diff --git a/.gitignore b/.gitignore index c0a7a54c..30b3407e 100644 --- a/.gitignore +++ b/.gitignore @@ -18,8 +18,16 @@ testbin/* !vendor/**/zz_generated.* +# Generated installation files +dist/ + # editor and IDE paraphernalia .idea *.swp *.swo *~ + +# Claude code related ignores +.claude-helper +claude-helper +project-state.md \ No newline at end of file diff --git a/Makefile b/Makefile index 461646e3..1793b586 100644 --- a/Makefile +++ b/Makefile @@ -139,8 +139,15 @@ ifndef ignore-not-found ignore-not-found = false endif +.PHONY: validate-kustomize +validate-kustomize: kustomize ## Validate kustomization files syntax + @echo "Validating kustomization files..." + $(KUSTOMIZE) build config/crd > /dev/null + $(KUSTOMIZE) build config/default > /dev/null + @echo "Kustomization files are valid" + .PHONY: install -install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config. +install: manifests kustomize validate-kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config. $(KUSTOMIZE) build config/crd | $(KUBECTL) apply -f - .PHONY: uninstall @@ -148,7 +155,7 @@ uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified $(KUSTOMIZE) build config/crd | $(KUBECTL) delete --ignore-not-found=$(ignore-not-found) -f - .PHONY: deploy -deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config. +deploy: manifests kustomize validate-kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config. cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} $(KUSTOMIZE) build config/default | $(KUBECTL) apply -f - diff --git a/config/certmanager/kustomization.yaml b/config/certmanager/kustomization.yaml index bebea5a5..438e93c2 100644 --- a/config/certmanager/kustomization.yaml +++ b/config/certmanager/kustomization.yaml @@ -1,3 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + resources: - certificate.yaml diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index 60b53570..a8af57a3 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -1,3 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + # This kustomization.yaml is not intended to be run by itself, # since it depends on service name and namespace that are out of this kustomize package. # It should be run by config/default @@ -9,8 +12,6 @@ resources: configurations: - kustomizeconfig.yaml -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization patches: # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. # patches here are for enabling the conversion webhook for each CRD diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index 7cd3874a..182f4fb6 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -1,3 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + # Adds namespace to all resources. namespace: tortoise-system @@ -12,7 +15,7 @@ namePrefix: tortoise- #commonLabels: # someName: someValue -bases: +resources: - ../crd - ../rbac - ../manager @@ -22,47 +25,76 @@ bases: # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. #- ../prometheus -patchesStrategicMerge: # Protect the /metrics endpoint by putting it behind auth. # If you want your controller-manager to expose the /metrics # endpoint w/o any authn/z, please comment the following line. -- path: manager_auth_proxy_patch.yaml # Mount the controller config file for loading manager configurations # through a ComponentConfig type #- manager_config_patch.yaml -- path: manager_webhook_patch.yaml -- path: webhookcainjection_patch.yaml -- path: manager_metrics_patch.yaml - target: - kind: Deployment -# the following config is for teaching kustomize how to do var substitution -vars: -- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR - objref: - kind: Certificate +# the following config is for teaching kustomize how to do replacements +replacements: +- source: + fieldPath: .metadata.namespace group: cert-manager.io - version: v1 - name: serving-cert # this name should match the one in certificate.yaml - fieldref: - fieldpath: metadata.namespace -- name: CERTIFICATE_NAME - objref: kind: Certificate + name: serving-cert + version: v1 + targets: + - fieldPaths: + - .webhooks.[name=tortoise-validating-webhook].clientConfig.service.namespace + select: + kind: ValidatingAdmissionWebhook + - fieldPaths: + - .webhooks.[name=tortoise-mutating-webhook].clientConfig.service.namespace + select: + kind: MutatingAdmissionWebhook +- source: + fieldPath: .metadata.name group: cert-manager.io + kind: Certificate + name: serving-cert version: v1 - name: serving-cert # this name should match the one in certificate.yaml -- name: SERVICE_NAMESPACE # namespace of the service - objref: + targets: + - fieldPaths: + - .webhooks.[name=tortoise-validating-webhook].clientConfig.service.name + select: + kind: ValidatingAdmissionWebhook + - fieldPaths: + - .webhooks.[name=tortoise-mutating-webhook].clientConfig.service.name + select: + kind: MutatingAdmissionWebhook +- source: + fieldPath: .metadata.namespace kind: Service - version: v1 name: webhook-service - fieldref: - fieldpath: metadata.namespace -- name: SERVICE_NAME - objref: - kind: Service version: v1 + targets: + - fieldPaths: + - .webhooks.[name=tortoise-validating-webhook].clientConfig.service.namespace + select: + kind: ValidatingAdmissionWebhook + - fieldPaths: + - .webhooks.[name=tortoise-mutating-webhook].clientConfig.service.namespace + select: + kind: MutatingAdmissionWebhook +- source: + fieldPath: .metadata.name + kind: Service name: webhook-service + version: v1 + targets: + - fieldPaths: + - .webhooks.[name=tortoise-validating-webhook].clientConfig.service.name + select: + kind: ValidatingAdmissionWebhook + - fieldPaths: + - .webhooks.[name=tortoise-mutating-webhook].clientConfig.service.name + select: + kind: MutatingAdmissionWebhook +patches: +- path: manager_auth_proxy_patch.yaml +- path: manager_webhook_patch.yaml +- path: webhookcainjection_patch.yaml diff --git a/config/default/metrics_service.yaml b/config/default/metrics_service.yaml index 7034ceaa..ec34b44e 100644 --- a/config/default/metrics_service.yaml +++ b/config/default/metrics_service.yaml @@ -5,7 +5,7 @@ metadata: control-plane: controller-manager app.kubernetes.io/name: tortoise app.kubernetes.io/managed-by: kustomize - name: controller-manager-metrics-service + name: tortoise-metrics-service namespace: system spec: ports: diff --git a/config/prometheus/kustomization.yaml b/config/prometheus/kustomization.yaml index ed137168..ead3cec4 100644 --- a/config/prometheus/kustomization.yaml +++ b/config/prometheus/kustomization.yaml @@ -1,2 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + resources: - monitor.yaml diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index 731832a6..d749b64a 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -1,3 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + resources: # All RBAC will be applied under this service account in # the deployment namespace. You may comment out this resource diff --git a/config/webhook/kustomization.yaml b/config/webhook/kustomization.yaml index 9cf26134..003c870a 100644 --- a/config/webhook/kustomization.yaml +++ b/config/webhook/kustomization.yaml @@ -1,3 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + resources: - manifests.yaml - service.yaml