Merge pull request #4737 from RadekManak/kustomize-5

Update Kustomize to v5.4.1

Author: k8s-ci-robot

Makefile

@@ -85,7 +85,7 @@ GOLANGCI_LINT_VER := v1.55.2
 GOLANGCI_LINT_BIN := golangci-lint
 GOLANGCI_LINT := $(TOOLS_BIN_DIR)/$(GOLANGCI_LINT_BIN)-$(GOLANGCI_LINT_VER)
 
-KUSTOMIZE_VER := v4.5.2
+KUSTOMIZE_VER := v5.4.1
 KUSTOMIZE_BIN := kustomize
 KUSTOMIZE := $(TOOLS_BIN_DIR)/$(KUSTOMIZE_BIN)-$(KUSTOMIZE_VER)
 
@@ -755,7 +755,7 @@ $(GOLANGCI_LINT): ## Build golangci-lint from tools folder.
 	GOBIN=$(TOOLS_BIN_DIR) $(GO_INSTALL) github.com/golangci/golangci-lint/cmd/golangci-lint $(GOLANGCI_LINT_BIN) $(GOLANGCI_LINT_VER)
 
 $(KUSTOMIZE): ## Build kustomize from tools folder.
-	GOBIN=$(TOOLS_BIN_DIR) $(GO_INSTALL) sigs.k8s.io/kustomize/kustomize/v4 $(KUSTOMIZE_BIN) $(KUSTOMIZE_VER)
+	GOBIN=$(TOOLS_BIN_DIR) $(GO_INSTALL) sigs.k8s.io/kustomize/kustomize/v5 $(KUSTOMIZE_BIN) $(KUSTOMIZE_VER)
 
 $(MOCKGEN): ## Build mockgen from tools folder.
 	GOBIN=$(TOOLS_BIN_DIR) $(GO_INSTALL) go.uber.org/mock/mockgen $(MOCKGEN_BIN) $(MOCKGEN_VER)

config/aso/kustomization.yaml

@@ -6,19 +6,17 @@ resources:
 - crds.yaml
 - settings.yaml
 
-patchesStrategicMerge:
-- patches/visualizer_label_in_bastionhosts.yaml
-- patches/visualizer_label_in_extensions.yaml
-- patches/visualizer_label_in_fleetmembers.yaml
-- patches/visualizer_label_in_managedclusteragentpools.yaml
-- patches/visualizer_label_in_managed_clusters.yaml
-- patches/visualizer_label_in_natgateways.yaml
-- patches/visualizer_label_in_privateendpoints.yaml
-- patches/visualizer_label_in_resourcegroups.yaml
-- patches/visualizer_label_in_subnets.yaml
-- patches/visualizer_label_in_virtualnetworks.yaml
-
 patches:
+  - path: patches/visualizer_label_in_bastionhosts.yaml
+  - path: patches/visualizer_label_in_extensions.yaml
+  - path: patches/visualizer_label_in_fleetmembers.yaml
+  - path: patches/visualizer_label_in_managedclusteragentpools.yaml
+  - path: patches/visualizer_label_in_managed_clusters.yaml
+  - path: patches/visualizer_label_in_natgateways.yaml
+  - path: patches/visualizer_label_in_privateendpoints.yaml
+  - path: patches/visualizer_label_in_resourcegroups.yaml
+  - path: patches/visualizer_label_in_subnets.yaml
+  - path: patches/visualizer_label_in_virtualnetworks.yaml
   - patch: |- # default kustomization includes a namespace already
       $patch: delete
       apiVersion: v1
@@ -48,6 +46,7 @@ replacements:
     targets:
       - select:
           version: v1
+          annotationSelector: cert-manager.io/inject-ca-from
         fieldPaths:
           - metadata.annotations.cert-manager\.io/inject-ca-from
         options:

config/capz/kustomization.yaml

@@ -3,52 +3,119 @@ namespace: capz-system
 namePrefix: capz-
 
 # Labels to add to all resources and selectors.
-commonLabels:
-  cluster.x-k8s.io/provider: "infrastructure-azure"
+labels:
+- includeSelectors: true
+  pairs:
+    cluster.x-k8s.io/provider: infrastructure-azure
 
 resources:
-  - namespace.yaml
-
-bases:
-  - ../crd
-  - ../rbac
-  - ../manager
-  - ../webhook
-  - ../certmanager
-
-patchesStrategicMerge:
-  - manager_image_patch.yaml
-  - manager_pull_policy.yaml
-  - manager_webhook_patch.yaml
-  - webhookcainjection_patch.yaml
-
-vars:
-  - name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
-    objref:
-      kind: Certificate
+- namespace.yaml
+- ../crd
+- ../rbac
+- ../manager
+- ../webhook
+- ../certmanager
+
+patches:
+- path: manager_image_patch.yaml
+- path: manager_pull_policy.yaml
+- path: manager_webhook_patch.yaml
+- path: validatingwebhookcainjection_patch.yaml
+- path: mutatingwebhookcainjection_patch.yaml
+
+configurations:
+- kustomizeconfig.yaml
+
+replacements:
+- source: # CERTIFICATE_NAMESPACE
+    fieldPath: metadata.namespace
+    kind: Certificate
+    name: serving-cert
+  targets:
+  - fieldPaths:
+    - metadata.annotations.[cert-manager.io/inject-ca-from]
+    options:
+      delimiter: /
+    select:
+      annotationSelector: cert-manager.io/inject-ca-from
+- source: # CERTIFICATE_NAME
+    kind: Certificate
+    name: serving-cert
+  targets:
+  - fieldPaths:
+    - metadata.annotations.[cert-manager.io/inject-ca-from]
+    options:
+      delimiter: /
+      index: 1
+    select:
+      annotationSelector: cert-manager.io/inject-ca-from
+
+- source: # SERVICE_NAMESPACE
+    fieldPath: metadata.namespace
+    kind: Service
+    name: webhook-service
+  targets:
+  - fieldPaths:
+    - spec.dnsNames.0
+    options:
+      delimiter: .
+      index: 1
+    select:
       group: cert-manager.io
+      kind: Certificate
+      name: serving-cert
+      namespace: system
       version: v1
-      name: serving-cert # this name should match the one in certificate.yaml
-    fieldref:
-      fieldpath: metadata.namespace
-  - name: CERTIFICATE_NAME
-    objref:
+  - fieldPaths:
+    - spec.dnsNames.1
+    options:
+      delimiter: .
+      index: 1
+    select:
+      group: cert-manager.io
       kind: Certificate
+      name: serving-cert
+      namespace: system
+      version: v1
+
+- source: # SERVICE_NAME
+    kind: Service
+    name: webhook-service
+  targets:
+  - fieldPaths:
+    - spec.dnsNames.0
+    options:
+      delimiter: .
+    select:
       group: cert-manager.io
+      kind: Certificate
+      name: serving-cert
+      namespace: system
       version: v1
-      name: serving-cert # this name should match the one in certificate.yaml
-  - name: SERVICE_NAMESPACE # namespace of the service
-    objref:
-      kind: Service
+  - fieldPaths:
+    - spec.dnsNames.1
+    options:
+      delimiter: .
+    select:
+      group: cert-manager.io
+      kind: Certificate
+      name: serving-cert
+      namespace: system
       version: v1
-      name: webhook-service
-    fieldref:
-      fieldpath: metadata.namespace
-  - name: SERVICE_NAME
-    objref:
-      kind: Service
+  - fieldPaths:
+    - spec.secretName
+    options:
+      delimiter: '-'
+    select:
+      group: cert-manager.io
+      kind: Certificate
+      name: serving-cert
+      namespace: system
       version: v1
-      name: webhook-service
-
-configurations:
-  - kustomizeconfig.yaml
+  - fieldPaths:
+    - spec.template.spec.volumes.0.secret.secretName
+    options:
+      delimiter: '-'
+    select:
+      name: controller-manager
+      namespace: system

config/capz/manager_webhook_patch.yaml

@@ -20,4 +20,4 @@ spec:
         - name: cert
           secret:
             defaultMode: 420
-            secretName: $(SERVICE_NAME)-cert
+            secretName: SERVICE_NAME_PLACEHOLDER-cert

config/capz/mutatingwebhookcainjection_patch.yaml

@@ -0,0 +1,8 @@
+# This patch add annotation to admission webhook config and
+# the variables CERTIFICATE_NAMESPACE and CERTIFICATE_NAME will be substituted by kustomize.
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  name: mutating-webhook-configuration
+  annotations:
+    cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE_PLACEHOLDER/CERTIFICATE_NAME_PLACEHOLDER

config/capz/validatingwebhookcainjection_patch.yaml

@@ -0,0 +1,8 @@
+# This patch add annotation to admission webhook config and
+# the variables CERTIFICATE_NAMESPACE and CERTIFICATE_NAME will be substituted by kustomize.
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: validating-webhook-configuration
+  annotations:
+    cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE_PLACEHOLDER/CERTIFICATE_NAME_PLACEHOLDER

config/capz/webhookcainjection_patch.yaml

@@ -14,11 +14,10 @@ metadata:
   name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml
   namespace: system
 spec:
-  # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize
   dnsNames:
-    - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc
-    - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local
+    - SERVICE_NAME_PLACEHOLDER.SERVICE_NAMESPACE_PLACEHOLDER.svc
+    - SERVICE_NAME_PLACEHOLDER.SERVICE_NAMESPACE_PLACEHOLDER.svc.cluster.local
   issuerRef:
     kind: Issuer
     name: selfsigned-issuer
-  secretName: $(SERVICE_NAME)-cert
+  secretName: SERVICE_NAME_PLACEHOLDER-cert

config/certmanager/certificate.yaml

@@ -6,14 +6,3 @@ nameReference:
       - kind: Certificate
         group: cert-manager.io
         path: spec/issuerRef/name
-
-varReference:
-  - kind: Certificate
-    group: cert-manager.io
-    path: spec/commonName
-  - kind: Certificate
-    group: cert-manager.io
-    path: spec/dnsNames
-  - kind: Certificate
-    group: cert-manager.io
-    path: spec/secretName

config/certmanager/kustomizeconfig.yaml

@@ -25,54 +25,54 @@ resources:
 # +kubebuilder:scaffold:crdkustomizeresource
 
 
-patchesStrategicMerge:
+patches:
   # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
   # patches here are for enabling the conversion webhook for each CRD
-  - patches/webhook_in_azuremachines.yaml
-  - patches/webhook_in_azureclusters.yaml
-  - patches/webhook_in_azureclustertemplates.yaml
-  - patches/webhook_in_azureclusteridentities.yaml
-  - patches/webhook_in_azuremachinetemplates.yaml
-  - patches/webhook_in_azuremachinepools.yaml
-  - patches/webhook_in_azuremachinepoolmachines.yaml
-  # - patches/webhook_in_azuremanagedmachinepools.yaml
-  # - patches/webhook_in_azuremanagedclusters.yaml
-  # - patches/webhook_in_azuremanagedcontrolplanes.yaml
+  - path: patches/webhook_in_azuremachines.yaml
+  - path: patches/webhook_in_azureclusters.yaml
+  - path: patches/webhook_in_azureclustertemplates.yaml
+  - path: patches/webhook_in_azureclusteridentities.yaml
+  - path: patches/webhook_in_azuremachinetemplates.yaml
+  - path: patches/webhook_in_azuremachinepools.yaml
+  - path: patches/webhook_in_azuremachinepoolmachines.yaml
+  # - path: patches/webhook_in_azuremanagedmachinepools.yaml
+  # - path: patches/webhook_in_azuremanagedclusters.yaml
+  # - path: patches/webhook_in_azuremanagedcontrolplanes.yaml
   # +kubebuilder:scaffold:crdkustomizewebhookpatch
 
   # [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix.
   # patches here are for enabling the CA injection for each CRD
-  - patches/cainjection_in_azuremachines.yaml
-  - patches/cainjection_in_azureclusters.yaml
-  - patches/cainjection_in_azureclustertemplates.yaml
-  - patches/cainjection_in_azureclusteridentities.yaml
-  - patches/cainjection_in_azuremachinetemplates.yaml
-  - patches/cainjection_in_azuremachinepools.yaml
-  - patches/cainjection_in_azuremachinepoolmachines.yaml
-  # - patches/cainjection_in_azuremanagedmachinepools.yaml
-  # - patches/cainjection_in_azuremanagedclusters.yaml
-  # - patches/cainjection_in_azuremanagedcontrolplanes.yaml
+  - path: patches/cainjection_in_azuremachines.yaml
+  - path: patches/cainjection_in_azureclusters.yaml
+  - path: patches/cainjection_in_azureclustertemplates.yaml
+  - path: patches/cainjection_in_azureclusteridentities.yaml
+  - path: patches/cainjection_in_azuremachinetemplates.yaml
+  - path: patches/cainjection_in_azuremachinepools.yaml
+  - path: patches/cainjection_in_azuremachinepoolmachines.yaml
+  # - path: patches/cainjection_in_azuremanagedmachinepools.yaml
+  # - path: patches/cainjection_in_azuremanagedclusters.yaml
+  # - path: patches/cainjection_in_azuremanagedcontrolplanes.yaml
   # +kubebuilder:scaffold:crdkustomizecainjectionpatch
 
-  - patches/capicontract_in_azuremachines.yaml
-  - patches/capicontract_in_azureclusters.yaml
-  - patches/capicontract_in_azureclustertemplates.yaml
-  - patches/capicontract_in_azuremachinetemplates.yaml
-  - patches/capicontract_in_azureclusteridentities.yaml
-  - patches/capicontract_in_azuremachinepools.yaml
-  - patches/capicontract_in_azuremanagedmachinepools.yaml
-  - patches/capicontract_in_azuremanagedclusters.yaml
-  - patches/capicontract_in_azuremanagedcontrolplanes.yaml
-  - patches/capicontract_in_azuremachinepoolmachines.yaml
-  - patches/capicontract_in_azuremanagedclustertemplates.yaml
-  - patches/capicontract_in_azuremanagedcontrolplanetemplates.yaml
-  - patches/capicontract_in_azuremanagedmachinepooltemplates.yaml
-  - patches/capicontract_in_azureasomanagedclusters.yaml
-  - patches/capicontract_in_azureasomanagedclustertemplates.yaml
-  - patches/capicontract_in_azureasomanagedcontrolplanes.yaml
-  - patches/capicontract_in_azureasomanagedcontrolplanetemplates.yaml
-  - patches/capicontract_in_azureasomanagedmachinepools.yaml
-  - patches/capicontract_in_azureasomanagedmachinepooltemplates.yaml
+  - path: patches/capicontract_in_azuremachines.yaml
+  - path: patches/capicontract_in_azureclusters.yaml
+  - path: patches/capicontract_in_azureclustertemplates.yaml
+  - path: patches/capicontract_in_azuremachinetemplates.yaml
+  - path: patches/capicontract_in_azureclusteridentities.yaml
+  - path: patches/capicontract_in_azuremachinepools.yaml
+  - path: patches/capicontract_in_azuremanagedmachinepools.yaml
+  - path: patches/capicontract_in_azuremanagedclusters.yaml
+  - path: patches/capicontract_in_azuremanagedcontrolplanes.yaml
+  - path: patches/capicontract_in_azuremachinepoolmachines.yaml
+  - path: patches/capicontract_in_azuremanagedclustertemplates.yaml
+  - path: patches/capicontract_in_azuremanagedcontrolplanetemplates.yaml
+  - path: patches/capicontract_in_azuremanagedmachinepooltemplates.yaml
+  - path: patches/capicontract_in_azureasomanagedclusters.yaml
+  - path: patches/capicontract_in_azureasomanagedclustertemplates.yaml
+  - path: patches/capicontract_in_azureasomanagedcontrolplanes.yaml
+  - path: patches/capicontract_in_azureasomanagedcontrolplanetemplates.yaml
+  - path: patches/capicontract_in_azureasomanagedmachinepools.yaml
+  - path: patches/capicontract_in_azureasomanagedmachinepooltemplates.yaml
 
 # the following config is for teaching kustomize how to do kustomization for CRDs.
 configurations: