From 4cadf14ae0de21f64ada1c5d7093d8c48c5a81fb Mon Sep 17 00:00:00 2001
From: Mikalai Radchuk <mradchuk@redhat.com>
Date: Mon, 22 Apr 2024 17:30:43 +0200
Subject: [PATCH] Kustomize `ValidatingAdmissionPolicyBinding`

This is a workaround for kustomize issue where it does not prefix
`ValidatingAdmissionPolicy`'s name in `ValidatingAdmissionPolicyBinding`'s
field `spec.policyName`. This results in manifests which can still be
applied to a cluster, but the policy will not be working due to
broken policy binding.

These APIs are now stable in 1.30 so one might expect that Kustomize
will eventually support these by default. If this happens - we will
be able to remove this change.

Signed-off-by: Mikalai Radchuk <mradchuk@redhat.com>
---
 config/admission/kustomization.yaml   | 3 +++
 config/admission/kustomizeconfig.yaml | 9 +++++++++
 2 files changed, 12 insertions(+)
 create mode 100644 config/admission/kustomizeconfig.yaml

diff --git a/config/admission/kustomization.yaml b/config/admission/kustomization.yaml
index 14407db0c..4e1629d33 100644
--- a/config/admission/kustomization.yaml
+++ b/config/admission/kustomization.yaml
@@ -1,2 +1,5 @@
+configurations:
+- kustomizeconfig.yaml
+
 resources:
 - admission.yaml
diff --git a/config/admission/kustomizeconfig.yaml b/config/admission/kustomizeconfig.yaml
new file mode 100644
index 000000000..55fc4088a
--- /dev/null
+++ b/config/admission/kustomizeconfig.yaml
@@ -0,0 +1,9 @@
+# This file is for teaching kustomize how to substitute name in ValidatingAdmissionPolicyBinding
+# This might become obsolete depending on the outcome of https://github.com/kubernetes-sigs/kustomize/issues/5674
+nameReference:
+- kind: ValidatingAdmissionPolicy
+  group: admissionregistration.k8s.io
+  fieldSpecs:
+  - kind: ValidatingAdmissionPolicyBinding
+    group: admissionregistration.k8s.io
+    path: spec/policyName