diff --git a/docs/book/src/component-config-tutorial/testdata/project/config/rbac/role.yaml b/docs/book/src/component-config-tutorial/testdata/project/config/rbac/role.yaml new file mode 100644 index 00000000000..9f0ce00dd55 --- /dev/null +++ b/docs/book/src/component-config-tutorial/testdata/project/config/rbac/role.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: clusterrole + app.kubernetes.io/instance: manager-role + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: project + app.kubernetes.io/part-of: project + app.kubernetes.io/managed-by: kustomize + name: manager-role +rules: +- apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] diff --git a/pkg/plugins/common/kustomize/v2/scaffolds/api.go b/pkg/plugins/common/kustomize/v2/scaffolds/api.go index 8bafbf9f9d1..51c1c662ccf 100644 --- a/pkg/plugins/common/kustomize/v2/scaffolds/api.go +++ b/pkg/plugins/common/kustomize/v2/scaffolds/api.go @@ -24,6 +24,7 @@ import ( "sigs.k8s.io/kubebuilder/v3/pkg/config" "sigs.k8s.io/kubebuilder/v3/pkg/machinery" "sigs.k8s.io/kubebuilder/v3/pkg/model/resource" + pluginutil "sigs.k8s.io/kubebuilder/v3/pkg/plugin/util" "sigs.k8s.io/kubebuilder/v3/pkg/plugins" "sigs.k8s.io/kubebuilder/v3/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/crd" "sigs.k8s.io/kubebuilder/v3/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/crd/patches" @@ -72,6 +73,16 @@ func (s *apiScaffolder) Scaffold() error { // Keep track of these values before the update if s.resource.HasAPI() { + kustomizeFilePath := "config/default/kustomization.yaml" + err := pluginutil.UncommentCode(kustomizeFilePath, "#- ../crd", `#`) + if err != nil { + hasCRUncommented, err := pluginutil.HasFragment(kustomizeFilePath, "- ../crd") + if !hasCRUncommented || err != nil { + log.Errorf("Unable to find the target #- ../crd to uncomment in the file "+ + "%s.", kustomizeFilePath) + } + } + if err := scaffold.Execute( &samples.CRDSample{Force: s.force}, &rbac.CRDEditorRole{}, diff --git a/pkg/plugins/common/kustomize/v2/scaffolds/init.go b/pkg/plugins/common/kustomize/v2/scaffolds/init.go index 3d5785255a0..baea4bb55c6 100644 --- a/pkg/plugins/common/kustomize/v2/scaffolds/init.go +++ b/pkg/plugins/common/kustomize/v2/scaffolds/init.go @@ -69,6 +69,9 @@ func (s *initScaffolder) Scaffold() error { &rbac.AuthProxyService{}, &rbac.AuthProxyClientRole{}, &rbac.RoleBinding{}, + // We need to create a Role because if the project + // has not CRD define the controller-gen will not generate this file + &rbac.Role{}, &rbac.LeaderElectionRole{}, &rbac.LeaderElectionRoleBinding{}, &rbac.ServiceAccount{}, diff --git a/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/kdefault/kustomization.go b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/kdefault/kustomization.go index 4919a8d8c9b..7d8c8449f6e 100644 --- a/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/kdefault/kustomization.go +++ b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/kdefault/kustomization.go @@ -61,7 +61,7 @@ namePrefix: {{ .ProjectName }}- # someName: someValue resources: -- ../crd +#- ../crd - ../rbac - ../manager # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in diff --git a/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/rbac/role.go b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/rbac/role.go new file mode 100644 index 00000000000..4b3dd815deb --- /dev/null +++ b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/rbac/role.go @@ -0,0 +1,61 @@ +/* +Copyright 2023 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package rbac + +import ( + "path/filepath" + + "sigs.k8s.io/kubebuilder/v3/pkg/machinery" +) + +var _ machinery.Template = &Role{} + +// Role scaffolds a file that defines the role for the manager +type Role struct { + machinery.TemplateMixin + machinery.ProjectNameMixin +} + +// SetTemplateDefaults implements file.Template +func (f *Role) SetTemplateDefaults() error { + if f.Path == "" { + f.Path = filepath.Join("config", "rbac", "role.yaml") + } + + f.TemplateBody = managerRoleTemplate + + f.IfExistsAction = machinery.SkipFile + + return nil +} + +const managerRoleTemplate = `apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: clusterrole + app.kubernetes.io/instance: manager-role + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: {{ .ProjectName }} + app.kubernetes.io/part-of: {{ .ProjectName }} + app.kubernetes.io/managed-by: kustomize + name: manager-role +rules: +- apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] +` diff --git a/testdata/project-v4-with-grafana/config/default/kustomization.yaml b/testdata/project-v4-with-grafana/config/default/kustomization.yaml index d392dadc0fd..50746f77fce 100644 --- a/testdata/project-v4-with-grafana/config/default/kustomization.yaml +++ b/testdata/project-v4-with-grafana/config/default/kustomization.yaml @@ -15,7 +15,7 @@ namePrefix: project-v4-with-grafana- # someName: someValue resources: -- ../crd +#- ../crd - ../rbac - ../manager # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in diff --git a/testdata/project-v4-with-grafana/config/rbac/role.yaml b/testdata/project-v4-with-grafana/config/rbac/role.yaml new file mode 100644 index 00000000000..7d58c9ed049 --- /dev/null +++ b/testdata/project-v4-with-grafana/config/rbac/role.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: clusterrole + app.kubernetes.io/instance: manager-role + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: project-v4-with-grafana + app.kubernetes.io/part-of: project-v4-with-grafana + app.kubernetes.io/managed-by: kustomize + name: manager-role +rules: +- apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"]