Adding cert-manager to config/default. (#355)

It is required for adding validation webhooks for example.

This commit also contains side-effects required for this change:

1. `cert-manager` is installing some resources to the `cert-manager`
   namespace and some to the `kube-system` namespace, therefore we
   cannot use a single namespace override for all resources, so the
   global definition of `namespace:` in the `kustomization.yaml` was
   removed.

2. Added the `NamespaceTransformer` as a replacement for the global
   `namespace:` since it allows using the `unsetOnly` field which will
    now use the new "global namespace" only for resources that didn't
    explicitly specified their namespace.

3. Removed the `system` namespaces for all resources that expect to get
   the default namespace.

4. Added the `kind: Kustomization` type to all resources, it allows for
   k8s to run some type validation. I guess the reason it was not
   present until now is because it didn't exist in previous versions of
   `kustomize` and `operator-sdk` is using an old version.

Signed-off-by: Yoni Bettan <[email protected]>
Co-authored-by: Erusso7 <[email protected]>

Author: ybettan

ci/install-ci/kustomization.yaml

@@ -15,7 +15,6 @@ patchesStrategicMerge:
     kind: Deployment
     metadata:
       name: controller-manager
-      namespace: system
     spec:
       template:
         spec:

config/certmanager/certmanager.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- certmanager.yaml

config/certmanager/kustomization.yaml

@@ -9,7 +9,6 @@ spec:
     webhook:
       clientConfig:
         service:
-          namespace: system
           name: webhook-service
           path: /convert
       conversionReviewVersions:

config/crd-hub/patches/webhook_in_managedclustermodules.yaml

@@ -1,3 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
 # This kustomization.yaml is not intended to be run by itself,
 # since it depends on service name and namespace that are out of this kustomize package.
 # It should be run by config/default

config/crd/kustomization.yaml

@@ -9,7 +9,6 @@ spec:
     webhook:
       clientConfig:
         service:
-          namespace: system
           name: webhook-service
           path: /convert
       conversionReviewVersions:

config/crd/patches/webhook_in_managedclustermodules.yaml

@@ -9,7 +9,6 @@ spec:
     webhook:
       clientConfig:
         service:
-          namespace: system
           name: webhook-service
           path: /convert
       conversionReviewVersions:

config/crd/patches/webhook_in_modules.yaml

@@ -1,3 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
 # Adds namespace to all resources.
 namespace: kmm-operator-system
 

config/default-hub/kustomization.yaml

@@ -1,5 +1,5 @@
-# Adds namespace to all resources.
-namespace: kmm-operator-system
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
 
 # Value of this field is prepended to the
 # names of all resources, e.g. a deployment named
@@ -20,7 +20,7 @@ bases:
 # crd/kustomization.yaml
 #- ../webhook
 # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required.
-#- ../certmanager
+- ../certmanager
 # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
 #- ../prometheus
 
@@ -62,3 +62,15 @@ vars:
 #    kind: Service
 #    version: v1
 #    name: webhook-service
+
+transformers:
+- |-
+  apiVersion: builtin
+  kind: NamespaceTransformer
+  metadata:
+    name: notImportantHere
+    namespace: kmm-operator-system
+  unsetOnly: true
+  fieldSpecs:
+  - path: metadata/namespace
+    create: true

config/default/kustomization.yaml

@@ -3,13 +3,12 @@ kind: Namespace
 metadata:
   labels:
     control-plane: controller-manager
-  name: system
+  name: kmm-operator-system
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: controller-manager
-  namespace: system
   labels:
     control-plane: controller-manager
 spec:

config/manager-base/manager.yaml

@@ -4,7 +4,6 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: controller-manager
-  namespace: system
 spec:
   template:
     spec:

config/manager-base/manager_auth_proxy_patch.yaml

@@ -2,7 +2,6 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: controller-manager
-  namespace: system
 spec:
   template:
     spec:

config/manager-base/manager_config_patch.yaml

@@ -1,3 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
 # These resources constitute the fully configured set of manifests
 # used to generate the 'manifests/' directory in a bundle.
 resources:
@@ -15,7 +18,6 @@ resources:
 #    version: v1
 #    kind: Deployment
 #    name: controller-manager
-#    namespace: system
 #  patch: |-
 #    # Remove the manager container's "cert" volumeMount, since OLM will create and mount a set of certs.
 #    # Update the indices in this path if adding or removing containers/volumeMounts in the manager's Deployment.

config/manifests-hub/kustomization.yaml

@@ -1,3 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
 # These resources constitute the fully configured set of manifests
 # used to generate the 'manifests/' directory in a bundle.
 resources:
@@ -15,7 +18,6 @@ resources:
 #    version: v1
 #    kind: Deployment
 #    name: controller-manager
-#    namespace: system
 #  patch: |-
 #    # Remove the manager container's "cert" volumeMount, since OLM will create and mount a set of certs.
 #    # Update the indices in this path if adding or removing containers/volumeMounts in the manager's Deployment.

config/manifests/kustomization.yaml

@@ -6,7 +6,6 @@ metadata:
   labels:
     control-plane: controller-manager
   name: controller-manager-metrics-monitor
-  namespace: system
 spec:
   endpoints:
     - path: /metrics

config/prometheus/monitor.yaml

@@ -9,4 +9,3 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: controller-manager
-  namespace: system

config/rbac-base/auth_proxy_role_binding.yaml

@@ -4,7 +4,6 @@ metadata:
   labels:
     control-plane: controller-manager
   name: controller-manager-metrics-service
-  namespace: system
 spec:
   ports:
   - name: https

config/rbac-base/auth_proxy_service.yaml

@@ -1,3 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
 resources:
 # All RBAC will be applied under this service account in
 # the deployment namespace. You may comment out this resource

config/rbac-base/kustomization.yaml

@@ -9,4 +9,3 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: controller-manager
-  namespace: system

config/rbac-base/leader_election_role_binding.yaml

@@ -9,4 +9,3 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: controller-manager
-  namespace: system

config/rbac-base/role_binding.yaml

@@ -2,4 +2,3 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: controller-manager
-  namespace: system

config/rbac-base/service_account.yaml

@@ -1,3 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
 resources:
   - ../rbac-base
   - role.yaml

config/rbac-hub/kustomization.yaml

@@ -1,3 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
 resources:
   - ../rbac-base
   - role.yaml

config/rbac/kustomization.yaml

@@ -1,3 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
 resources:
 - bases/config.yaml
 patchesJson6902: