From ed52e26791328fb55958b30cd6428d2604eddfc2 Mon Sep 17 00:00:00 2001
From: Saman Mahdanian <saman@mahdanian.xyz>
Date: Fri, 1 Sep 2023 17:18:58 +0330
Subject: [PATCH] cleanup configs for production

---
 .../extention.yaml}                           |  0
 config/contour/kustomization.yaml             |  2 ++
 config/default/kustomization.yaml             |  6 +++-
 config/default/manager_auth_proxy_patch.yaml  |  3 +-
 config/default/manager_config_patch.yaml      |  5 ++-
 config/default/namespace.yaml                 | 12 +++++++
 .../certificate.yaml}                         |  5 ++-
 config/{samples => manager}/issuer.yaml       |  1 -
 config/manager/kustomization.yaml             |  5 ++-
 config/manager/manager.yaml                   | 16 +--------
 .../service.yaml}                             |  0
 config/rbac/kustomization.yaml                | 36 ++++++++++---------
 .../cerberus_v1alpha1_accesstoken.yaml        |  4 +--
 ...erus_v1alpha1_webserviceaccessbinding.yaml |  4 +--
 config/samples/kustomization.yaml             |  4 ---
 15 files changed, 52 insertions(+), 51 deletions(-)
 rename config/{samples/projectcontour_v1_extentionservice.yaml => contour/extention.yaml} (100%)
 create mode 100644 config/contour/kustomization.yaml
 create mode 100644 config/default/namespace.yaml
 rename config/{samples/cert-manager_cert.yaml => manager/certificate.yaml} (67%)
 rename config/{samples => manager}/issuer.yaml (84%)
 rename config/{samples/cerberus_service.yaml => manager/service.yaml} (100%)

diff --git a/config/samples/projectcontour_v1_extentionservice.yaml b/config/contour/extention.yaml
similarity index 100%
rename from config/samples/projectcontour_v1_extentionservice.yaml
rename to config/contour/extention.yaml
diff --git a/config/contour/kustomization.yaml b/config/contour/kustomization.yaml
new file mode 100644
index 0000000..8ebaa57
--- /dev/null
+++ b/config/contour/kustomization.yaml
@@ -0,0 +1,2 @@
+resources:
+  - extention.yaml
diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
index 6a87d8a..8532795 100644
--- a/config/default/kustomization.yaml
+++ b/config/default/kustomization.yaml
@@ -6,17 +6,21 @@ namespace: cerberus-system
 # "wordpress" becomes "alices-wordpress".
 # Note that it should also match with the prefix (text before '-') of the namespace
 # field above.
-namePrefix: cerberus-
+# namePrefix: cerberus-
 
 # Labels to add to all resources and selectors.
 #commonLabels:
 #  someName: someValue
 
+resources:
+  - namespace.yaml
+
 bases:
   - ../crd
   - ../rbac
   - ../manager
   - ../samples
+  - ../contour
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 # crd/kustomization.yaml
 #- ../webhook
diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml
index fac32ca..43d974c 100644
--- a/config/default/manager_auth_proxy_patch.yaml
+++ b/config/default/manager_auth_proxy_patch.yaml
@@ -3,8 +3,7 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: controller-manager
-  namespace: system
+  name: cerberus-controller-manager
 spec:
   template:
     spec:
diff --git a/config/default/manager_config_patch.yaml b/config/default/manager_config_patch.yaml
index f6f5891..fdfb7c0 100644
--- a/config/default/manager_config_patch.yaml
+++ b/config/default/manager_config_patch.yaml
@@ -1,10 +1,9 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: controller-manager
-  namespace: system
+  name: cerberus-controller-manager
 spec:
   template:
     spec:
       containers:
-      - name: manager
+        - name: manager
diff --git a/config/default/namespace.yaml b/config/default/namespace.yaml
new file mode 100644
index 0000000..e2cf59b
--- /dev/null
+++ b/config/default/namespace.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    control-plane: controller-manager
+    app.kubernetes.io/name: namespace
+    app.kubernetes.io/instance: system
+    app.kubernetes.io/component: manager
+    app.kubernetes.io/created-by: cerberus
+    app.kubernetes.io/part-of: cerberus
+    app.kubernetes.io/managed-by: kustomize
+  name: cerberus-system
diff --git a/config/samples/cert-manager_cert.yaml b/config/manager/certificate.yaml
similarity index 67%
rename from config/samples/cert-manager_cert.yaml
rename to config/manager/certificate.yaml
index f8d3d2b..f18efbd 100644
--- a/config/samples/cert-manager_cert.yaml
+++ b/config/manager/certificate.yaml
@@ -4,11 +4,10 @@ metadata:
   labels:
     app.kubernetes.io/instance: cerberus
   name: cerberus-serving-cert
-  namespace: cerberus-system
 spec:
   dnsNames:
-    - cerberus-cerberus.cerberus-system.svc
-    - cerberus-cerberus.cerberus-system.svc.cluster.local
+    - cerberus.cerberus-system.svc
+    - cerberus.cerberus-system.svc.cluster.local
   issuerRef:
     kind: Issuer
     name: cerberus-cerberus-selfsigned-issuer
diff --git a/config/samples/issuer.yaml b/config/manager/issuer.yaml
similarity index 84%
rename from config/samples/issuer.yaml
rename to config/manager/issuer.yaml
index 042b816..aa8f468 100644
--- a/config/samples/issuer.yaml
+++ b/config/manager/issuer.yaml
@@ -4,6 +4,5 @@ metadata:
   labels:
     app.kubernetes.io/instance: cerberus
   name: cerberus-selfsigned-issuer
-  namespace: cerberus-system
 spec:
   selfSigned: {}
diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
index 5c5f0b8..101e20e 100644
--- a/config/manager/kustomization.yaml
+++ b/config/manager/kustomization.yaml
@@ -1,2 +1,5 @@
 resources:
-- manager.yaml
+  - manager.yaml
+  - service.yaml
+  - certificate.yaml
+  - issuer.yaml
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
index 310ff7c..d88dfd3 100644
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -1,21 +1,7 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  labels:
-    control-plane: controller-manager
-    app.kubernetes.io/name: namespace
-    app.kubernetes.io/instance: system
-    app.kubernetes.io/component: manager
-    app.kubernetes.io/created-by: cerberus
-    app.kubernetes.io/part-of: cerberus
-    app.kubernetes.io/managed-by: kustomize
-  name: system
----
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: controller-manager
-  namespace: system
+  name: cerberus-controller-manager
   labels:
     control-plane: controller-manager
     app.kubernetes.io/name: deployment
diff --git a/config/samples/cerberus_service.yaml b/config/manager/service.yaml
similarity index 100%
rename from config/samples/cerberus_service.yaml
rename to config/manager/service.yaml
diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml
index 731832a..51e4c6c 100644
--- a/config/rbac/kustomization.yaml
+++ b/config/rbac/kustomization.yaml
@@ -1,18 +1,20 @@
+namePrefix: cerberus-
+
 resources:
-# All RBAC will be applied under this service account in
-# the deployment namespace. You may comment out this resource
-# if your manager will use a service account that exists at
-# runtime. Be sure to update RoleBinding and ClusterRoleBinding
-# subjects if changing service account names.
-- service_account.yaml
-- role.yaml
-- role_binding.yaml
-- leader_election_role.yaml
-- leader_election_role_binding.yaml
-# Comment the following 4 lines if you want to disable
-# the auth proxy (https://github.com/brancz/kube-rbac-proxy)
-# which protects your /metrics endpoint.
-- auth_proxy_service.yaml
-- auth_proxy_role.yaml
-- auth_proxy_role_binding.yaml
-- auth_proxy_client_clusterrole.yaml
+  # All RBAC will be applied under this service account in
+  # the deployment namespace. You may comment out this resource
+  # if your manager will use a service account that exists at
+  # runtime. Be sure to update RoleBinding and ClusterRoleBinding
+  # subjects if changing service account names.
+  - service_account.yaml
+  - role.yaml
+  - role_binding.yaml
+  - leader_election_role.yaml
+  - leader_election_role_binding.yaml
+  # Comment the following 4 lines if you want to disable
+  # the auth proxy (https://github.com/brancz/kube-rbac-proxy)
+  # which protects your /metrics endpoint.
+  - auth_proxy_service.yaml
+  - auth_proxy_role.yaml
+  - auth_proxy_role_binding.yaml
+  - auth_proxy_client_clusterrole.yaml
diff --git a/config/samples/cerberus_v1alpha1_accesstoken.yaml b/config/samples/cerberus_v1alpha1_accesstoken.yaml
index 64a8fc0..f2a0605 100644
--- a/config/samples/cerberus_v1alpha1_accesstoken.yaml
+++ b/config/samples/cerberus_v1alpha1_accesstoken.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: sample-access
+  name: cerberus-system.accesstoken-sample
   labels:
     cerberus.snappcloud.io/secret: "true"
 data:
@@ -20,4 +20,4 @@ metadata:
 spec:
   active: Active
   secretRef:
-    name: "cerberus-sample-access"
+    name: "cerberus-system.accesstoken-sample"
diff --git a/config/samples/cerberus_v1alpha1_webserviceaccessbinding.yaml b/config/samples/cerberus_v1alpha1_webserviceaccessbinding.yaml
index 3599274..e0333be 100644
--- a/config/samples/cerberus_v1alpha1_webserviceaccessbinding.yaml
+++ b/config/samples/cerberus_v1alpha1_webserviceaccessbinding.yaml
@@ -10,6 +10,6 @@ metadata:
   name: webserviceaccessbinding-sample
 spec:
   subjects:
-    - cerberus-accesstoken-sample
+    - accesstoken-sample
   webservices:
-    - cerberus-webservice-sample
+    - webservice-sample
diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml
index 6925d98..0f74adc 100644
--- a/config/samples/kustomization.yaml
+++ b/config/samples/kustomization.yaml
@@ -3,10 +3,6 @@ resources:
   - cerberus_v1alpha1_accesstoken.yaml
   - cerberus_v1alpha1_webservice.yaml
   - cerberus_v1alpha1_webserviceaccessbinding.yaml
-  - cerberus_service.yaml
-  - projectcontour_v1_extentionservice.yaml
   - projectcontour_v1_httpproxy.yaml
-  - issuer.yaml
-  - cert-manager_cert.yaml
   - echo_server.yaml
 #+kubebuilder:scaffold:manifestskustomizesamples