Skip to content

Commit

Permalink
fix: fix kustomize field replacements
Browse files Browse the repository at this point in the history
  • Loading branch information
hrak committed Sep 6, 2024
1 parent f3a70dc commit 3e25c86
Showing 1 changed file with 86 additions and 58 deletions.
144 changes: 86 additions & 58 deletions config/default/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -30,106 +30,134 @@ patches:
- path: webhookcainjection_patch.yaml

replacements:
- source:
fieldPath: .metadata.namespace
group: cert-manager.io
- source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs
kind: Certificate
name: serving-cert
group: cert-manager.io
version: v1
name: serving-cert # this name should match the one in certificate.yaml
fieldPath: .metadata.namespace # namespace of the certificate CR
targets:
- fieldPaths:
- .metadata.annotations.[cert-manager.io/inject-ca-from]
options:
create: true
delimiter: /
select:
- select:
kind: ValidatingWebhookConfiguration
- fieldPaths:
fieldPaths:
- .metadata.annotations.[cert-manager.io/inject-ca-from]
options:
delimiter: '/'
index: 0
create: true
delimiter: /
select:
- select:
kind: MutatingWebhookConfiguration
- fieldPaths:
fieldPaths:
- .metadata.annotations.[cert-manager.io/inject-ca-from]
options:
delimiter: '/'
index: 0
create: true
delimiter: /
select:
- select:
kind: CustomResourceDefinition
reject:
- name: ipaddressclaims.ipam.cluster.x-k8s.io
- name: ipaddresses.ipam.cluster.x-k8s.io
- name: extensionconfigs.runtime.cluster.x-k8s.io
fieldPaths:
- .metadata.annotations.[cert-manager.io/inject-ca-from]
options:
delimiter: '/'
index: 0
create: true
- source:
fieldPath: .metadata.name
group: cert-manager.io
kind: Certificate
name: serving-cert
group: cert-manager.io
version: v1
name: serving-cert # this name should match the one in certificate.yaml
fieldPath: .metadata.name
targets:
- fieldPaths:
- .metadata.annotations.[cert-manager.io/inject-ca-from]
options:
create: true
delimiter: /
index: 1
select:
- select:
kind: ValidatingWebhookConfiguration
- fieldPaths:
fieldPaths:
- .metadata.annotations.[cert-manager.io/inject-ca-from]
options:
create: true
delimiter: /
delimiter: '/'
index: 1
select:
create: true
- select:
kind: MutatingWebhookConfiguration
- fieldPaths:
fieldPaths:
- .metadata.annotations.[cert-manager.io/inject-ca-from]
options:
create: true
delimiter: /
delimiter: '/'
index: 1
select:
create: true
- select:
kind: CustomResourceDefinition
reject:
- name: ipaddressclaims.ipam.cluster.x-k8s.io
- name: ipaddresses.ipam.cluster.x-k8s.io
- name: extensionconfigs.runtime.cluster.x-k8s.io
- source:
fieldPath: .metadata.name
fieldPaths:
- .metadata.annotations.[cert-manager.io/inject-ca-from]
options:
delimiter: '/'
index: 1
create: true
- source: # Add cert-manager annotation to the webhook Service
kind: Service
name: webhook-service
version: v1
name: webhook-service
fieldPath: .metadata.name # namespace of the service
targets:
- fieldPaths:
- select:
kind: Certificate
group: cert-manager.io
version: v1
name: serving-cert
fieldPaths:
- .spec.dnsNames.0
- .spec.dnsNames.1
options:
delimiter: '.'
index: 0
create: true
delimiter: .
select:
group: cert-manager.io
kind: Certificate
version: v1
- source:
fieldPath: .metadata.namespace
kind: Service
name: webhook-service
version: v1
name: webhook-service
fieldPath: .metadata.namespace # namespace of the service
targets:
- fieldPaths:
- select:
kind: Certificate
group: cert-manager.io
version: v1
name: serving-cert
fieldPaths:
- .spec.dnsNames.0
- .spec.dnsNames.1
options:
create: true
delimiter: .
delimiter: '.'
index: 1
select:
group: cert-manager.io
create: true
- source: # Prefix the certificate secret name with the name of service
kind: Service
version: v1
name: webhook-service
fieldPath: .metadata.name # namespace of the service
targets:
- select:
kind: Certificate
group: cert-manager.io
version: v1
fieldPaths:
- .spec.secretName
options:
delimiter: '-'
index: 0
create: true
- source: # Certificate secret name
kind: Certificate
group: cert-manager.io
version: v1
name: serving-cert
fieldPath: .spec.secretName
targets:
- select:
kind: Deployment
group: apps
version: v1
name: controller-manager
fieldPaths:
- .spec.template.spec.volumes.[name=cert].secret.secretName

configurations:
- kustomizeconfig.yaml

0 comments on commit 3e25c86

Please sign in to comment.