From 5365576fcdd2be34ef32392f6077b065c2a82326 Mon Sep 17 00:00:00 2001
From: Mengqi Yu <mengqiy@google.com>
Date: Wed, 15 May 2019 14:36:44 -0700
Subject: [PATCH] fix webhook related scaffolding

---
 cmd/main.go                                   |  6 +--
 cmd/webhook.go                                |  3 +-
 generated_golden.sh                           |  3 --
 pkg/scaffold/project.go                       | 12 ++---
 pkg/scaffold/v2/certmanager/kustomize.go      |  9 ++++
 pkg/scaffold/v2/crd/enablewebhook_patch.go    |  2 +-
 pkg/scaffold/v2/kustomize.go                  | 16 +++---
 pkg/scaffold/v2/manager/config.go             |  4 --
 pkg/scaffold/v2/manager/kustomization.go      | 15 ------
 .../v2/webhook/enablecainection_patch.go      |  4 +-
 pkg/scaffold/v2/webhook/kustomization.go      | 18 ++++++-
 pkg/scaffold/v2/webhook/service.go            | 52 +++++++++++++++++++
 pkg/scaffold/v2/webhook_manager_patch.go      | 15 ++----
 13 files changed, 104 insertions(+), 55 deletions(-)
 create mode 100644 pkg/scaffold/v2/webhook/service.go

diff --git a/cmd/main.go b/cmd/main.go
index aaae68c5928..11674edb52c 100644
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -17,11 +17,11 @@ limitations under the License.
 package main
 
 import (
+	"encoding/json"
 	"fmt"
+	"log"
 	"os"
 	"os/exec"
-	"log"
-	"encoding/json"
 
 	"github.com/spf13/cobra"
 	"golang.org/x/tools/go/packages"
@@ -77,7 +77,7 @@ func findCurrentRepo() (string, error) {
 
 	// next, check if we've got a package in the current directory
 	pkgCfg := &packages.Config{
-		Mode: packages.NeedName,  // name gives us path as well
+		Mode: packages.NeedName, // name gives us path as well
 	}
 	pkgs, err := packages.Load(pkgCfg, ".")
 	if err == nil && len(pkgs) > 0 {
diff --git a/cmd/webhook.go b/cmd/webhook.go
index 5f4e0cb04d3..1844ca984f5 100644
--- a/cmd/webhook.go
+++ b/cmd/webhook.go
@@ -43,10 +43,11 @@ func newWebhookCmd() *cobra.Command {
 		Short: "Scaffold a webhook server",
 		Long: `Scaffold a webhook server if there is no existing server.
 Scaffolds webhook handlers based on group, version, kind and other user inputs.
+This command is only available for v1 scaffolding project.
 `,
 		Example: `	# Create webhook for CRD of group crew, version v1 and kind FirstMate.
 	# Set type to be mutating and operations to be create and update.
-	kubebuilder webhook --group crew --version v1 --kind FirstMate --type=mutating --operations=create,update
+	kubebuilder alpha webhook --group crew --version v1 --kind FirstMate --type=mutating --operations=create,update
 `,
 		Run: func(cmd *cobra.Command, args []string) {
 			dieIfNoProject()
diff --git a/generated_golden.sh b/generated_golden.sh
index bfe92297d76..f535fa0064c 100755
--- a/generated_golden.sh
+++ b/generated_golden.sh
@@ -64,13 +64,10 @@ scaffold_test_project() {
 		$kb init --project-version $version --domain testproject.org --license apache2 --owner "The Kubernetes authors"
 		$kb create api --group crew --version v1 --kind Captain --controller=true --resource=true --make=false
 		$kb create api --group crew --version v1 --kind FirstMate --controller=true --resource=true --make=false
-		$kb alpha webhook --group crew --version v1 --kind FirstMate --type=mutating --operations=create,update --make=false
-		$kb alpha webhook --group crew --version v1 --kind FirstMate --type=mutating --operations=delete --make=false
 		# TODO(droot): Adding a second group is a valid test case and kubebuilder is expected to report an error in this case. It
 		# doesn't do that currently so leaving it commented so that we can enable it later.
 		# $kb create api --group ship --version v1beta1 --kind Frigate --example=false --controller=true --resource=true --make=false
 		$kb create api --group core --version v1 --kind Namespace --example=false --controller=true --resource=false --namespaced=false --make=false
-		$kb alpha webhook --group core --version v1 --kind Namespace --type=mutating --operations=update --make=false
 		# $kb create api --group policy --version v1beta1 --kind HealthCheckPolicy --example=false --controller=true --resource=true --namespaced=false --make=false
 	fi
 	make all test # v2 doesn't test by default
diff --git a/pkg/scaffold/project.go b/pkg/scaffold/project.go
index d20c7a8a4f8..ef6f16be454 100644
--- a/pkg/scaffold/project.go
+++ b/pkg/scaffold/project.go
@@ -17,21 +17,21 @@ limitations under the License.
 package scaffold
 
 import (
+	"bufio"
+	"fmt"
 	"os"
 	"os/exec"
-	"fmt"
 	"strings"
-	"bufio"
 
 	"sigs.k8s.io/kubebuilder/pkg/scaffold/input"
 	"sigs.k8s.io/kubebuilder/pkg/scaffold/project"
 	"sigs.k8s.io/kubebuilder/pkg/scaffold/v1/manager"
 
+	"sigs.k8s.io/kubebuilder/cmd/util"
 	scaffoldv2 "sigs.k8s.io/kubebuilder/pkg/scaffold/v2"
 	"sigs.k8s.io/kubebuilder/pkg/scaffold/v2/certmanager"
 	managerv2 "sigs.k8s.io/kubebuilder/pkg/scaffold/v2/manager"
 	"sigs.k8s.io/kubebuilder/pkg/scaffold/v2/webhook"
-	"sigs.k8s.io/kubebuilder/cmd/util"
 )
 
 type ProjectScaffolder interface {
@@ -41,10 +41,10 @@ type ProjectScaffolder interface {
 }
 
 type V1Project struct {
-	Project project.Project
+	Project     project.Project
 	Boilerplate project.Boilerplate
 
-	DepArgs []string
+	DepArgs          []string
 	DefinitelyEnsure *bool
 }
 
@@ -129,7 +129,7 @@ func (p *V1Project) Scaffold() error {
 }
 
 type V2Project struct {
-	Project project.Project
+	Project     project.Project
 	Boilerplate project.Boilerplate
 }
 
diff --git a/pkg/scaffold/v2/certmanager/kustomize.go b/pkg/scaffold/v2/certmanager/kustomize.go
index 4fea836484e..b3eef8e70f0 100644
--- a/pkg/scaffold/v2/certmanager/kustomize.go
+++ b/pkg/scaffold/v2/certmanager/kustomize.go
@@ -39,6 +39,7 @@ func (p *Kustomization) GetInput() (input.Input, error) {
 var kustomizationTemplate = `resources:
 - certificate.yaml
 
+# the following config is for teaching kustomize how to do var substitution
 vars:
 - name: CERTIFICATENAME
   objref:
@@ -46,6 +47,14 @@ vars:
     group: certmanager.k8s.io
     version: v1alpha1
     name: serving-cert # this name should match the one in certificate.yaml
+- name: CERTIFICATENAMESPACE
+  objref:
+    kind: Certificate
+    group: certmanager.k8s.io
+    version: v1alpha1
+    name: serving-cert # this name should match the one in certificate.yaml
+  fieldref:
+    fieldpath: metadata.namespace
 
 configurations:
 - kustomizeconfig.yaml
diff --git a/pkg/scaffold/v2/crd/enablewebhook_patch.go b/pkg/scaffold/v2/crd/enablewebhook_patch.go
index 68a9c172756..c523bff4e9b 100644
--- a/pkg/scaffold/v2/crd/enablewebhook_patch.go
+++ b/pkg/scaffold/v2/crd/enablewebhook_patch.go
@@ -62,7 +62,7 @@ spec:
     webhookClientConfig:
       # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
       # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
-      caBundle: XG4= 
+      caBundle: Cg==
       service:
         namespace: $(NAMESPACE)
         name: webhook-service
diff --git a/pkg/scaffold/v2/kustomize.go b/pkg/scaffold/v2/kustomize.go
index 76ee14db792..84f0604c547 100644
--- a/pkg/scaffold/v2/kustomize.go
+++ b/pkg/scaffold/v2/kustomize.go
@@ -69,9 +69,10 @@ bases:
 - ../crd
 - ../rbac
 - ../manager
-# - ../webhook
-# Comment the next line if you want to disable cert-manager
-# - ../certmanager
+# [WEBHOOK] Uncomment all the sections with [WEBHOOK] prefix to enable webhook.
+#- ../webhook
+# [CERTMANAGER] Uncomment next line to enable cert-manager
+#- ../certmanager
 
 patches:
 - manager_image_patch.yaml
@@ -86,9 +87,10 @@ patches:
   # manager_prometheus_metrics_patch.yaml should be enabled.
 #- manager_prometheus_metrics_patch.yaml
 
-# Uncomment the following patch to enable the CA injection in the admission webhooks.
-#- webhookcainjection_patch.yaml
-
-# Uncomment the following patch to enable the webhook for the manager.
+# [WEBHOOK] Uncomment all the sections with [WEBHOOK] prefix to enable webhook.
 #- manager_webhook_patch.yaml
+
+# [CAINJECTION] Uncomment next line to enable the CA injection in the admission webhooks. [CERTMANAGER] needs to be
+# enabled to use ca injection
+#- webhookcainjection_patch.yaml
 `
diff --git a/pkg/scaffold/v2/manager/config.go b/pkg/scaffold/v2/manager/config.go
index 1b859971ac7..351edb388c8 100644
--- a/pkg/scaffold/v2/manager/config.go
+++ b/pkg/scaffold/v2/manager/config.go
@@ -98,9 +98,5 @@ spec:
           requests:
             cpu: 100m
             memory: 20Mi
-        ports:
-        - containerPort: 9876
-          name: webhook-server
-          protocol: TCP
       terminationGracePeriodSeconds: 10
 `
diff --git a/pkg/scaffold/v2/manager/kustomization.go b/pkg/scaffold/v2/manager/kustomization.go
index 7cb74027d48..91958d96b44 100644
--- a/pkg/scaffold/v2/manager/kustomization.go
+++ b/pkg/scaffold/v2/manager/kustomization.go
@@ -41,19 +41,4 @@ func (c *Kustomization) GetInput() (input.Input, error) {
 
 var kustomizeManagerTemplate = `resources:
 - manager.yaml
-
-# the following config is for teaching kustomize how to do var substitution 
-# vars:
-# - name: NAMESPACE
-#   objref:
-#     kind: Service
-#     version: v1
-#     name: webhook-service
-#   fieldref:
-#     fieldpath: metadata.namespace
-# - name: SERVICENAME
-#   objref:
-#     kind: Service
-#     version: v1
-#     name: webhook-service
 `
diff --git a/pkg/scaffold/v2/webhook/enablecainection_patch.go b/pkg/scaffold/v2/webhook/enablecainection_patch.go
index 108155e263c..8026c07d2f5 100644
--- a/pkg/scaffold/v2/webhook/enablecainection_patch.go
+++ b/pkg/scaffold/v2/webhook/enablecainection_patch.go
@@ -46,12 +46,12 @@ kind: MutatingWebhookConfiguration
 metadata:
   name: mutating-webhook-configuration
   annotations:
-    certmanager.k8s.io/inject-ca-from: $(NAMESPACE)/$(CERTIFICATENAME)
+    certmanager.k8s.io/inject-ca-from: $(CERTIFICATENAMESPACE)/$(CERTIFICATENAME)
 ---
 apiVersion: admissionregistration.k8s.io/v1beta1
 kind: ValidatingWebhookConfiguration
 metadata:
   name: validating-webhook-configuration
   annotations:
-    certmanager.k8s.io/inject-ca-from: $(NAMESPACE)/$(CERTIFICATENAME)
+    certmanager.k8s.io/inject-ca-from: $(CERTIFICATENAMESPACE)/$(CERTIFICATENAME)
 `
diff --git a/pkg/scaffold/v2/webhook/kustomization.go b/pkg/scaffold/v2/webhook/kustomization.go
index d874eb1b223..d7b5a2c2608 100644
--- a/pkg/scaffold/v2/webhook/kustomization.go
+++ b/pkg/scaffold/v2/webhook/kustomization.go
@@ -40,8 +40,24 @@ func (c *Kustomization) GetInput() (input.Input, error) {
 }
 
 var KustomizeWebhookTemplate = `resources:
-- webhookmanifests.yaml  # disabled till v2 has webhook support
+- webhookmanifests.yaml
+- service.yaml
 
 configurations:
 - kustomizeconfig.yaml
+
+# the following config is for teaching kustomize how to do var substitution
+vars:
+- name: NAMESPACE
+  objref:
+    kind: Service
+    version: v1
+    name: webhook-service
+  fieldref:
+    fieldpath: metadata.namespace
+- name: SERVICENAME
+  objref:
+    kind: Service
+    version: v1
+    name: webhook-service
 `
diff --git a/pkg/scaffold/v2/webhook/service.go b/pkg/scaffold/v2/webhook/service.go
new file mode 100644
index 00000000000..e144edfb5cd
--- /dev/null
+++ b/pkg/scaffold/v2/webhook/service.go
@@ -0,0 +1,52 @@
+/*
+Copyright 2019 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package webhook
+
+import (
+	"path/filepath"
+
+	"sigs.k8s.io/kubebuilder/pkg/scaffold/input"
+)
+
+var _ input.File = &Service{}
+
+// Service scaffolds the Service file in manager folder.
+type Service struct {
+	input.Input
+}
+
+// GetInput implements input.File
+func (c *Service) GetInput() (input.Input, error) {
+	if c.Path == "" {
+		c.Path = filepath.Join("config", "webhook", "service.yaml")
+	}
+	c.TemplateBody = ServiceTemplate
+	c.Input.IfExistsAction = input.Error
+	return c.Input, nil
+}
+
+var ServiceTemplate = `
+apiVersion: v1
+kind: Service
+metadata:
+  name: webhook-service
+  namespace: system
+spec:
+  ports:
+    - port: 443
+      targetPort: 443
+`
diff --git a/pkg/scaffold/v2/webhook_manager_patch.go b/pkg/scaffold/v2/webhook_manager_patch.go
index 46dfee65eb2..4faa6d61e4b 100644
--- a/pkg/scaffold/v2/webhook_manager_patch.go
+++ b/pkg/scaffold/v2/webhook_manager_patch.go
@@ -18,6 +18,7 @@ package v2
 
 import (
 	"path/filepath"
+
 	"sigs.k8s.io/kubebuilder/pkg/scaffold/input"
 )
 
@@ -50,22 +51,12 @@ spec:
           name: webhook-server
           protocol: TCP
         volumeMounts:
-        - mountPath: /tmp/cert
+        - mountPath: /tmp/k8s-webhook-server/serving-certs
           name: cert
           readOnly: true
       volumes:
       - name: cert
         secret:
           defaultMode: 420
-          secretName: webhook-server-secret
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: webhook-service
-  namespace: system
-spec:
-  ports:
-  - port: 443
-    targetPort: 443
+          secretName: webhook-server-cert
 `