From ee11b10642b11ab08e2c6248858b0d244c700d5d Mon Sep 17 00:00:00 2001 From: Mengqi Yu Date: Wed, 15 May 2019 14:41:38 -0700 Subject: [PATCH] update testdata --- testdata/project-v2/Dockerfile | 2 +- .../config/certmanager/kustomization.yaml | 9 +++++++++ .../bases/crew.testproject.org_captains.yaml | 1 + .../bases/crew.testproject.org_firstmates.yaml | 1 + .../config/crd/patches/webhook_in_captain.yaml | 2 +- .../crd/patches/webhook_in_firstmate.yaml | 2 +- .../config/default/kustomization.yaml | 16 +++++++++------- .../config/default/manager_webhook_patch.yaml | 14 ++------------ .../default/webhookcainjection_patch.yaml | 4 ++-- .../config/manager/kustomization.yaml | 15 --------------- .../project-v2/config/manager/manager.yaml | 4 ---- testdata/project-v2/config/rbac/role.yaml | 1 + .../config/webhook/kustomization.yaml | 18 +++++++++++++++++- .../config/webhook/webhookmanifests.yaml | 0 14 files changed, 45 insertions(+), 44 deletions(-) create mode 100644 testdata/project-v2/config/webhook/webhookmanifests.yaml diff --git a/testdata/project-v2/Dockerfile b/testdata/project-v2/Dockerfile index bf71d233ceb..1812efab22e 100644 --- a/testdata/project-v2/Dockerfile +++ b/testdata/project-v2/Dockerfile @@ -16,7 +16,7 @@ RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o manager # Use distroless as minimal base image to package the manager binary # Refer to https://github.com/GoogleContainerTools/distroless for more details -FROM gcr.io/distroless/base +FROM gcr.io/distroless/static:latest WORKDIR / COPY --from=builder /workspace/manager . ENTRYPOINT ["/manager"] diff --git a/testdata/project-v2/config/certmanager/kustomization.yaml b/testdata/project-v2/config/certmanager/kustomization.yaml index 26061aa75b0..50236e80a29 100644 --- a/testdata/project-v2/config/certmanager/kustomization.yaml +++ b/testdata/project-v2/config/certmanager/kustomization.yaml @@ -1,6 +1,7 @@ resources: - certificate.yaml +# the following config is for teaching kustomize how to do var substitution vars: - name: CERTIFICATENAME objref: @@ -8,6 +9,14 @@ vars: group: certmanager.k8s.io version: v1alpha1 name: serving-cert # this name should match the one in certificate.yaml +- name: CERTIFICATENAMESPACE + objref: + kind: Certificate + group: certmanager.k8s.io + version: v1alpha1 + name: serving-cert # this name should match the one in certificate.yaml + fieldref: + fieldpath: metadata.namespace configurations: - kustomizeconfig.yaml diff --git a/testdata/project-v2/config/crd/bases/crew.testproject.org_captains.yaml b/testdata/project-v2/config/crd/bases/crew.testproject.org_captains.yaml index eea4a8482c1..574d05df24d 100644 --- a/testdata/project-v2/config/crd/bases/crew.testproject.org_captains.yaml +++ b/testdata/project-v2/config/crd/bases/crew.testproject.org_captains.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: diff --git a/testdata/project-v2/config/crd/bases/crew.testproject.org_firstmates.yaml b/testdata/project-v2/config/crd/bases/crew.testproject.org_firstmates.yaml index 53a9edaba15..db3fca03679 100644 --- a/testdata/project-v2/config/crd/bases/crew.testproject.org_firstmates.yaml +++ b/testdata/project-v2/config/crd/bases/crew.testproject.org_firstmates.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: diff --git a/testdata/project-v2/config/crd/patches/webhook_in_captain.yaml b/testdata/project-v2/config/crd/patches/webhook_in_captain.yaml index 7dcb2e4656c..cb3929b59b5 100644 --- a/testdata/project-v2/config/crd/patches/webhook_in_captain.yaml +++ b/testdata/project-v2/config/crd/patches/webhook_in_captain.yaml @@ -11,7 +11,7 @@ spec: webhookClientConfig: # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) - caBundle: XG4= + caBundle: Cg== service: namespace: $(NAMESPACE) name: webhook-service diff --git a/testdata/project-v2/config/crd/patches/webhook_in_firstmate.yaml b/testdata/project-v2/config/crd/patches/webhook_in_firstmate.yaml index 74d991790c7..d492d511ed5 100644 --- a/testdata/project-v2/config/crd/patches/webhook_in_firstmate.yaml +++ b/testdata/project-v2/config/crd/patches/webhook_in_firstmate.yaml @@ -11,7 +11,7 @@ spec: webhookClientConfig: # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) - caBundle: XG4= + caBundle: Cg== service: namespace: $(NAMESPACE) name: webhook-service diff --git a/testdata/project-v2/config/default/kustomization.yaml b/testdata/project-v2/config/default/kustomization.yaml index 332f660fbaa..ea8d5aeb32d 100644 --- a/testdata/project-v2/config/default/kustomization.yaml +++ b/testdata/project-v2/config/default/kustomization.yaml @@ -16,9 +16,10 @@ bases: - ../crd - ../rbac - ../manager -# - ../webhook -# Comment the next line if you want to disable cert-manager -# - ../certmanager +# [WEBHOOK] Uncomment all the sections with [WEBHOOK] prefix to enable webhook. +#- ../webhook +# [CERTMANAGER] Uncomment next line to enable cert-manager +#- ../certmanager patches: - manager_image_patch.yaml @@ -33,8 +34,9 @@ patches: # manager_prometheus_metrics_patch.yaml should be enabled. #- manager_prometheus_metrics_patch.yaml -# Uncomment the following patch to enable the CA injection in the admission webhooks. -#- webhookcainjection_patch.yaml - -# Uncomment the following patch to enable the webhook for the manager. +# [WEBHOOK] Uncomment all the sections with [WEBHOOK] prefix to enable webhook. #- manager_webhook_patch.yaml + +# [CAINJECTION] Uncomment next line to enable the CA injection in the admission webhooks. [CERTMANAGER] needs to be +# enabled to use ca injection +#- webhookcainjection_patch.yaml diff --git a/testdata/project-v2/config/default/manager_webhook_patch.yaml b/testdata/project-v2/config/default/manager_webhook_patch.yaml index 29b9f35a495..ecb90f4fa34 100644 --- a/testdata/project-v2/config/default/manager_webhook_patch.yaml +++ b/testdata/project-v2/config/default/manager_webhook_patch.yaml @@ -13,21 +13,11 @@ spec: name: webhook-server protocol: TCP volumeMounts: - - mountPath: /tmp/cert + - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert readOnly: true volumes: - name: cert secret: defaultMode: 420 - secretName: webhook-server-secret ---- -apiVersion: v1 -kind: Service -metadata: - name: webhook-service - namespace: system -spec: - ports: - - port: 443 - targetPort: 443 + secretName: webhook-server-cert diff --git a/testdata/project-v2/config/default/webhookcainjection_patch.yaml b/testdata/project-v2/config/default/webhookcainjection_patch.yaml index f6d71cb768f..c2d2a3cdf88 100644 --- a/testdata/project-v2/config/default/webhookcainjection_patch.yaml +++ b/testdata/project-v2/config/default/webhookcainjection_patch.yaml @@ -5,11 +5,11 @@ kind: MutatingWebhookConfiguration metadata: name: mutating-webhook-configuration annotations: - certmanager.k8s.io/inject-ca-from: $(NAMESPACE)/$(CERTIFICATENAME) + certmanager.k8s.io/inject-ca-from: $(CERTIFICATENAMESPACE)/$(CERTIFICATENAME) --- apiVersion: admissionregistration.k8s.io/v1beta1 kind: ValidatingWebhookConfiguration metadata: name: validating-webhook-configuration annotations: - certmanager.k8s.io/inject-ca-from: $(NAMESPACE)/$(CERTIFICATENAME) + certmanager.k8s.io/inject-ca-from: $(CERTIFICATENAMESPACE)/$(CERTIFICATENAME) diff --git a/testdata/project-v2/config/manager/kustomization.yaml b/testdata/project-v2/config/manager/kustomization.yaml index ab8d38810c9..5c5f0b84cba 100644 --- a/testdata/project-v2/config/manager/kustomization.yaml +++ b/testdata/project-v2/config/manager/kustomization.yaml @@ -1,17 +1,2 @@ resources: - manager.yaml - -# the following config is for teaching kustomize how to do var substitution -# vars: -# - name: NAMESPACE -# objref: -# kind: Service -# version: v1 -# name: webhook-service -# fieldref: -# fieldpath: metadata.namespace -# - name: SERVICENAME -# objref: -# kind: Service -# version: v1 -# name: webhook-service diff --git a/testdata/project-v2/config/manager/manager.yaml b/testdata/project-v2/config/manager/manager.yaml index 02a51d1270c..fe765f55dd9 100644 --- a/testdata/project-v2/config/manager/manager.yaml +++ b/testdata/project-v2/config/manager/manager.yaml @@ -56,8 +56,4 @@ spec: requests: cpu: 100m memory: 20Mi - ports: - - containerPort: 9876 - name: webhook-server - protocol: TCP terminationGracePeriodSeconds: 10 diff --git a/testdata/project-v2/config/rbac/role.yaml b/testdata/project-v2/config/rbac/role.yaml index ddccd1cac44..5a7e977de60 100644 --- a/testdata/project-v2/config/rbac/role.yaml +++ b/testdata/project-v2/config/rbac/role.yaml @@ -1,3 +1,4 @@ +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: diff --git a/testdata/project-v2/config/webhook/kustomization.yaml b/testdata/project-v2/config/webhook/kustomization.yaml index 3158578d717..7ee6458b57e 100644 --- a/testdata/project-v2/config/webhook/kustomization.yaml +++ b/testdata/project-v2/config/webhook/kustomization.yaml @@ -1,5 +1,21 @@ resources: -- webhookmanifests.yaml # disabled till v2 has webhook support +- webhookmanifests.yaml +- service.yaml configurations: - kustomizeconfig.yaml + +# the following config is for teaching kustomize how to do var substitution +vars: +- name: NAMESPACE + objref: + kind: Service + version: v1 + name: webhook-service + fieldref: + fieldpath: metadata.namespace +- name: SERVICENAME + objref: + kind: Service + version: v1 + name: webhook-service diff --git a/testdata/project-v2/config/webhook/webhookmanifests.yaml b/testdata/project-v2/config/webhook/webhookmanifests.yaml new file mode 100644 index 00000000000..e69de29bb2d