fix issues by simplifying the scaffold. Removes webhookcainjection_pa…

…tch and clarify replacements. - Removed config/default/webhookcainjection_patch.yaml to streamline the scaffold. - Clarified replacements blocks in kustomization.yaml for easier understanding. Each block is now labeled with instructions for uncommenting based on specific webhook scenarios (ValidatingWebhook, DefaultingWebhook, ConvertingWebhook).
kubernetes-sigs · Sep 3, 2024 · f4df3c6 · f4df3c6
1 parent 33a2f3d
commit f4df3c6
Show file tree

Hide file tree

Showing 19 changed files with 1,273 additions and 1,226 deletions.
diff --git a/.github/workflows/test-e2e-samples.yml b/.github/workflows/test-e2e-samples.yml
@@ -38,8 +38,7 @@ jobs:
         run: |
           KUSTOMIZATION_FILE_PATH="testdata/project-v4/config/default/kustomization.yaml"
           sed -i '25s/^#//' $KUSTOMIZATION_FILE_PATH
-          sed -i '51s/^#//' $KUSTOMIZATION_FILE_PATH
-          sed -i '55,151s/^#//' $KUSTOMIZATION_FILE_PATH
+          sed -i '50,177s/^#//' $KUSTOMIZATION_FILE_PATH
           cd testdata/project-v4/
           go mod tidy
 
@@ -58,18 +57,10 @@ jobs:
         run: |
           KUSTOMIZATION_FILE_PATH="testdata/project-v4-with-deploy-image/config/default/kustomization.yaml"
           sed -i '25s/^#//' $KUSTOMIZATION_FILE_PATH
-          sed -i '51s/^#//' $KUSTOMIZATION_FILE_PATH
           # Uncomment only ValidatingWebhookConfiguration
           # from cert-manager replaces
-          sed -i '55,70s/^#//' $KUSTOMIZATION_FILE_PATH
-          sed -i '55,70s/^#//' $KUSTOMIZATION_FILE_PATH
-          sed -i '79,101s/^#//' $KUSTOMIZATION_FILE_PATH
-          sed -i '110,151s/^#//' $KUSTOMIZATION_FILE_PATH
-          # Comment the injection for MutatingWebhookConfiguration
-          # Fixme: We should not scaffold or it should be commented
-          # by default when only validation webhooks are scaffolded
-          WEBHOOK_INJECTION_FILE_PATH="testdata/project-v4-with-deploy-image/config/default/webhookcainjection_patch.yaml"
-          sed -i '3,11s/^/#/' $WEBHOOK_INJECTION_FILE_PATH
+          sed -i '50,80s/^#//' $KUSTOMIZATION_FILE_PATH
+          sed -i '144,177s/^#//' $KUSTOMIZATION_FILE_PATH
           cd testdata/project-v4-with-deploy-image/
           go mod tidy
 

diff --git a/docs/book/src/cronjob-tutorial/testdata/project/config/default/kustomization.yaml b/docs/book/src/cronjob-tutorial/testdata/project/config/default/kustomization.yaml
@@ -45,107 +45,133 @@ patches:
 # crd/kustomization.yaml
 - path: manager_webhook_patch.yaml
 
-# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'.
-# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks.
-# 'CERTMANAGER' needs to be enabled to use ca injection
-- path: webhookcainjection_patch.yaml
-
 # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
 # Uncomment the following replacements to add the cert-manager CA injection annotations
 replacements:
-  - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs
-      kind: Certificate
-      group: cert-manager.io
-      version: v1
-      name: serving-cert # this name should match the one in certificate.yaml
-      fieldPath: .metadata.namespace # namespace of the certificate CR
-    targets:
-      - select:
-          kind: ValidatingWebhookConfiguration
-        fieldPaths:
-          - .metadata.annotations.[cert-manager.io/inject-ca-from]
-        options:
-          delimiter: '/'
-          index: 0
-          create: true
-      - select:
-          kind: MutatingWebhookConfiguration
-        fieldPaths:
-          - .metadata.annotations.[cert-manager.io/inject-ca-from]
-        options:
-          delimiter: '/'
-          index: 0
-          create: true
-      - select:
-          kind: CustomResourceDefinition
-        fieldPaths:
-          - .metadata.annotations.[cert-manager.io/inject-ca-from]
-        options:
-          delimiter: '/'
-          index: 0
-          create: true
-  - source:
-      kind: Certificate
-      group: cert-manager.io
-      version: v1
-      name: serving-cert # this name should match the one in certificate.yaml
-      fieldPath: .metadata.name
-    targets:
-      - select:
-          kind: ValidatingWebhookConfiguration
-        fieldPaths:
-          - .metadata.annotations.[cert-manager.io/inject-ca-from]
-        options:
-          delimiter: '/'
-          index: 1
-          create: true
-      - select:
-          kind: MutatingWebhookConfiguration
-        fieldPaths:
-          - .metadata.annotations.[cert-manager.io/inject-ca-from]
-        options:
-          delimiter: '/'
-          index: 1
-          create: true
-      - select:
-          kind: CustomResourceDefinition
-        fieldPaths:
-          - .metadata.annotations.[cert-manager.io/inject-ca-from]
-        options:
-          delimiter: '/'
-          index: 1
-          create: true
-  - source: # Add cert-manager annotation to the webhook Service
-      kind: Service
-      version: v1
-      name: webhook-service
-      fieldPath: .metadata.name # namespace of the service
-    targets:
-      - select:
-          kind: Certificate
-          group: cert-manager.io
-          version: v1
-        fieldPaths:
-          - .spec.dnsNames.0
-          - .spec.dnsNames.1
-        options:
-          delimiter: '.'
-          index: 0
-          create: true
-  - source:
-      kind: Service
-      version: v1
-      name: webhook-service
-      fieldPath: .metadata.namespace # namespace of the service
-    targets:
-      - select:
-          kind: Certificate
-          group: cert-manager.io
-          version: v1
-        fieldPaths:
-          - .spec.dnsNames.0
-          - .spec.dnsNames.1
-        options:
-          delimiter: '.'
-          index: 1
-          create: true
+ - source: # Uncomment the following block if you have a ValidatingWebhook (--programmatic-validation)
+     kind: Certificate
+     group: cert-manager.io
+     version: v1
+     name: serving-cert # This name should match the one in certificate.yaml
+     fieldPath: .metadata.namespace # Namespace of the certificate CR
+   targets:
+     - select:
+         kind: ValidatingWebhookConfiguration
+       fieldPaths:
+         - .metadata.annotations.[cert-manager.io/inject-ca-from]
+       options:
+         delimiter: '/'
+         index: 0
+         create: true
+ - source:
+     kind: Certificate
+     group: cert-manager.io
+     version: v1
+     name: serving-cert # This name should match the one in certificate.yaml
+     fieldPath: .metadata.name
+   targets:
+     - select:
+         kind: ValidatingWebhookConfiguration
+       fieldPaths:
+         - .metadata.annotations.[cert-manager.io/inject-ca-from]
+       options:
+         delimiter: '/'
+         index: 1
+         create: true
+
+ - source: # Uncomment the following block if you have a DefaultingWebhook (--defaulting )
+     kind: Certificate
+     group: cert-manager.io
+     version: v1
+     name: serving-cert # This name should match the one in certificate.yaml
+     fieldPath: .metadata.namespace # Namespace of the certificate CR
+   targets:
+     - select:
+         kind: MutatingWebhookConfiguration
+       fieldPaths:
+         - .metadata.annotations.[cert-manager.io/inject-ca-from]
+       options:
+         delimiter: '/'
+         index: 0
+         create: true
+ - source:
+     kind: Certificate
+     group: cert-manager.io
+     version: v1
+     name: serving-cert # This name should match the one in certificate.yaml
+     fieldPath: .metadata.name
+   targets:
+     - select:
+         kind: MutatingWebhookConfiguration
+       fieldPaths:
+         - .metadata.annotations.[cert-manager.io/inject-ca-from]
+       options:
+         delimiter: '/'
+         index: 1
+         create: true
+
+ - source: # Uncomment the following block if you have a ConversionWebhook (--conversion)
+     kind: Certificate
+     group: cert-manager.io
+     version: v1
+     name: serving-cert # This name should match the one in certificate.yaml
+     fieldPath: .metadata.namespace # Namespace of the certificate CR
+   targets:
+     - select:
+         kind: CustomResourceDefinition
+       fieldPaths:
+         - .metadata.annotations.[cert-manager.io/inject-ca-from]
+       options:
+         delimiter: '/'
+         index: 0
+         create: true
+ - source:
+     kind: Certificate
+     group: cert-manager.io
+     version: v1
+     name: serving-cert # This name should match the one in certificate.yaml
+     fieldPath: .metadata.name
+   targets:
+     - select:
+         kind: CustomResourceDefinition
+       fieldPaths:
+         - .metadata.annotations.[cert-manager.io/inject-ca-from]
+       options:
+         delimiter: '/'
+         index: 1
+         create: true
+
+ - source: # Uncomment the following block if you enable cert-manager
+     kind: Service
+     version: v1
+     name: webhook-service
+     fieldPath: .metadata.name # Name of the service
+   targets:
+     - select:
+         kind: Certificate
+         group: cert-manager.io
+         version: v1
+       fieldPaths:
+         - .spec.dnsNames.0
+         - .spec.dnsNames.1
+       options:
+         delimiter: '.'
+         index: 0
+         create: true
+ - source:
+     kind: Service
+     version: v1
+     name: webhook-service
+     fieldPath: .metadata.namespace # Namespace of the service
+   targets:
+     - select:
+         kind: Certificate
+         group: cert-manager.io
+         version: v1
+       fieldPaths:
+         - .spec.dnsNames.0
+         - .spec.dnsNames.1
+       options:
+         delimiter: '.'
+         index: 1
+         create: true
diff --git a/docs/book/src/cronjob-tutorial/testdata/project/config/default/webhookcainjection_patch.yaml b/docs/book/src/cronjob-tutorial/testdata/project/config/default/webhookcainjection_patch.yaml