cleanup configs for production

snapp-incubator · Sep 1, 2023 · ed52e26 · ed52e26
1 parent 600b39e
commit ed52e26
Show file tree

Hide file tree

Showing 15 changed files with 52 additions and 51 deletions.
diff --git a/...s/projectcontour_v1_extentionservice.yaml → config/contour/extention.yaml b/...s/projectcontour_v1_extentionservice.yaml → config/contour/extention.yaml
diff --git a/config/contour/kustomization.yaml b/config/contour/kustomization.yaml
@@ -0,0 +1,2 @@
+resources:
+  - extention.yaml
diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
@@ -6,17 +6,21 @@ namespace: cerberus-system
 # "wordpress" becomes "alices-wordpress".
 # Note that it should also match with the prefix (text before '-') of the namespace
 # field above.
-namePrefix: cerberus-
+# namePrefix: cerberus-
 
 # Labels to add to all resources and selectors.
 #commonLabels:
 #  someName: someValue
 
+resources:
+  - namespace.yaml
+
 bases:
   - ../crd
   - ../rbac
   - ../manager
   - ../samples
+  - ../contour
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 # crd/kustomization.yaml
 #- ../webhook

diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml
@@ -3,8 +3,7 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: controller-manager
-  namespace: system
+  name: cerberus-controller-manager
 spec:
   template:
     spec:

diff --git a/config/default/manager_config_patch.yaml b/config/default/manager_config_patch.yaml
@@ -1,10 +1,9 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: controller-manager
-  namespace: system
+  name: cerberus-controller-manager
 spec:
   template:
     spec:
       containers:
-      - name: manager
+        - name: manager
diff --git a/config/default/namespace.yaml b/config/default/namespace.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    control-plane: controller-manager
+    app.kubernetes.io/name: namespace
+    app.kubernetes.io/instance: system
+    app.kubernetes.io/component: manager
+    app.kubernetes.io/created-by: cerberus
+    app.kubernetes.io/part-of: cerberus
+    app.kubernetes.io/managed-by: kustomize
+  name: cerberus-system
diff --git a/config/samples/cert-manager_cert.yaml → config/manager/certificate.yaml b/config/samples/cert-manager_cert.yaml → config/manager/certificate.yaml
@@ -4,11 +4,10 @@ metadata:
   labels:
     app.kubernetes.io/instance: cerberus
   name: cerberus-serving-cert
-  namespace: cerberus-system
 spec:
   dnsNames:
-    - cerberus-cerberus.cerberus-system.svc
-    - cerberus-cerberus.cerberus-system.svc.cluster.local
+    - cerberus.cerberus-system.svc
+    - cerberus.cerberus-system.svc.cluster.local
   issuerRef:
     kind: Issuer
     name: cerberus-cerberus-selfsigned-issuer

diff --git a/config/samples/issuer.yaml → config/manager/issuer.yaml b/config/samples/issuer.yaml → config/manager/issuer.yaml
@@ -4,6 +4,5 @@ metadata:
   labels:
     app.kubernetes.io/instance: cerberus
   name: cerberus-selfsigned-issuer
-  namespace: cerberus-system
 spec:
   selfSigned: {}
diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
@@ -1,2 +1,5 @@
 resources:
-- manager.yaml
+  - manager.yaml
+  - service.yaml
+  - certificate.yaml
+  - issuer.yaml
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -1,21 +1,7 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  labels:
-    control-plane: controller-manager
-    app.kubernetes.io/name: namespace
-    app.kubernetes.io/instance: system
-    app.kubernetes.io/component: manager
-    app.kubernetes.io/created-by: cerberus
-    app.kubernetes.io/part-of: cerberus
-    app.kubernetes.io/managed-by: kustomize
-  name: system
----
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: controller-manager
-  namespace: system
+  name: cerberus-controller-manager
   labels:
     control-plane: controller-manager
     app.kubernetes.io/name: deployment

diff --git a/config/samples/cerberus_service.yaml → config/manager/service.yaml b/config/samples/cerberus_service.yaml → config/manager/service.yaml
diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml
@@ -1,18 +1,20 @@
+namePrefix: cerberus-
+
 resources:
-# All RBAC will be applied under this service account in
-# the deployment namespace. You may comment out this resource
-# if your manager will use a service account that exists at
-# runtime. Be sure to update RoleBinding and ClusterRoleBinding
-# subjects if changing service account names.
-- service_account.yaml
-- role.yaml
-- role_binding.yaml
-- leader_election_role.yaml
-- leader_election_role_binding.yaml
-# Comment the following 4 lines if you want to disable
-# the auth proxy (https://github.com/brancz/kube-rbac-proxy)
-# which protects your /metrics endpoint.
-- auth_proxy_service.yaml
-- auth_proxy_role.yaml
-- auth_proxy_role_binding.yaml
-- auth_proxy_client_clusterrole.yaml
+  # All RBAC will be applied under this service account in
+  # the deployment namespace. You may comment out this resource
+  # if your manager will use a service account that exists at
+  # runtime. Be sure to update RoleBinding and ClusterRoleBinding
+  # subjects if changing service account names.
+  - service_account.yaml
+  - role.yaml
+  - role_binding.yaml
+  - leader_election_role.yaml
+  - leader_election_role_binding.yaml
+  # Comment the following 4 lines if you want to disable
+  # the auth proxy (https://github.com/brancz/kube-rbac-proxy)
+  # which protects your /metrics endpoint.
+  - auth_proxy_service.yaml
+  - auth_proxy_role.yaml
+  - auth_proxy_role_binding.yaml
+  - auth_proxy_client_clusterrole.yaml
diff --git a/config/samples/cerberus_v1alpha1_accesstoken.yaml b/config/samples/cerberus_v1alpha1_accesstoken.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: sample-access
+  name: cerberus-system.accesstoken-sample
   labels:
     cerberus.snappcloud.io/secret: "true"
 data:
@@ -20,4 +20,4 @@ metadata:
 spec:
   active: Active
   secretRef:
-    name: "cerberus-sample-access"
+    name: "cerberus-system.accesstoken-sample"
diff --git a/config/samples/cerberus_v1alpha1_webserviceaccessbinding.yaml b/config/samples/cerberus_v1alpha1_webserviceaccessbinding.yaml
@@ -10,6 +10,6 @@ metadata:
   name: webserviceaccessbinding-sample
 spec:
   subjects:
-    - cerberus-accesstoken-sample
+    - accesstoken-sample
   webservices:
-    - cerberus-webservice-sample
+    - webservice-sample
diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml
@@ -3,10 +3,6 @@ resources:
   - cerberus_v1alpha1_accesstoken.yaml
   - cerberus_v1alpha1_webservice.yaml
   - cerberus_v1alpha1_webserviceaccessbinding.yaml
-  - cerberus_service.yaml
-  - projectcontour_v1_extentionservice.yaml
   - projectcontour_v1_httpproxy.yaml
-  - issuer.yaml
-  - cert-manager_cert.yaml
   - echo_server.yaml
 #+kubebuilder:scaffold:manifestskustomizesamples