Bump kustomization config to kustomize/v5

grafana · Oct 10, 2024 · be888ea · be888ea
1 parent 2e4c7ba
commit be888ea
Show file tree

Hide file tree

Showing 21 changed files with 225 additions and 504 deletions.
diff --git a/operator/.bingo/Variables.mk b/operator/.bingo/Variables.mk
@@ -77,11 +77,11 @@ $(KIND): $(BINGO_DIR)/kind.mod
 	@echo "(re)installing $(GOBIN)/kind-v0.23.0"
 	@cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=kind.mod -o=$(GOBIN)/kind-v0.23.0 "sigs.k8s.io/kind"
 
-KUSTOMIZE := $(GOBIN)/kustomize-v4.5.7
+KUSTOMIZE := $(GOBIN)/kustomize-v5.4.3
 $(KUSTOMIZE): $(BINGO_DIR)/kustomize.mod
 	@# Install binary/ries using Go 1.14+ build command. This is using bwplotka/bingo-controlled, separate go module with pinned dependencies.
-	@echo "(re)installing $(GOBIN)/kustomize-v4.5.7"
-	@cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=kustomize.mod -o=$(GOBIN)/kustomize-v4.5.7 "sigs.k8s.io/kustomize/kustomize/v4"
+	@echo "(re)installing $(GOBIN)/kustomize-v5.4.3"
+	@cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=kustomize.mod -o=$(GOBIN)/kustomize-v5.4.3 "sigs.k8s.io/kustomize/kustomize/v5"
 
 OPERATOR_SDK := $(GOBIN)/operator-sdk-v1.37.0
 $(OPERATOR_SDK): $(BINGO_DIR)/operator-sdk.mod

diff --git a/operator/.bingo/kustomize.mod b/operator/.bingo/kustomize.mod
@@ -1,9 +1,5 @@
 module _ // Auto generated by https://github.com/bwplotka/bingo. DO NOT EDIT
 
-go 1.17
+go 1.22.8
 
-exclude sigs.k8s.io/kustomize/api v0.2.0
-
-exclude sigs.k8s.io/kustomize/cmd/config v0.2.0
-
-require sigs.k8s.io/kustomize/kustomize/v4 v4.5.7
+require sigs.k8s.io/kustomize/kustomize/v5 v5.4.3
diff --git a/operator/.bingo/kustomize.sum b/operator/.bingo/kustomize.sum
diff --git a/operator/.bingo/variables.env b/operator/.bingo/variables.env
@@ -28,7 +28,7 @@ JSONNETFMT="${GOBIN}/jsonnetfmt-v0.20.0"
 
 KIND="${GOBIN}/kind-v0.23.0"
 
-KUSTOMIZE="${GOBIN}/kustomize-v4.5.7"
+KUSTOMIZE="${GOBIN}/kustomize-v5.4.3"
 
 OPERATOR_SDK="${GOBIN}/operator-sdk-v1.37.0"
 

diff --git a/...nity-openshift/manifests/loki-operator-controller-manager-metrics-service_v1_service.yaml b/...nity-openshift/manifests/loki-operator-controller-manager-metrics-service_v1_service.yaml
@@ -5,7 +5,6 @@ metadata:
     service.beta.openshift.io/serving-cert-secret-name: loki-operator-metrics
   creationTimestamp: null
   labels:
-    app.kubernetes.io/component: metrics
     app.kubernetes.io/instance: loki-operator-v0.6.2
     app.kubernetes.io/managed-by: operator-lifecycle-manager
     app.kubernetes.io/name: loki-operator

diff --git a/operator/bundle/community-openshift/manifests/loki-operator.clusterserviceversion.yaml b/operator/bundle/community-openshift/manifests/loki-operator.clusterserviceversion.yaml
@@ -150,7 +150,7 @@ metadata:
     categories: OpenShift Optional, Logging & Tracing
     certified: "false"
     containerImage: docker.io/grafana/loki-operator:0.6.2
-    createdAt: "2024-10-10T12:21:05Z"
+    createdAt: "2024-10-10T12:51:57Z"
     description: The Community Loki Operator provides Kubernetes native deployment
       and management of Loki and related logging components.
     features.operators.openshift.io/disconnected: "true"

diff --git a/operator/bundle/community/manifests/loki-operator.clusterserviceversion.yaml b/operator/bundle/community/manifests/loki-operator.clusterserviceversion.yaml
@@ -150,7 +150,7 @@ metadata:
     categories: OpenShift Optional, Logging & Tracing
     certified: "false"
     containerImage: docker.io/grafana/loki-operator:0.6.2
-    createdAt: "2024-10-10T12:21:03Z"
+    createdAt: "2024-10-10T12:51:55Z"
     description: The Community Loki Operator provides Kubernetes native deployment
       and management of Loki and related logging components.
     operators.operatorframework.io/builder: operator-sdk-unknown

diff --git a/operator/bundle/community/manifests/loki.grafana.com_alertingrules.yaml b/operator/bundle/community/manifests/loki.grafana.com_alertingrules.yaml
@@ -2,6 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
+    cert-manager.io/inject-ca-from: loki-operator/loki-operator-serving-cert
     controller-gen.kubebuilder.io/version: v0.16.3
   creationTimestamp: null
   labels:

diff --git a/operator/bundle/community/manifests/loki.grafana.com_lokistacks.yaml b/operator/bundle/community/manifests/loki.grafana.com_lokistacks.yaml
@@ -2,6 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
+    cert-manager.io/inject-ca-from: loki-operator/loki-operator-serving-cert
     controller-gen.kubebuilder.io/version: v0.16.3
   creationTimestamp: null
   labels:

diff --git a/operator/bundle/community/manifests/loki.grafana.com_recordingrules.yaml b/operator/bundle/community/manifests/loki.grafana.com_recordingrules.yaml
@@ -2,6 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
+    cert-manager.io/inject-ca-from: loki-operator/loki-operator-serving-cert
     controller-gen.kubebuilder.io/version: v0.16.3
   creationTimestamp: null
   labels:

diff --git a/operator/bundle/community/manifests/loki.grafana.com_rulerconfigs.yaml b/operator/bundle/community/manifests/loki.grafana.com_rulerconfigs.yaml
@@ -2,6 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
+    cert-manager.io/inject-ca-from: loki-operator/loki-operator-serving-cert
     controller-gen.kubebuilder.io/version: v0.16.3
   creationTimestamp: null
   labels:

diff --git a/...ndle/openshift/manifests/loki-operator-controller-manager-metrics-service_v1_service.yaml b/...ndle/openshift/manifests/loki-operator-controller-manager-metrics-service_v1_service.yaml
@@ -5,7 +5,6 @@ metadata:
     service.beta.openshift.io/serving-cert-secret-name: loki-operator-metrics
   creationTimestamp: null
   labels:
-    app.kubernetes.io/component: metrics
     app.kubernetes.io/instance: loki-operator-0.1.0
     app.kubernetes.io/managed-by: operator-lifecycle-manager
     app.kubernetes.io/name: loki-operator

diff --git a/operator/bundle/openshift/manifests/loki-operator.clusterserviceversion.yaml b/operator/bundle/openshift/manifests/loki-operator.clusterserviceversion.yaml
@@ -150,7 +150,7 @@ metadata:
     categories: OpenShift Optional, Logging & Tracing
     certified: "false"
     containerImage: quay.io/openshift-logging/loki-operator:0.1.0
-    createdAt: "2024-10-10T12:21:07Z"
+    createdAt: "2024-10-10T12:51:58Z"
     description: |
       The Loki Operator for OCP provides a means for configuring and managing a Loki stack for cluster logging.
       ## Prerequisites and Requirements

diff --git a/operator/config/certmanager/certificate.yaml b/operator/config/certmanager/certificate.yaml
@@ -15,10 +15,10 @@ metadata:
   name: serving-cert  # this name should match the one appeared in kustomizeconfig.yaml
   namespace: system
 spec:
-  # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize
+  # SERVICE_NAME_PLACEHOLDER and SERVICE_NAMESPACE_PLACEHOLDER will be substituted by kustomize
   dnsNames:
-  - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc
-  - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local
+  - SERVICE_NAME_PLACEHOLDER.SERVICE_NAMESPACE_PLACEHOLDER.svc
+  - SERVICE_NAME_PLACEHOLDER.SERVICE_NAMESPACE_PLACEHOLDER.svc.cluster.local
   issuerRef:
     kind: Issuer
     name: selfsigned-issuer

diff --git a/operator/config/crd/kustomization.yaml b/operator/config/crd/kustomization.yaml
@@ -8,13 +8,8 @@ resources:
 - bases/loki.grafana.com_rulerconfigs.yaml
 # +kubebuilder:scaffold:crdkustomizeresource
 
-patchesStrategicMerge:
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
 # patches here are for enabling the conversion webhook for each CRD
-- patches/webhook_in_lokistacks.yaml
-- patches/webhook_in_alertingrules.yaml
-- patches/webhook_in_recordingrules.yaml
-- patches/webhook_in_rulerconfigs.yaml
 # +kubebuilder:scaffold:crdkustomizewebhookpatch
 
 # [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix.
@@ -28,3 +23,10 @@ patchesStrategicMerge:
 # the following config is for teaching kustomize how to do kustomization for CRDs.
 configurations:
 - kustomizeconfig.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+patches:
+- path: patches/webhook_in_lokistacks.yaml
+- path: patches/webhook_in_alertingrules.yaml
+- path: patches/webhook_in_recordingrules.yaml
+- path: patches/webhook_in_rulerconfigs.yaml
diff --git a/operator/config/overlays/community-openshift/kustomization.yaml b/operator/config/overlays/community-openshift/kustomization.yaml
@@ -5,26 +5,28 @@ resources:
 namespace: kubernetes-operators
 
 labels:
-- pairs:
+- includeSelectors: true
+  pairs:
+    app.kubernetes.io/managed-by: operator-lifecycle-manager
     app.kubernetes.io/name: loki-operator
     app.kubernetes.io/part-of: loki-operator
-    app.kubernetes.io/managed-by: operator-lifecycle-manager
-  includeSelectors: true
 - pairs:
     app.kubernetes.io/instance: loki-operator-v0.6.2
-    app.kubernetes.io/version: "0.6.2"
+    app.kubernetes.io/version: 0.6.2
 
 configMapGenerator:
-- files:
+- behavior: replace
+  files:
   - controller_manager_config.yaml
   name: manager-config
-  behavior: replace
 
-patchesStrategicMerge:
-- manager_related_image_patch.yaml
-- prometheus_service_monitor_patch.yaml
 
 images:
 - name: controller
   newName: docker.io/grafana/loki-operator
   newTag: 0.6.2
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+patches:
+- path: manager_related_image_patch.yaml
+- path: prometheus_service_monitor_patch.yaml
diff --git a/operator/config/overlays/community/kustomization.yaml b/operator/config/overlays/community/kustomization.yaml
@@ -16,14 +16,14 @@ namespace: loki-operator
 namePrefix: loki-operator-
 
 labels:
-- pairs:
+- includeSelectors: true
+  pairs:
+    app.kubernetes.io/managed-by: operator-lifecycle-manager
     app.kubernetes.io/name: loki-operator
     app.kubernetes.io/part-of: loki-operator
-    app.kubernetes.io/managed-by: operator-lifecycle-manager
-  includeSelectors: true
 - pairs:
     app.kubernetes.io/instance: loki-operator-v0.6.2
-    app.kubernetes.io/version: "0.6.2"
+    app.kubernetes.io/version: 0.6.2
 
 generatorOptions:
   disableNameSuffixHash: true
@@ -33,44 +33,118 @@ configMapGenerator:
   - controller_manager_config.yaml
   name: manager-config
 
-patchesStrategicMerge:
-- manager_auth_proxy_patch.yaml
-- manager_related_image_patch.yaml
-- manager_run_flags_patch.yaml
-- manager_webhook_patch.yaml
-- webhookcainjection_patch.yaml
 
 images:
 - name: controller
   newName: docker.io/grafana/loki-operator
   newTag: 0.6.2
 
 # the following config is for teaching kustomize how to do var substitution
-vars:
 # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
-- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
-  objref:
-    kind: Certificate
-    group: cert-manager.io
-    version: v1
-    name: serving-cert # this name should match the one in certificate.yaml
-  fieldref:
-    fieldpath: metadata.namespace
-- name: CERTIFICATE_NAME
-  objref:
-    kind: Certificate
-    group: cert-manager.io
-    version: v1
-    name: serving-cert # this name should match the one in certificate.yaml
-- name: SERVICE_NAMESPACE # namespace of the service
-  objref:
-    kind: Service
-    version: v1
-    name: webhook-service
-  fieldref:
-    fieldpath: metadata.namespace
-- name: SERVICE_NAME
-  objref:
-    kind: Service
-    version: v1
-    name: webhook-service
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+patches:
+- path: manager_auth_proxy_patch.yaml
+- path: manager_related_image_patch.yaml
+- path: manager_run_flags_patch.yaml
+- path: manager_webhook_patch.yaml
+- path: webhookcainjection_patch.yaml
+# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
+# Uncomment the following replacements to add the cert-manager CA injection annotations
+replacements:
+ - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs
+     kind: Certificate
+     group: cert-manager.io
+     version: v1
+     name: serving-cert # this name should match the one in certificate.yaml
+     fieldPath: .metadata.namespace # namespace of the certificate CR
+   targets:
+     - select:
+         kind: ValidatingWebhookConfiguration
+       fieldPaths:
+         - .metadata.annotations.[cert-manager.io/inject-ca-from]
+       options:
+         delimiter: '/'
+         index: 0
+         create: true
+     - select:
+         kind: MutatingWebhookConfiguration
+       fieldPaths:
+         - .metadata.annotations.[cert-manager.io/inject-ca-from]
+       options:
+         delimiter: '/'
+         index: 0
+         create: true
+     - select:
+         kind: CustomResourceDefinition
+       fieldPaths:
+         - .metadata.annotations.[cert-manager.io/inject-ca-from]
+       options:
+         delimiter: '/'
+         index: 0
+         create: true
+ - source:
+     kind: Certificate
+     group: cert-manager.io
+     version: v1
+     name: serving-cert # this name should match the one in certificate.yaml
+     fieldPath: .metadata.name
+   targets:
+     - select:
+         kind: ValidatingWebhookConfiguration
+       fieldPaths:
+         - .metadata.annotations.[cert-manager.io/inject-ca-from]
+       options:
+         delimiter: '/'
+         index: 1
+         create: true
+     - select:
+         kind: MutatingWebhookConfiguration
+       fieldPaths:
+         - .metadata.annotations.[cert-manager.io/inject-ca-from]
+       options:
+         delimiter: '/'
+         index: 1
+         create: true
+     - select:
+         kind: CustomResourceDefinition
+       fieldPaths:
+         - .metadata.annotations.[cert-manager.io/inject-ca-from]
+       options:
+         delimiter: '/'
+         index: 1
+         create: true
+ - source: # Add cert-manager annotation to the webhook Service
+     kind: Service
+     version: v1
+     name: webhook-service
+     fieldPath: .metadata.name # namespace of the service
+   targets:
+     - select:
+         kind: Certificate
+         group: cert-manager.io
+         version: v1
+       fieldPaths:
+         - .spec.dnsNames.0
+         - .spec.dnsNames.1
+       options:
+         delimiter: '.'
+         index: 0
+         create: true
+ - source:
+     kind: Service
+     version: v1
+     name: webhook-service
+     fieldPath: .metadata.namespace # namespace of the service
+   targets:
+     - select:
+         kind: Certificate
+         group: cert-manager.io
+         version: v1
+       fieldPaths:
+         - .spec.dnsNames.0
+         - .spec.dnsNames.1
+       options:
+         delimiter: '.'
+         index: 1
+         create: true
diff --git a/operator/config/overlays/community/webhookcainjection_patch.yaml b/operator/config/overlays/community/webhookcainjection_patch.yaml
@@ -1,5 +1,5 @@
 # This patch add annotation to admission webhook config and
-# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize.
+# the variables CERTIFICATE_NAMESPACE_PLACEHOLDER and CERTIFICATE_NAME_PLACEHOLDER will be substituted by kustomize.
 #
 # [WEBHOOK] To enable mutating webhook hook, uncomment the following section
 #
@@ -8,11 +8,11 @@
 # metadata:
 #   name: mutating-webhook-configuration
 #   annotations:
-#     cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+#     cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE_PLACEHOLDER/CERTIFICATE_NAME_PLACEHOLDER
 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
   name: validating-webhook-configuration
   annotations:
-    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+    cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE_PLACEHOLDER/CERTIFICATE_NAME_PLACEHOLDER