Clean up kustomizations

james-callahan · james-callahan · commit e9fe2a62d8d6 · 2024-12-23T15:43:14.000+02:00
- Always include apiVersion+kind of kustomization files
  - `patchesStrategicMerge` was deprecated, use `patches` instead
  - `bases` was deprecated, use `resources` instead
  - Order `configurations` first
diff --git a/config/certmanager/kustomization.yaml b/config/certmanager/kustomization.yaml
@@ -1,5 +1,6 @@
-resources:
-  - certificate.yaml
-
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
 configurations:
   - kustomizeconfig.yaml
+resources:
+  - certificate.yaml
diff --git a/config/controller/kustomization.yaml b/config/controller/kustomization.yaml
@@ -1,11 +1,10 @@
-resources:
-- controller.yaml
-patchesStrategicMerge:
-- iam_for_sa_patch.yaml
-- security_context_patch.yaml
-
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
+resources:
+- controller.yaml
+patches:
+- path: iam_for_sa_patch.yaml
+- path: security_context_patch.yaml
 images:
 - name: controller
   newName: public.ecr.aws/eks/aws-load-balancer-controller
diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml
@@ -1,3 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+# the following config is for teaching kustomize how to do kustomization for CRDs.
+configurations:
+  - kustomizeconfig.yaml
+
 # This kustomization.yaml is not intended to be run by itself,
 # since it depends on service name and namespace that are out of this kustomize package.
 # It should be run by config/default
@@ -6,19 +13,16 @@ resources:
   - bases/elbv2.k8s.aws_ingressclassparams.yaml
 # +kubebuilder:scaffold:crdkustomizeresource
 
-patchesStrategicMerge:
+patches:
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
 # patches here are for enabling the conversion webhook for each CRD
-#- patches/webhook_in_targetgroupbindings.yaml
-#- patches/webhook_in_ingressclassparams.yaml
+#- path: patches/webhook_in_targetgroupbindings.yaml
+#- path: patches/webhook_in_ingressclassparams.yaml
 # +kubebuilder:scaffold:crdkustomizewebhookpatch
 
 # [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix.
 # patches here are for enabling the CA injection for each CRD
-#- patches/cainjection_in_targetgroupbindings.yaml
-#- patches/cainjection_in_ingressclassparams.yaml
+#- path: patches/cainjection_in_targetgroupbindings.yaml
+#- path: patches/cainjection_in_ingressclassparams.yaml
 # +kubebuilder:scaffold:crdkustomizecainjectionpatch
 
-# the following config is for teaching kustomize how to do kustomization for CRDs.
-configurations:
-  - kustomizeconfig.yaml
diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
@@ -1,3 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
 # Adds namespace to all resources.
 namespace: kube-system
 
@@ -12,7 +15,7 @@ namePrefix: aws-load-balancer-
 commonLabels:
   app.kubernetes.io/name: aws-load-balancer-controller
 
-bases:
+resources:
   - ../crd
   - ../rbac
   - ../controller
@@ -24,15 +27,25 @@ bases:
 # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
 #- ../prometheus
 
-patchesStrategicMerge:
+patches:
   # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
   # crd/kustomization.yaml
-  - controller_webhook_patch.yaml
+  - path: controller_webhook_patch.yaml
 
   # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'.
   # Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks.
   # 'CERTMANAGER' needs to be enabled to use ca injection
-  - webhookcainjection_patch.yaml
+  # This patch add annotation to admission webhook config and
+  # the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize.
+  - target:
+      kind: (MutatingWebhookConfiguration|ValidatingWebhookConfiguration)
+    patch: |-
+      apiVersion: admissionregistration.k8s.io/v1
+      kind: dummy
+      metadata:
+        name: webhook
+        annotations:
+          cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
 
 # the following config is for teaching kustomize how to do var substitution
 vars:
diff --git a/config/default/webhookcainjection_patch.yaml b/config/default/webhookcainjection_patch.yaml
diff --git a/config/prometheus/kustomization.yaml b/config/prometheus/kustomization.yaml
@@ -1,2 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
 resources:
   - monitor.yaml
diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml
@@ -1,3 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
 resources:
   - role.yaml
   - role_binding.yaml
diff --git a/config/webhook/kustomization.yaml b/config/webhook/kustomization.yaml
@@ -1,11 +1,14 @@
-resources:
-  - manifests.yaml
-  - service.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
 
 configurations:
   - kustomizeconfig.yaml
 
-patchesStrategicMerge:
-  - pod_mutator_patch.yaml
-  - service_mutator_patch.yaml
-  - ingressclassparams_validator_patch.yaml
+resources:
+  - manifests.yaml
+  - service.yaml
+
+patches:
+  - path: pod_mutator_patch.yaml
+  - path: service_mutator_patch.yaml
+  - path: ingressclassparams_validator_patch.yaml

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,5 @@`
	`1`	`+apiVersion: kustomize.config.k8s.io/v1beta1`
	`2`	`+kind: Kustomization`
`1`	`3`	`resources:`
`2`	`4`	`- role.yaml`
`3`	`5`	`- role_binding.yaml`