From c90d23f70078e818a278926cf781b49728e39c73 Mon Sep 17 00:00:00 2001 From: Enrique Llorente Date: Wed, 7 Sep 2022 09:55:37 +0200 Subject: [PATCH] kustomize: Create different base per overlay Sometimes the kubeconfig secret does not need to be generated depending on on the consumer (capk has the secret already created [1]). This change move the overlay common parts to different bases so the final overlay can decide at the bases if they want a secret or not. [1] https://github.com/kubernetes-sigs/cluster-api-provider-kubevirt/pull/168 Signed-off-by: Enrique Llorente --- config/base/kustomization.yaml | 7 ---- config/{overlays => }/default/cloud-config | 0 config/default/kustomization.yaml | 25 +++++++++++++ config/{overlays => }/isolated/cloud-config | 0 config/isolated/kustomization.yaml | 33 +++++++++++++++++ config/manager/manager.yaml | 6 +++ config/overlays/default/kustomization.yaml | 29 ++------------- config/overlays/isolated/kustomization.yaml | 37 ++----------------- config/overlays/kubevirtci/kustomization.yaml | 3 +- 9 files changed, 72 insertions(+), 68 deletions(-) rename config/{overlays => }/default/cloud-config (100%) create mode 100644 config/default/kustomization.yaml rename config/{overlays => }/isolated/cloud-config (100%) create mode 100644 config/isolated/kustomization.yaml diff --git a/config/base/kustomization.yaml b/config/base/kustomization.yaml index 5504a6979..2a9e93b7f 100644 --- a/config/base/kustomization.yaml +++ b/config/base/kustomization.yaml @@ -1,10 +1,3 @@ bases: - ../rbac - ../manager - - ../secret - -generatorOptions: - disableNameSuffixHash: true - -patchesStrategicMerge: -- manager_tenant_kubeconfig_secret_patch.yaml diff --git a/config/overlays/default/cloud-config b/config/default/cloud-config similarity index 100% rename from config/overlays/default/cloud-config rename to config/default/cloud-config diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml new file mode 100644 index 000000000..e46b90ab4 --- /dev/null +++ b/config/default/kustomization.yaml @@ -0,0 +1,25 @@ +bases: + - ../base + +patchesJson6902: +- patch: |- + - op: add + path: /metadata/namespace + value: kube-system + - op: add + path: /subjects/0/namespace + value: default + target: + group: rbac.authorization.k8s.io + version: v1 + kind: RoleBinding + name: kccm-extension-apiserver-authorization-reader + +generatorOptions: + disableNameSuffixHash: true + +configMapGenerator: +- name: cloud-config + namespace: default + files: + - cloud-config diff --git a/config/overlays/isolated/cloud-config b/config/isolated/cloud-config similarity index 100% rename from config/overlays/isolated/cloud-config rename to config/isolated/cloud-config diff --git a/config/isolated/kustomization.yaml b/config/isolated/kustomization.yaml new file mode 100644 index 000000000..f91acd1fc --- /dev/null +++ b/config/isolated/kustomization.yaml @@ -0,0 +1,33 @@ +bases: + - ../base + +patches: +- patch: |- + - op: add + path: /spec/template/spec/containers/0/args/- + value: --authentication-skip-lookup=true + target: + kind: Deployment + +patchesStrategicMerge: +- |- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: kccm + $patch: delete +- |- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: kccm + $patch: delete + +generatorOptions: + disableNameSuffixHash: true + +configMapGenerator: +- name: cloud-config + namespace: default + files: + - cloud-config diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 6f755eeb4..694385a16 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -42,6 +42,12 @@ spec: - configMap: name: cloud-config name: cloud-config + - secret: + secretName: kubeconfig + items: + - key: kubeconfig + path: value + name: kubeconfig nodeSelector: node-role.kubernetes.io/master: "" tolerations: diff --git a/config/overlays/default/kustomization.yaml b/config/overlays/default/kustomization.yaml index 2a1ef313a..4d4b31c85 100644 --- a/config/overlays/default/kustomization.yaml +++ b/config/overlays/default/kustomization.yaml @@ -1,26 +1,3 @@ -namespace: default -bases: - - ../../base - -patchesJson6902: -- patch: |- - - op: add - path: /metadata/namespace - value: kube-system - - op: add - path: /subjects/0/namespace - value: default - target: - group: rbac.authorization.k8s.io - version: v1 - kind: RoleBinding - name: kccm-extension-apiserver-authorization-reader - -generatorOptions: - disableNameSuffixHash: true - -configMapGenerator: -- name: cloud-config - namespace: default - files: - - cloud-config +bases: + - ../../secret + - ../../default diff --git a/config/overlays/isolated/kustomization.yaml b/config/overlays/isolated/kustomization.yaml index f360af779..0ae157f16 100644 --- a/config/overlays/isolated/kustomization.yaml +++ b/config/overlays/isolated/kustomization.yaml @@ -1,34 +1,3 @@ -namespace: default -bases: - - ../../base - -patches: -- patch: |- - - op: add - path: /spec/template/spec/containers/0/args/- - value: --authentication-skip-lookup=true - target: - kind: Deployment - -patchesStrategicMerge: -- |- - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: kccm - $patch: delete -- |- - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: kccm - $patch: delete - -generatorOptions: - disableNameSuffixHash: true - -configMapGenerator: -- name: cloud-config - namespace: default - files: - - cloud-config +bases: + - ../../secret + - ../../isolated diff --git a/config/overlays/kubevirtci/kustomization.yaml b/config/overlays/kubevirtci/kustomization.yaml index 7ed934048..9044188f0 100644 --- a/config/overlays/kubevirtci/kustomization.yaml +++ b/config/overlays/kubevirtci/kustomization.yaml @@ -1,6 +1,7 @@ namespace: kvcluster bases: -- ../isolated +- ../../secret +- ../../isolated patchesStrategicMerge: - manager_image_patch.yaml