadm-bootstrap-controller-manager + namespace: capi-kubeadm-bootstrap-system +spec: + template: + spec: + containers: + - name: manager + args: + - --metrics-bind-addr=0.0.0.0:8080 + - --feature-gates=MachinePool=true,KubeadmBootstrapFormatIgnition=true + - --watch-filter={{ .Values.watchFilter }} + - --v=0 + image: '{{.Values.images.domain}}/{{.Values.images.bootstrap.name}}:{{.Values.images.bootstrap.tag | default .Values.images.tag}}' diff --git a/config/helm/deployment-args-kubeadm-control-plane-controller-manager.yaml b/config/helm/deployment-args-kubeadm-control-plane-controller-manager.yaml new file mode 100644 index 00000000..0afc4be4 --- /dev/null +++ b/config/helm/deployment-args-kubeadm-control-plane-controller-manager.yaml @@ -0,0 +1,16 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: capi-kubeadm-control-plane-controller-manager + namespace: capi-kubeadm-control-plane-system +spec: + template: + spec: + containers: + - name: manager + args: + - --metrics-bind-addr=0.0.0.0:8080 + - --feature-gates=ClusterTopology=true,KubeadmBootstrapFormatIgnition=true + - --watch-filter={{ .Values.watchFilter }} + - --v=0 + image: '{{.Values.images.domain}}/{{.Values.images.controlplane.name}}:{{.Values.images.controlplane.tag | default .Values.images.tag}}' diff --git a/config/helm/deployment-args.yaml b/config/helm/deployment-args.yaml deleted file mode 100644 index 7608d27c..00000000 --- a/config/helm/deployment-args.yaml +++ /dev/null @@ -1,51 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: capi-controller-manager - namespace: capi-system -spec: - template: - spec: - containers: - - name: manager - args: - - --metrics-bind-addr=0.0.0.0:8080 - - --feature-gates=MachinePool=true,ClusterResourceSet=true,ClusterTopology=true - - --watch-filter={{ .Values.watchFilter }} - - --v=0 - image: '{{.Values.images.domain}}/{{.Values.images.core.name}}:{{.Values.images.core.tag | default .Values.images.tag}}' ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: capi-kubeadm-bootstrap-controller-manager - namespace: capi-kubeadm-bootstrap-system -spec: - template: - spec: - containers: - - name: manager - args: - - --metrics-bind-addr=0.0.0.0:8080 - - --feature-gates=MachinePool=true,KubeadmBootstrapFormatIgnition=true - - --watch-filter={{ .Values.watchFilter }} - - --v=0 - image: '{{.Values.images.domain}}/{{.Values.images.bootstrap.name}}:{{.Values.images.bootstrap.tag | default .Values.images.tag}}' ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: capi-kubeadm-control-plane-controller-manager - namespace: capi-kubeadm-control-plane-system -spec: - template: - spec: - containers: - - name: manager - args: - - --metrics-bind-addr=0.0.0.0:8080 - - --feature-gates=ClusterTopology=true,KubeadmBootstrapFormatIgnition=true - - --watch-filter={{ .Values.watchFilter }} - - --v=0 - image: '{{.Values.images.domain}}/{{.Values.images.controlplane.name}}:{{.Values.images.controlplane.tag | default .Values.images.tag}}' diff --git a/config/helm/deployment-labels-controller-manager.yaml b/config/helm/deployment-labels-controller-manager.yaml new file mode 100644 index 00000000..f575274a --- /dev/null +++ b/config/helm/deployment-labels-controller-manager.yaml @@ -0,0 +1,7 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: capi-controller-manager + namespace: capi-system + labels: + app.kubernetes.io/component: cluster-api diff --git a/config/helm/deployment-labels-kubeadm-bootstrap-controller-manager.yaml b/config/helm/deployment-labels-kubeadm-bootstrap-controller-manager.yaml new file mode 100644 index 00000000..6f593bf7 --- /dev/null +++ b/config/helm/deployment-labels-kubeadm-bootstrap-controller-manager.yaml @@ -0,0 +1,7 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: capi-kubeadm-bootstrap-controller-manager + namespace: capi-kubeadm-bootstrap-system + labels: + app.kubernetes.io/component: bootstrap-kubeadm diff --git a/config/helm/deployment-labels-kubeadm-control-plane-controller-manager.yaml b/config/helm/deployment-labels-kubeadm-control-plane-controller-manager.yaml new file mode 100644 index 00000000..14c11f65 --- /dev/null +++ b/config/helm/deployment-labels-kubeadm-control-plane-controller-manager.yaml @@ -0,0 +1,7 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: capi-kubeadm-control-plane-controller-manager + namespace: capi-kubeadm-control-plane-system + labels: + app.kubernetes.io/component: control-plane-kubeadm diff --git a/config/helm/deployment-labels.yaml b/config/helm/deployment-labels.yaml deleted file mode 100644 index 1cdd07af..00000000 --- a/config/helm/deployment-labels.yaml +++ /dev/null @@ -1,24 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: capi-controller-manager - namespace: capi-system - labels: - app.kubernetes.io/component: cluster-api ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: capi-kubeadm-bootstrap-controller-manager - namespace: capi-kubeadm-bootstrap-system - labels: - app.kubernetes.io/component: bootstrap-kubeadm ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: capi-kubeadm-control-plane-controller-manager - namespace: capi-kubeadm-control-plane-system - labels: - app.kubernetes.io/component: control-plane-kubeadm diff --git a/config/helm/deployment-metrics-port-controller-manager.yaml b/config/helm/deployment-metrics-port-controller-manager.yaml new file mode 100644 index 00000000..111aee19 --- /dev/null +++ b/config/helm/deployment-metrics-port-controller-manager.yaml @@ -0,0 +1,14 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: capi-controller-manager + namespace: capi-system +spec: + template: + spec: + containers: + - name: manager + ports: + - containerPort: 8080 + name: metrics + protocol: TCP diff --git a/config/helm/deployment-metrics-port-kubeadm-bootstrap-controller-manager.yaml b/config/helm/deployment-metrics-port-kubeadm-bootstrap-controller-manager.yaml new file mode 100644 index 00000000..31fd263f --- /dev/null +++ b/config/helm/deployment-metrics-port-kubeadm-bootstrap-controller-manager.yaml @@ -0,0 +1,14 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: capi-kubeadm-bootstrap-controller-manager + namespace: capi-kubeadm-bootstrap-system +spec: + template: + spec: + containers: + - name: manager + ports: + - containerPort: 8080 + name: metrics + protocol: TCP diff --git a/config/helm/deployment-metrics-port-kubeadm-control-plane-controller-manager.yaml b/config/helm/deployment-metrics-port-kubeadm-control-plane-controller-manager.yaml new file mode 100644 index 00000000..174fd9f8 --- /dev/null +++ b/config/helm/deployment-metrics-port-kubeadm-control-plane-controller-manager.yaml @@ -0,0 +1,14 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: capi-kubeadm-control-plane-controller-manager + namespace: capi-kubeadm-control-plane-system +spec: + template: + spec: + containers: + - name: manager + ports: + - containerPort: 8080 + name: metrics + protocol: TCP diff --git a/config/helm/deployment-metrics-port.yaml b/config/helm/deployment-metrics-port.yaml deleted file mode 100644 index e449d1ad..00000000 --- a/config/helm/deployment-metrics-port.yaml +++ /dev/null @@ -1,45 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: capi-controller-manager - namespace: capi-system -spec: - template: - spec: - containers: - - name: manager - ports: - - containerPort: 8080 - name: metrics - protocol: TCP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: capi-kubeadm-bootstrap-controller-manager - namespace: capi-kubeadm-bootstrap-system -spec: - template: - spec: - containers: - - name: manager - ports: - - containerPort: 8080 - name: metrics - protocol: TCP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: capi-kubeadm-control-plane-controller-manager - namespace: capi-kubeadm-control-plane-system -spec: - template: - spec: - containers: - - name: manager - ports: - - containerPort: 8080 - name: metrics - protocol: TCP diff --git a/config/helm/kustomization.yaml b/config/helm/kustomization.yaml index aaad1efe..6f3dc8ae 100644 --- a/config/helm/kustomization.yaml +++ b/config/helm/kustomization.yaml @@ -1,3 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + namespace: '{{ .Release.Namespace }}' resources: @@ -25,20 +28,6 @@ transformers: - monitoring-annotations.yaml - webhook-prefix.yaml -patchesStrategicMerge: - - delete-issuers.yaml - - delete-leader-election.yaml - - deployment-args.yaml - - deployment-metrics-port.yaml - - deployment-labels.yaml - - delete-capi-system-ns.yaml - - delete-capi-kubeadm-control-plane-system-ns.yaml - - delete-capi-kubeadm-bootstrap-system-ns.yaml - - webhook-watchfilter.yaml - - webhook-certificate.yaml - - service-add-metrics-port.yaml - - certificate.yaml - patches: - path: crd_core_cainjection.yaml target: @@ -77,14 +66,123 @@ patches: kind: CustomResourceDefinition labelSelector: cluster.x-k8s.io/provider=control-plane-kubeadm - target: - kind: CustomResourceDefinition - name: (ipaddressclaims\.ipam|extensionconfigs\.runtime|ipaddresses\.ipam).cluster.x-k8s.io + kind: Deployment + name: capi-controller-manager|capi-kubeadm-bootstrap-controller-manager|capi-kubeadm-control-plane-controller-manager patch: |- - op: remove - path: /metadata/creationTimestamp + path: /spec/template/spec/securityContext/seccompProfile + + # Upstream defaults to `Always` but since we use images that are not changing (`vX.Y.Z` or commit SHA), we prefer `IfNotPresent` - target: - kind: Deployment + kind: Deployment name: capi-controller-manager|capi-kubeadm-bootstrap-controller-manager|capi-kubeadm-control-plane-controller-manager patch: |- - - op: remove - path: /spec/template/spec/securityContext/seccompProfile + - op: replace + path: /spec/template/spec/containers/0/imagePullPolicy + value: IfNotPresent + + # We have our `Issuer` manifests already deployed to clusters + - patch: |- + $patch: delete + apiVersion: cert-manager.io/v1 + kind: Issuer + metadata: + name: capi-selfsigned-issuer + namespace: capi-system + - patch: |- + $patch: delete + apiVersion: cert-manager.io/v1 + kind: Issuer + metadata: + name: capi-kubeadm-bootstrap-selfsigned-issuer + namespace: capi-kubeadm-bootstrap-system + - patch: |- + $patch: delete + apiVersion: cert-manager.io/v1 + kind: Issuer + metadata: + name: capi-kubeadm-control-plane-selfsigned-issuer + namespace: capi-kubeadm-control-plane-system + + # We are not using leader election in our current release, since we are + # only deploying a single webhook pod. + - patch: |- + $patch: delete + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: capi-leader-election-role + namespace: capi-system + - patch: |- + $patch: delete + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: capi-leader-election-rolebinding + namespace: capi-system + - patch: |- + $patch: delete + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: capi-kubeadm-bootstrap-leader-election-role + namespace: capi-kubeadm-bootstrap-system + - patch: |- + $patch: delete + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: capi-kubeadm-bootstrap-leader-election-rolebinding + namespace: capi-kubeadm-bootstrap-system + - patch: |- + $patch: delete + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: capi-kubeadm-control-plane-leader-election-role + namespace: capi-kubeadm-control-plane-system + - patch: |- + $patch: delete + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: capi-kubeadm-control-plane-leader-election-rolebinding + namespace: capi-kubeadm-control-plane-system + + - path: deployment-args-controller-manager.yaml + - path: deployment-args-kubeadm-bootstrap-controller-manager.yaml + - path: deployment-args-kubeadm-control-plane-controller-manager.yaml + + - path: deployment-labels-controller-manager.yaml + - path: deployment-labels-kubeadm-bootstrap-controller-manager.yaml + - path: deployment-labels-kubeadm-control-plane-controller-manager.yaml + + - path: deployment-metrics-port-controller-manager.yaml + - path: deployment-metrics-port-kubeadm-bootstrap-controller-manager.yaml + - path: deployment-metrics-port-kubeadm-control-plane-controller-manager.yaml + + - path: delete-capi-system-ns.yaml + - path: delete-capi-kubeadm-control-plane-system-ns.yaml + - path: delete-capi-kubeadm-bootstrap-system-ns.yaml + + - path: webhook-mutating-capi-kubeadm-bootstrap-mutating-webhook-configuration-watchfilter.yaml + - path: webhook-mutating-capi-kubeadm-control-plane-mutating-webhook-configuration-watchfilter.yaml + - path: webhook-mutating-capi-mutating-webhook-configuration-watchfilter.yaml + - path: webhook-validating-capi-kubeadm-bootstrap-validating-webhook-configuration-watchfilter.yaml + - path: webhook-validating-capi-kubeadm-control-plane-validating-webhook-configuration-watchfilter.yaml + - path: webhook-validating-capi-validating-webhook-configuration-watchfilter.yaml + + - path: webhook-mutating-certificate-kubeadm-bootstrap.yaml + - path: webhook-mutating-certificate-kubeadm-control-plane.yaml + - path: webhook-mutating-certificate.yaml + - path: webhook-validating-certificate-kubeadm-bootstrap.yaml + - path: webhook-validating-certificate-kubeadm-control-plane.yaml + - path: webhook-validating-certificate.yaml + + - path: service-add-metrics-port-kubeadm-bootstrap.yaml + - path: service-add-metrics-port-kubeadm-control-plane.yaml + - path: service-add-metrics-port.yaml + + - path: certificate-kubeadm-bootstrap.yaml + - path: certificate-kubeadm-control-plane.yaml + - path: certificate.yaml diff --git a/config/helm/service-add-metrics-port-kubeadm-bootstrap.yaml b/config/helm/service-add-metrics-port-kubeadm-bootstrap.yaml new file mode 100644 index 00000000..1ec02c6f --- /dev/null +++ b/config/helm/service-add-metrics-port-kubeadm-bootstrap.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + namespace: capi-kubeadm-bootstrap-system + name: capi-kubeadm-bootstrap-webhook-service +spec: + ports: + - name: metrics + port: 8080 + targetPort: metrics + - name: webhook-server + port: 443 + targetPort: webhook-server diff --git a/config/helm/service-add-metrics-port-kubeadm-control-plane.yaml b/config/helm/service-add-metrics-port-kubeadm-control-plane.yaml new file mode 100644 index 00000000..ff835d99 --- /dev/null +++ b/config/helm/service-add-metrics-port-kubeadm-control-plane.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + namespace: capi-kubeadm-control-plane-system + name: capi-kubeadm-control-plane-webhook-service +spec: + ports: + - name: metrics + port: 8080 + targetPort: metrics + - name: webhook-server + port: 443 + targetPort: webhook-server diff --git a/config/helm/service-add-metrics-port.yaml b/config/helm/service-add-metrics-port.yaml index c05fe602..c8991bb7 100644 --- a/config/helm/service-add-metrics-port.yaml +++ b/config/helm/service-add-metrics-port.yaml @@ -1,4 +1,3 @@ ---- apiVersion: v1 kind: Service metadata: @@ -12,31 +11,3 @@ spec: - name: webhook-server port: 443 targetPort: webhook-server ---- -apiVersion: v1 -kind: Service -metadata: - namespace: capi-kubeadm-control-plane-system - name: capi-kubeadm-control-plane-webhook-service -spec: - ports: - - name: metrics - port: 8080 - targetPort: metrics - - name: webhook-server - port: 443 - targetPort: webhook-server ---- -apiVersion: v1 -kind: Service -metadata: - namespace: capi-kubeadm-bootstrap-system - name: capi-kubeadm-bootstrap-webhook-service -spec: - ports: - - name: metrics - port: 8080 - targetPort: metrics - - name: webhook-server - port: 443 - targetPort: webhook-server diff --git a/config/helm/webhook-certificate.yaml b/config/helm/webhook-certificate.yaml deleted file mode 100644 index 797d9604..00000000 --- a/config/helm/webhook-certificate.yaml +++ /dev/null @@ -1,42 +0,0 @@ ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: capi-mutating-webhook-configuration - annotations: - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-serving-cert' ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: capi-validating-webhook-configuration - annotations: - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-serving-cert' ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: capi-kubeadm-control-plane-mutating-webhook-configuration - annotations: - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-kubeadm-control-plane-serving-cert' ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: capi-kubeadm-control-plane-validating-webhook-configuration - annotations: - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-kubeadm-control-plane-serving-cert' ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: capi-kubeadm-bootstrap-validating-webhook-configuration - annotations: - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-kubeadm-bootstrap-serving-cert' ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: capi-kubeadm-bootstrap-mutating-webhook-configuration - annotations: - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-kubeadm-bootstrap-serving-cert' diff --git a/config/helm/webhook-mutating-capi-kubeadm-bootstrap-mutating-webhook-configuration-watchfilter.yaml b/config/helm/webhook-mutating-capi-kubeadm-bootstrap-mutating-webhook-configuration-watchfilter.yaml new file mode 100644 index 00000000..cd0e3be3 --- /dev/null +++ b/config/helm/webhook-mutating-capi-kubeadm-bootstrap-mutating-webhook-configuration-watchfilter.yaml @@ -0,0 +1,14 @@ +# Generated by 'generate-kustomize-patches.sh'. Do not edit. +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: capi-kubeadm-bootstrap-mutating-webhook-configuration +webhooks: + - name: default.kubeadmconfig.bootstrap.cluster.x-k8s.io + objectSelector: + matchLabels: + cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' + - name: default.kubeadmconfigtemplate.bootstrap.cluster.x-k8s.io + objectSelector: + matchLabels: + cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' diff --git a/config/helm/webhook-mutating-capi-kubeadm-control-plane-mutating-webhook-configuration-watchfilter.yaml b/config/helm/webhook-mutating-capi-kubeadm-control-plane-mutating-webhook-configuration-watchfilter.yaml new file mode 100644 index 00000000..6c1131ef --- /dev/null +++ b/config/helm/webhook-mutating-capi-kubeadm-control-plane-mutating-webhook-configuration-watchfilter.yaml @@ -0,0 +1,14 @@ +# Generated by 'generate-kustomize-patches.sh'. Do not edit. +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: capi-kubeadm-control-plane-mutating-webhook-configuration +webhooks: + - name: default.kubeadmcontrolplane.controlplane.cluster.x-k8s.io + objectSelector: + matchLabels: + cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' + - name: default.kubeadmcontrolplanetemplate.controlplane.cluster.x-k8s.io + objectSelector: + matchLabels: + cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' diff --git a/config/helm/webhook-mutating-capi-mutating-webhook-configuration-watchfilter.yaml b/config/helm/webhook-mutating-capi-mutating-webhook-configuration-watchfilter.yaml new file mode 100644 index 00000000..7ce55060 --- /dev/null +++ b/config/helm/webhook-mutating-capi-mutating-webhook-configuration-watchfilter.yaml @@ -0,0 +1,42 @@ +# Generated by 'generate-kustomize-patches.sh'. Do not edit. +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: capi-mutating-webhook-configuration +webhooks: + - name: default.machine.cluster.x-k8s.io + objectSelector: + matchLabels: + cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' + - name: default.machinedeployment.cluster.x-k8s.io + objectSelector: + matchLabels: + cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' + - name: default.machinehealthcheck.cluster.x-k8s.io + objectSelector: + matchLabels: + cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' + - name: default.machineset.cluster.x-k8s.io + objectSelector: + matchLabels: + cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' + - name: default.cluster.cluster.x-k8s.io + objectSelector: + matchLabels: + cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' + - name: default.clusterclass.cluster.x-k8s.io + objectSelector: + matchLabels: + cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' + - name: default.extensionconfig.runtime.addons.cluster.x-k8s.io + objectSelector: + matchLabels: + cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' + - name: default.machinepool.cluster.x-k8s.io + objectSelector: + matchLabels: + cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' + - name: default.clusterresourceset.addons.cluster.x-k8s.io + objectSelector: + matchLabels: + cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' diff --git a/config/helm/webhook-mutating-certificate-kubeadm-bootstrap.yaml b/config/helm/webhook-mutating-certificate-kubeadm-bootstrap.yaml new file mode 100644 index 00000000..5c4f4dfd --- /dev/null +++ b/config/helm/webhook-mutating-certificate-kubeadm-bootstrap.yaml @@ -0,0 +1,6 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: capi-kubeadm-bootstrap-mutating-webhook-configuration + annotations: + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-kubeadm-bootstrap-serving-cert' diff --git a/config/helm/webhook-mutating-certificate-kubeadm-control-plane.yaml b/config/helm/webhook-mutating-certificate-kubeadm-control-plane.yaml new file mode 100644 index 00000000..896f1d25 --- /dev/null +++ b/config/helm/webhook-mutating-certificate-kubeadm-control-plane.yaml @@ -0,0 +1,6 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: capi-kubeadm-control-plane-mutating-webhook-configuration + annotations: + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-kubeadm-control-plane-serving-cert' diff --git a/config/helm/webhook-mutating-certificate.yaml b/config/helm/webhook-mutating-certificate.yaml new file mode 100644 index 00000000..cb25143b --- /dev/null +++ b/config/helm/webhook-mutating-certificate.yaml @@ -0,0 +1,6 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: capi-mutating-webhook-configuration + annotations: + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-serving-cert' diff --git a/config/helm/webhook-validating-capi-kubeadm-bootstrap-validating-webhook-configuration-watchfilter.yaml b/config/helm/webhook-validating-capi-kubeadm-bootstrap-validating-webhook-configuration-watchfilter.yaml new file mode 100644 index 00000000..1c3f1024 --- /dev/null +++ b/config/helm/webhook-validating-capi-kubeadm-bootstrap-validating-webhook-configuration-watchfilter.yaml @@ -0,0 +1,14 @@ +# Generated by 'generate-kustomize-patches.sh'. Do not edit. +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: capi-kubeadm-bootstrap-validating-webhook-configuration +webhooks: + - name: validation.kubeadmconfig.bootstrap.cluster.x-k8s.io + objectSelector: + matchLabels: + cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' + - name: validation.kubeadmconfigtemplate.bootstrap.cluster.x-k8s.io + objectSelector: + matchLabels: + cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' diff --git a/config/helm/webhook-validating-capi-kubeadm-control-plane-validating-webhook-configuration-watchfilter.yaml b/config/helm/webhook-validating-capi-kubeadm-control-plane-validating-webhook-configuration-watchfilter.yaml new file mode 100644 index 00000000..1cd6efa7 --- /dev/null +++ b/config/helm/webhook-validating-capi-kubeadm-control-plane-validating-webhook-configuration-watchfilter.yaml @@ -0,0 +1,18 @@ +# Generated by 'generate-kustomize-patches.sh'. Do not edit. +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: capi-kubeadm-control-plane-validating-webhook-configuration +webhooks: + - name: validation.kubeadmcontrolplane.controlplane.cluster.x-k8s.io + objectSelector: + matchLabels: + cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' + - name: validation.kubeadmcontrolplanetemplate.controlplane.cluster.x-k8s.io + objectSelector: + matchLabels: + cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' + - name: validation-scale.kubeadmcontrolplane.controlplane.cluster.x-k8s.io + objectSelector: + matchLabels: + cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' diff --git a/config/helm/webhook-validating-capi-validating-webhook-configuration-watchfilter.yaml b/config/helm/webhook-validating-capi-validating-webhook-configuration-watchfilter.yaml new file mode 100644 index 00000000..a883ecb4 --- /dev/null +++ b/config/helm/webhook-validating-capi-validating-webhook-configuration-watchfilter.yaml @@ -0,0 +1,54 @@ +# Generated by 'generate-kustomize-patches.sh'. Do not edit. +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: capi-validating-webhook-configuration +webhooks: + - name: validation.machine.cluster.x-k8s.io + objectSelector: + matchLabels: + cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' + - name: validation.machinedeployment.cluster.x-k8s.io + objectSelector: + matchLabels: + cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' + - name: validation.machinehealthcheck.cluster.x-k8s.io + objectSelector: + matchLabels: + cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' + - name: validation.machineset.cluster.x-k8s.io + objectSelector: + matchLabels: + cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' + - name: validation.cluster.cluster.x-k8s.io + objectSelector: + matchLabels: + cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' + - name: validation.clusterclass.cluster.x-k8s.io + objectSelector: + matchLabels: + cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' + - name: validation.extensionconfig.runtime.cluster.x-k8s.io + objectSelector: + matchLabels: + cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' + - name: validation.machinepool.cluster.x-k8s.io + objectSelector: + matchLabels: + cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' + - name: validation.clusterresourceset.addons.cluster.x-k8s.io + objectSelector: + matchLabels: + cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' + - name: validation.clusterresourcesetbinding.addons.cluster.x-k8s.io + objectSelector: + matchLabels: + cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' + - name: validation.ipaddress.ipam.cluster.x-k8s.io + objectSelector: + matchLabels: + cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' + - name: validation.ipaddressclaim.ipam.cluster.x-k8s.io + objectSelector: + matchLabels: + cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' diff --git a/config/helm/webhook-validating-certificate-kubeadm-bootstrap.yaml b/config/helm/webhook-validating-certificate-kubeadm-bootstrap.yaml new file mode 100644 index 00000000..5e5bde0e --- /dev/null +++ b/config/helm/webhook-validating-certificate-kubeadm-bootstrap.yaml @@ -0,0 +1,6 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: capi-kubeadm-bootstrap-validating-webhook-configuration + annotations: + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-kubeadm-bootstrap-serving-cert' diff --git a/config/helm/webhook-validating-certificate-kubeadm-control-plane.yaml b/config/helm/webhook-validating-certificate-kubeadm-control-plane.yaml new file mode 100644 index 00000000..da43471f --- /dev/null +++ b/config/helm/webhook-validating-certificate-kubeadm-control-plane.yaml @@ -0,0 +1,6 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: capi-kubeadm-control-plane-validating-webhook-configuration + annotations: + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-kubeadm-control-plane-serving-cert' diff --git a/config/helm/webhook-validating-certificate.yaml b/config/helm/webhook-validating-certificate.yaml new file mode 100644 index 00000000..e5339660 --- /dev/null +++ b/config/helm/webhook-validating-certificate.yaml @@ -0,0 +1,6 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: capi-validating-webhook-configuration + annotations: + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-serving-cert' diff --git a/config/helm/webhook-watchfilter.yaml b/config/helm/webhook-watchfilter.yaml deleted file mode 100644 index df7263a7..00000000 --- a/config/helm/webhook-watchfilter.yaml +++ /dev/null @@ -1,156 +0,0 @@ ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: capi-mutating-webhook-configuration -webhooks: - - name: default.machine.cluster.x-k8s.io - objectSelector: - matchLabels: - cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' - - name: default.machinedeployment.cluster.x-k8s.io - objectSelector: - matchLabels: - cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' - - name: default.machinehealthcheck.cluster.x-k8s.io - objectSelector: - matchLabels: - cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' - - name: default.machineset.cluster.x-k8s.io - objectSelector: - matchLabels: - cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' - - name: default.cluster.cluster.x-k8s.io - objectSelector: - matchLabels: - cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' - - name: default.clusterclass.cluster.x-k8s.io - objectSelector: - matchLabels: - cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' - - name: default.extensionconfig.runtime.addons.cluster.x-k8s.io - objectSelector: - matchLabels: - cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' - - name: default.machinepool.cluster.x-k8s.io - objectSelector: - matchLabels: - cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' - - name: default.clusterresourceset.addons.cluster.x-k8s.io - objectSelector: - matchLabels: - cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: capi-validating-webhook-configuration -webhooks: - - name: validation.machine.cluster.x-k8s.io - objectSelector: - matchLabels: - cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' - - name: validation.machinedeployment.cluster.x-k8s.io - objectSelector: - matchLabels: - cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' - - name: validation.machinehealthcheck.cluster.x-k8s.io - objectSelector: - matchLabels: - cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' - - name: validation.machineset.cluster.x-k8s.io - objectSelector: - matchLabels: - cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' - - name: validation.cluster.cluster.x-k8s.io - objectSelector: - matchLabels: - cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' - - name: validation.clusterclass.cluster.x-k8s.io - objectSelector: - matchLabels: - cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' - - name: validation.extensionconfig.runtime.cluster.x-k8s.io - objectSelector: - matchLabels: - cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' - - name: validation.machinepool.cluster.x-k8s.io - objectSelector: - matchLabels: - cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' - - name: validation.clusterresourceset.addons.cluster.x-k8s.io - objectSelector: - matchLabels: - cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' - - name: validation.clusterresourcesetbinding.addons.cluster.x-k8s.io - objectSelector: - matchLabels: - cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' - - name: validation.ipaddress.ipam.cluster.x-k8s.io - objectSelector: - matchLabels: - cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' - - name: validation.ipaddressclaim.ipam.cluster.x-k8s.io - objectSelector: - matchLabels: - cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: capi-kubeadm-bootstrap-mutating-webhook-configuration -webhooks: - - name: default.kubeadmconfig.bootstrap.cluster.x-k8s.io - objectSelector: - matchLabels: - cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' - - name: default.kubeadmconfigtemplate.bootstrap.cluster.x-k8s.io - objectSelector: - matchLabels: - cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: capi-kubeadm-bootstrap-validating-webhook-configuration -webhooks: - - name: validation.kubeadmconfig.bootstrap.cluster.x-k8s.io - objectSelector: - matchLabels: - cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' - - name: validation.kubeadmconfigtemplate.bootstrap.cluster.x-k8s.io - objectSelector: - matchLabels: - cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: capi-kubeadm-control-plane-mutating-webhook-configuration -webhooks: - - name: default.kubeadmcontrolplane.controlplane.cluster.x-k8s.io - objectSelector: - matchLabels: - cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' - - name: default.kubeadmcontrolplanetemplate.controlplane.cluster.x-k8s.io - objectSelector: - matchLabels: - cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: capi-kubeadm-control-plane-validating-webhook-configuration -webhooks: - - name: validation.kubeadmcontrolplane.controlplane.cluster.x-k8s.io - objectSelector: - matchLabels: - cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' - - name: validation.kubeadmcontrolplanetemplate.controlplane.cluster.x-k8s.io - objectSelector: - matchLabels: - cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' - - name: validation-scale.kubeadmcontrolplane.controlplane.cluster.x-k8s.io - objectSelector: - matchLabels: - cluster.x-k8s.io/watch-filter: '{{ .Values.watchFilter }}' diff --git a/hack/generate-kustomize-patches.sh b/hack/generate-kustomize-patches.sh index c9bb014f..7dd25425 100755 --- a/hack/generate-kustomize-patches.sh +++ b/hack/generate-kustomize-patches.sh @@ -23,51 +23,59 @@ helm_values="$HELM_DIR/values.yaml" org="kubernetes-sigs" repo="cluster-api" version="$(yq e '.images.tag' "$helm_values")" -url="https://github.com/$org/$repo/releases/download/$version/cluster-api-components.yaml" +release_asset_filename="cluster-api-components.yaml" +url="https://github.com/$org/$repo/releases/download/$version/${release_asset_filename}" mkdir -p "$KUSTOMIZE_INPUT_DIR" -curl -L "$url" -o "$KUSTOMIZE_INPUT_DIR/cluster-api-components.yaml" +curl -L "$url" -o "$KUSTOMIZE_INPUT_DIR/${release_asset_filename}" # Update kustomize patches for webhooks. We do this for every CRD -# First clear previous watchfilter patches -true > "$KUSTOMIZE_DIR/webhook-watchfilter.yaml" - # For every CRD, add webhook label selector -for webhook_cr_name in $(yq e -N 'select(.kind=="MutatingWebhookConfiguration" or .kind=="ValidatingWebhookConfiguration") | .metadata.name' "$KUSTOMIZE_INPUT_DIR/cluster-api-components.yaml"); do - webhook="$( - webhook_cr_name="$webhook_cr_name" \ - yq e 'select((.kind=="MutatingWebhookConfiguration" or .kind=="ValidatingWebhookConfiguration") and .metadata.name==env(webhook_cr_name))' \ - "$KUSTOMIZE_INPUT_DIR/cluster-api-components.yaml" - )" +for webhook_kind_prefix in Mutating Validating; do + output_path_prefix="${KUSTOMIZE_DIR}/webhook-$(echo "${webhook_kind_prefix}" | tr '[:upper:]' '[:lower:]')-" + output_path_suffix="-watchfilter.yaml" + rm -f "${output_path_prefix}"*"${output_path_suffix}" + + for webhook_cr_name in $(yq e -N "select(.kind==\"${webhook_kind_prefix}WebhookConfiguration\") | .metadata.name" "$KUSTOMIZE_INPUT_DIR/$release_asset_filename"); do + output_path="${output_path_prefix}${webhook_cr_name}${output_path_suffix}" + echo "# Generated by 'generate-kustomize-patches.sh'. Do not edit." > "${output_path}" + webhook="$( + webhook_cr_name="$webhook_cr_name" \ + yq e "select((.kind==\"${webhook_kind_prefix}WebhookConfiguration\") and .metadata.name==env(webhook_cr_name))" \ + "$KUSTOMIZE_INPUT_DIR/$release_asset_filename" + )" + + webhook_api_version="$(echo "$webhook" | yq e ".apiVersion" -)" - webhook_api_version="$(echo "$webhook" | yq e ".apiVersion" -)" - webhook_kind="$(echo "$webhook" | yq e ".kind" -)" + echo "Generating watch-filter patches for ${webhook_kind_prefix}WebhookConfiguration $webhook_cr_name" - webhook_patch="--- -apiVersion: $webhook_api_version -kind: $webhook_kind + webhook_patch="apiVersion: $webhook_api_version +kind: ${webhook_kind_prefix}WebhookConfiguration metadata: name: $webhook_cr_name webhooks: null " - echo "Generating watch-filter patches for $webhook_kind $webhook_cr_name" - # Get all CRDs for this provider - for webhook_name in $(webhook_cr_name="$webhook_cr_name" yq e 'select((.kind=="MutatingWebhookConfiguration" or .kind=="ValidatingWebhookConfiguration") and .metadata.name==env(webhook_cr_name)) | .webhooks[].name' "$KUSTOMIZE_INPUT_DIR/cluster-api-components.yaml"); do - object_selector_patch="$( - webhook_name="$webhook_name" \ - yq e --null-input \ - '.name = env(webhook_name) | - .objectSelector.matchLabels["cluster.x-k8s.io/watch-filter"] = "{{ .Values.watchFilter }}"' + # Get all CRDs for this provider + for webhook_name in $(webhook_cr_name="$webhook_cr_name" yq e "select((.kind==\"${webhook_kind_prefix}WebhookConfiguration\") and .metadata.name==env(webhook_cr_name)) | .webhooks[].name" "$KUSTOMIZE_INPUT_DIR/$release_asset_filename"); do + object_selector_patch="$( + webhook_name="$webhook_name" \ + yq e --null-input \ + '.name = env(webhook_name) | + .objectSelector.matchLabels["cluster.x-k8s.io/watch-filter"] = "{{ .Values.watchFilter }}"' + )" + + webhook_patch="$( + echo "$webhook_patch" | \ + object_selector_patch="$object_selector_patch" \ + yq e '.webhooks += [env(object_selector_patch)]' - )" + done - webhook_patch="$( - echo "$webhook_patch" | \ - object_selector_patch="$object_selector_patch" \ - yq e '.webhooks += [env(object_selector_patch)]' - - )" - done + # Write webhook patch to file + echo "$webhook_patch" >> "${output_path}" - # Write webhook patch to file - echo "$webhook_patch" >> "$KUSTOMIZE_DIR"/webhook-watchfilter.yaml + output_filename="${output_path##*/}" + grep -qwF "path: ${output_filename}" "${KUSTOMIZE_DIR}/kustomization.yaml" || { echo "Please add new patch ${output_filename} to ${KUSTOMIZE_DIR}/kustomization.yaml"; exit 1; } + done done diff --git a/helm/cluster-api/files/core/bases/extensionconfigs.runtime.cluster.x-k8s.io.yaml b/helm/cluster-api/files/core/bases/extensionconfigs.runtime.cluster.x-k8s.io.yaml index d872d32f..2bd6aef2 100644 --- a/helm/cluster-api/files/core/bases/extensionconfigs.runtime.cluster.x-k8s.io.yaml +++ b/helm/cluster-api/files/core/bases/extensionconfigs.runtime.cluster.x-k8s.io.yaml @@ -4,6 +4,7 @@ metadata: annotations: cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-serving-cert' controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: "null" labels: app.giantswarm.io/branch: '{{ .Values.project.branch }}' app.giantswarm.io/commit: '{{ .Values.project.commit }}' diff --git a/helm/cluster-api/files/core/bases/ipaddressclaims.ipam.cluster.x-k8s.io.yaml b/helm/cluster-api/files/core/bases/ipaddressclaims.ipam.cluster.x-k8s.io.yaml index 5e483c6a..86a9362c 100644 --- a/helm/cluster-api/files/core/bases/ipaddressclaims.ipam.cluster.x-k8s.io.yaml +++ b/helm/cluster-api/files/core/bases/ipaddressclaims.ipam.cluster.x-k8s.io.yaml @@ -4,6 +4,7 @@ metadata: annotations: cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-serving-cert' controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: "null" labels: app.giantswarm.io/branch: '{{ .Values.project.branch }}' app.giantswarm.io/commit: '{{ .Values.project.commit }}' diff --git a/helm/cluster-api/files/core/bases/ipaddresses.ipam.cluster.x-k8s.io.yaml b/helm/cluster-api/files/core/bases/ipaddresses.ipam.cluster.x-k8s.io.yaml index d0afc2d7..c857d627 100644 --- a/helm/cluster-api/files/core/bases/ipaddresses.ipam.cluster.x-k8s.io.yaml +++ b/helm/cluster-api/files/core/bases/ipaddresses.ipam.cluster.x-k8s.io.yaml @@ -4,6 +4,7 @@ metadata: annotations: cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-serving-cert' controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: "null" labels: app.giantswarm.io/branch: '{{ .Values.project.branch }}' app.giantswarm.io/commit: '{{ .Values.project.commit }}'