✨ use Deployment for v2 scaffolding

Author: Mengqi Yu

pkg/scaffold/api.go

@@ -162,6 +162,7 @@ func (api *API) scaffoldV2() error {
 			&resourcev2.Group{Resource: r},
 			&resourcev2.CRDSample{Resource: r},
 			&crdv2.EnableWebhookPatch{Resource: r},
+			&crdv2.EnableCAInjectionPatch{Resource: r},
 		)
 		if err != nil {
 			return fmt.Errorf("error scaffolding APIs: %v", err)

pkg/scaffold/project.go

@@ -23,14 +23,16 @@ import (
 	"os/exec"
 	"strings"
 
+	"sigs.k8s.io/kubebuilder/cmd/util"
 	"sigs.k8s.io/kubebuilder/pkg/scaffold/input"
 	"sigs.k8s.io/kubebuilder/pkg/scaffold/project"
+	scaffoldv1 "sigs.k8s.io/kubebuilder/pkg/scaffold/v1"
 	"sigs.k8s.io/kubebuilder/pkg/scaffold/v1/manager"
-
-	"sigs.k8s.io/kubebuilder/cmd/util"
+	metricsauthv1 "sigs.k8s.io/kubebuilder/pkg/scaffold/v1/metricsauth"
 	scaffoldv2 "sigs.k8s.io/kubebuilder/pkg/scaffold/v2"
 	"sigs.k8s.io/kubebuilder/pkg/scaffold/v2/certmanager"
 	managerv2 "sigs.k8s.io/kubebuilder/pkg/scaffold/v2/manager"
+	metricsauthv2 "sigs.k8s.io/kubebuilder/pkg/scaffold/v2/metricsauth"
 	"sigs.k8s.io/kubebuilder/pkg/scaffold/v2/webhook"
 )
 
@@ -110,9 +112,9 @@ func (p *V1Project) Scaffold() error {
 		input.Options{ProjectPath: projectInput.Path, BoilerplatePath: bpInput.Path},
 		&project.GitIgnore{},
 		&project.KustomizeRBAC{},
-		&project.KustomizeImagePatch{},
-		&project.KustomizePrometheusMetricsPatch{},
-		&project.KustomizeAuthProxyPatch{},
+		&scaffoldv1.KustomizeImagePatch{},
+		&metricsauthv1.KustomizePrometheusMetricsPatch{},
+		&metricsauthv1.KustomizeAuthProxyPatch{},
 		&project.AuthProxyService{},
 		&project.AuthProxyRole{},
 		&project.AuthProxyRoleBinding{},
@@ -179,9 +181,9 @@ func (p *V2Project) Scaffold() error {
 	return s.Execute(
 		input.Options{ProjectPath: projectInput.Path, BoilerplatePath: bpInput.Path},
 		&project.GitIgnore{},
-		&project.KustomizeImagePatch{},
-		&project.KustomizePrometheusMetricsPatch{},
-		&project.KustomizeAuthProxyPatch{},
+		&scaffoldv2.KustomizeImagePatch{},
+		&metricsauthv2.KustomizePrometheusMetricsPatch{},
+		&metricsauthv2.KustomizeAuthProxyPatch{},
 		&project.AuthProxyService{},
 		&project.AuthProxyRole{},
 		&project.AuthProxyRoleBinding{},
@@ -193,6 +195,8 @@ func (p *V2Project) Scaffold() error {
 		&scaffoldv2.Kustomize{},
 		&scaffoldv2.ManagerWebhookPatch{},
 		&scaffoldv2.ManagerRoleBinding{},
+		&scaffoldv2.LeaderElectionRole{},
+		&scaffoldv2.LeaderElectionRoleBinding{},
 		&scaffoldv2.KustomizeRBAC{},
 		&managerv2.Kustomization{},
 		&webhook.Kustomization{},

pkg/scaffold/project/project_test.go

@@ -14,7 +14,9 @@ import (
 	"sigs.k8s.io/kubebuilder/pkg/scaffold"
 	"sigs.k8s.io/kubebuilder/pkg/scaffold/input"
 	"sigs.k8s.io/kubebuilder/pkg/scaffold/project"
+	scaffoldv1 "sigs.k8s.io/kubebuilder/pkg/scaffold/v1"
 	"sigs.k8s.io/kubebuilder/pkg/scaffold/scaffoldtest"
+	"sigs.k8s.io/kubebuilder/pkg/scaffold/v1/metricsauth"
 )
 
 var _ = Describe("Project", func() {
@@ -247,7 +249,7 @@ Copyright %s Example Owners.
 		})
 		Context("with defaults ", func() {
 			It("should match the golden file", func() {
-				instance := &project.KustomizeImagePatch{}
+				instance := &scaffoldv1.KustomizeImagePatch{}
 				instance.Repo = "project"
 				Expect(s.Execute(input.Options{}, instance)).NotTo(HaveOccurred())
 
@@ -264,7 +266,7 @@ Copyright %s Example Owners.
 		})
 		Context("with defaults ", func() {
 			It("should match the golden file", func() {
-				instance := &project.KustomizePrometheusMetricsPatch{}
+				instance := &metricsauth.KustomizePrometheusMetricsPatch{}
 				instance.Repo = "project"
 				Expect(s.Execute(input.Options{}, instance)).NotTo(HaveOccurred())
 

pkg/scaffold/project/kustomize_image_patch.go renamed to pkg/scaffold/v1/kustomize_image_patch.go

@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-package project
+package v1
 
 import (
 	"path/filepath"

pkg/scaffold/project/kustomize_auth_proxy_patch.go renamed to pkg/scaffold/v1/metricsauth/kustomize_auth_proxy_patch.go

@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-package project
+package metricsauth
 
 import (
 	"path/filepath"

pkg/scaffold/project/kustomize_metrics_patch.go renamed to pkg/scaffold/v1/metricsauth/kustomize_metrics_patch.go

@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-package project
+package metricsauth
 
 import (
 	"path/filepath"

pkg/scaffold/v2/certmanager/kustomize.go

@@ -41,20 +41,24 @@ var kustomizationTemplate = `resources:
 
 # the following config is for teaching kustomize how to do var substitution
 vars:
+- name: NAMESPACE # namespace of the service and the certificate CR
+  objref:
+    kind: Service
+    version: v1
+    name: webhook-service
+  fieldref:
+    fieldpath: metadata.namespace
 - name: CERTIFICATENAME
   objref:
     kind: Certificate
     group: certmanager.k8s.io
     version: v1alpha1
     name: serving-cert # this name should match the one in certificate.yaml
-- name: CERTIFICATENAMESPACE
+- name: SERVICENAME
   objref:
-    kind: Certificate
-    group: certmanager.k8s.io
-    version: v1alpha1
-    name: serving-cert # this name should match the one in certificate.yaml
-  fieldref:
-    fieldpath: metadata.namespace
+    kind: Service
+    version: v1
+    name: webhook-service
 
 configurations:
 - kustomizeconfig.yaml

pkg/scaffold/v2/crd/enablecainjection_patch.go

@@ -0,0 +1,63 @@
+/*
+Copyright 2019 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v2
+
+import (
+	"fmt"
+	"path/filepath"
+	"strings"
+
+	"github.com/markbates/inflect"
+
+	"sigs.k8s.io/kubebuilder/pkg/scaffold/input"
+	"sigs.k8s.io/kubebuilder/pkg/scaffold/v1/resource"
+)
+
+// EnableCAInjectionPatch scaffolds a EnableCAInjectionPatch for a Resource
+type EnableCAInjectionPatch struct {
+	input.Input
+
+	// Resource is the Resource to make the EnableCAInjectionPatch for
+	Resource *resource.Resource
+}
+
+// GetInput implements input.File
+func (p *EnableCAInjectionPatch) GetInput() (input.Input, error) {
+	if p.Path == "" {
+		rs := inflect.NewDefaultRuleset()
+		plural := rs.Pluralize(strings.ToLower(p.Resource.Kind))
+		p.Path = filepath.Join("config", "crd", "patches",
+			fmt.Sprintf("cainjection_in_%s.yaml", plural))
+	}
+	p.TemplateBody = EnableCAInjectionPatchTemplate
+	return p.Input, nil
+}
+
+// Validate validates the values
+func (g *EnableCAInjectionPatch) Validate() error {
+	return g.Resource.Validate()
+}
+
+var EnableCAInjectionPatchTemplate = `# The following patch adds a directive for certmanager to inject CA into the CRD
+# CRD conversion requires k8s 1.13 or later.
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    certmanager.k8s.io/inject-ca-from: $(NAMESPACE)/$(CERTIFICATENAME)
+  name: {{ .Resource.Resource }}.{{ .Resource.Group }}.{{ .Domain }}
+`

pkg/scaffold/v2/crd/enablewebhook_patch.go

@@ -52,13 +52,11 @@ func (g *EnableWebhookPatch) Validate() error {
 	return g.Resource.Validate()
 }
 
-// TODO(mengqiy): plural of the resources
-var enableWebhookPatchTemplate = `# The following patch enables conversion webhook for CRDw
+var enableWebhookPatchTemplate = `# The following patch enables conversion webhook for CRD
+# CRD conversion requires k8s 1.13 or later.
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
-  annotations:
-    certmanager.k8s.io/inject-ca-from: $(NAMESPACE)/$(CERTIFICATENAME)
   name: {{ .Resource.Resource }}.{{ .Resource.Group }}.{{ .Domain }}
 spec:
   conversion:
@@ -68,7 +66,7 @@ spec:
       # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
       caBundle: Cg==
       service:
-        namespace: $(NAMESPACE)
+        namespace: system
         name: webhook-service
-        path: /convert-{{ lower .Resource.Kind }}
+        path: /convert
 `

pkg/scaffold/v2/crd/kustomization.go

@@ -29,8 +29,9 @@ import (
 )
 
 const (
-	kustomizeResourceScaffoldMarker = "# +kubebuilder:scaffold:kustomizeresource"
-	kustomizePatchScaffoldMarker    = "# +kubebuilder:scaffold:kustomizepatch"
+	kustomizeResourceScaffoldMarker         = "# +kubebuilder:scaffold:crdkustomizeresource"
+	kustomizeWebhookPatchScaffoldMarker     = "# +kubebuilder:scaffold:crdkustomizewebhookpatch"
+	kustomizeCAInjectionPatchScaffoldMarker = "# +kubebuilder:scaffold:crdkustomizecainjectionpatch"
 )
 
 var _ input.File = &Kustomization{}
@@ -64,12 +65,14 @@ func (c *Kustomization) Update() error {
 	plural := rs.Pluralize(strings.ToLower(c.Resource.Kind))
 
 	kustomizeResourceCodeFragment := fmt.Sprintf("- bases/%s.%s_%s.yaml\n", c.Resource.Group, c.Domain, plural)
-	kustomizePatchCodeFragment := fmt.Sprintf("#- patches/webhook_in_%s.yaml\n", plural)
+	kustomizeWebhookPatchCodeFragment := fmt.Sprintf("#- patches/webhook_in_%s.yaml\n", plural)
+	kustomizeCAInjectionPatchCodeFragment := fmt.Sprintf("#- patches/cainjection_in_%s.yaml\n", plural)
 
 	return internal.InsertStringsInFile(c.Path,
 		map[string][]string{
-			kustomizeResourceScaffoldMarker: []string{kustomizeResourceCodeFragment},
-			kustomizePatchScaffoldMarker:    []string{kustomizePatchCodeFragment},
+			kustomizeResourceScaffoldMarker:         {kustomizeResourceCodeFragment},
+			kustomizeWebhookPatchScaffoldMarker:     {kustomizeWebhookPatchCodeFragment},
+			kustomizeCAInjectionPatchScaffoldMarker: {kustomizeCAInjectionPatchCodeFragment},
 		})
 }
 
@@ -80,10 +83,13 @@ resources:
 %s
 
 patches:
-# patches here are for enabling the conversion webhook for each CRD
+# [WEBHOOK] patches here are for enabling the conversion webhook for each CRD
+%s
+
+# [CAINJECTION] patches here are for enabling the CA injection for each CRD
 %s
 
 # the following config is for teaching kustomize how to do kustomization for CRDs.
 configurations:
 - kustomizeconfig.yaml
-`, kustomizeResourceScaffoldMarker, kustomizePatchScaffoldMarker)
+`, kustomizeResourceScaffoldMarker, kustomizeWebhookPatchScaffoldMarker, kustomizeCAInjectionPatchScaffoldMarker)

pkg/scaffold/v2/crd/kustomizeconfig.go

@@ -48,9 +48,12 @@ nameReference:
     group: apiextensions.k8s.io
     path: spec/conversion/webhookClientConfig/service/name
 
-varReference:
-- path: metadata/annotations
+namespace:
 - kind: CustomResourceDefinition
   group: apiextensions.k8s.io
   path: spec/conversion/webhookClientConfig/service/namespace
+  create: false
+
+varReference:
+- path: metadata/annotations
 `

pkg/scaffold/v2/kustomize.go

@@ -69,9 +69,9 @@ bases:
 - ../crd
 - ../rbac
 - ../manager
-# [WEBHOOK] Uncomment all the sections with [WEBHOOK] prefix to enable webhook.
+# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in crd/kustomization.yaml
 #- ../webhook
-# [CERTMANAGER] Uncomment next line to enable cert-manager
+# [CERTMANAGER] To enable cert-manager, uncomment next line. 'WEBHOOK' components are required.
 #- ../certmanager
 
 patches:
@@ -87,10 +87,11 @@ patches:
   # manager_prometheus_metrics_patch.yaml should be enabled.
 #- manager_prometheus_metrics_patch.yaml
 
-# [WEBHOOK] Uncomment all the sections with [WEBHOOK] prefix to enable webhook.
+# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in crd/kustomization.yaml
 #- manager_webhook_patch.yaml
 
-# [CAINJECTION] Uncomment next line to enable the CA injection in the admission webhooks. [CERTMANAGER] needs to be
-# enabled to use ca injection
+# [CAINJECTION] Uncomment next line to enable the CA injection in the admission webhooks.
+# Uncomment 'CAINJECTION' in crd/kustomization.yaml to enable the CA injection in the admission webhooks.
+# 'CERTMANAGER' needs to be enabled to use ca injection
 #- webhookcainjection_patch.yaml
 `

pkg/scaffold/v2/kustomize_image_patch.go

@@ -0,0 +1,61 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v2
+
+import (
+	"path/filepath"
+
+	"sigs.k8s.io/kubebuilder/pkg/scaffold/input"
+)
+
+var _ input.File = &KustomizeImagePatch{}
+
+// KustomizeImagePatch scaffolds the patch file for customizing image URL
+// manifest file for manager resource.
+type KustomizeImagePatch struct {
+	input.Input
+
+	// ImageURL to use for controller image in manager's manifest.
+	ImageURL string
+}
+
+// GetInput implements input.File
+func (c *KustomizeImagePatch) GetInput() (input.Input, error) {
+	if c.Path == "" {
+		c.Path = filepath.Join("config", "default", "manager_image_patch.yaml")
+	}
+	if c.ImageURL == "" {
+		c.ImageURL = "IMAGE_URL"
+	}
+	c.TemplateBody = kustomizeImagePatchTemplate
+	c.Input.IfExistsAction = input.Error
+	return c.Input, nil
+}
+
+var kustomizeImagePatchTemplate = `apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+      # Change the value of image field below to your controller image URL
+      - image: {{ .ImageURL }}
+        name: manager
+`