├── .gitattributes ├── .github ├── ISSUE_TEMPLATE │ ├── bug_report.md │ ├── feature_request.md │ └── support-question.md ├── PULL_REQUEST_TEMPLATE.md └── workflows │ ├── go.yml │ ├── golangci-lint.yml │ └── verify.yml ├── .gitignore ├── .golangci.yml ├── .mergify.yml ├── .travis.yml ├── BUILD.bazel ├── CONTRIBUTING.md ├── DESIGN.md ├── LICENSE ├── Makefile ├── OWNERS ├── OWNERS_ALIASES ├── README.md ├── RELEASE.md ├── SECURITY_CONTACTS ├── VERSIONING.md ├── WORKSPACE ├── build ├── .goreleaser.yml ├── build_kubebuilder.sh ├── cloudbuild.yaml ├── cloudbuild_local.yaml ├── cloudbuild_snapshot.yaml ├── package.sh ├── test.sh └── thirdparty │ ├── darwin │ └── Dockerfile │ └── linux │ └── Dockerfile ├── check_testdata.sh ├── cmd ├── completion.go ├── edit.go ├── main.go └── version │ └── version.go ├── code-of-conduct.md ├── common.sh ├── designs ├── README.md ├── assets │ └── version_diagram.png ├── crd_version_conversion.md ├── extensible-cli-and-scaffolding-plugins-phase-1.md ├── integrating-kubebuilder-and-osdk.md ├── simplified-scaffolding.md └── template.md ├── docs ├── CONTRIBUTING-ROLES.md ├── README.md ├── book │ ├── .firebaserc │ ├── Dockerfile │ ├── README.md │ ├── book.toml │ ├── getting_started │ │ ├── hello_world.md │ │ ├── installation_and_setup.md │ │ ├── what_is_kubebuilder.md │ │ └── why_kubernetes.md │ ├── install-and-build.sh │ ├── litgo.sh │ ├── markerdocs.sh │ ├── src │ │ ├── 404.md │ │ ├── SUMMARY.md │ │ ├── TODO.md │ │ ├── cronjob-tutorial │ │ │ ├── api-design.md │ │ │ ├── basic-project.md │ │ │ ├── cert-manager.md │ │ │ ├── controller-implementation.md │ │ │ ├── controller-overview.md │ │ │ ├── cronjob-tutorial.md │ │ │ ├── empty-main.md │ │ │ ├── epilogue.md │ │ │ ├── gvks.md │ │ │ ├── main-revisited.md │ │ │ ├── new-api.md │ │ │ ├── other-api-files.md │ │ │ ├── running-webhook.md │ │ │ ├── running.md │ │ │ ├── testdata │ │ │ │ ├── emptyapi.go │ │ │ │ ├── emptycontroller.go │ │ │ │ ├── emptymain.go │ │ │ │ ├── finalizer_example.go │ │ │ │ ├── generate_cronjob.sh │ │ │ │ └── project │ │ │ │ │ ├── .dockerignore │ │ │ │ │ ├── .gitignore │ │ │ │ │ ├── Dockerfile │ │ │ │ │ ├── Makefile │ │ │ │ │ ├── PROJECT │ │ │ │ │ ├── api │ │ │ │ │ └── v1 │ │ │ │ │ │ ├── cronjob_types.go │ │ │ │ │ │ ├── cronjob_webhook.go │ │ │ │ │ │ ├── groupversion_info.go │ │ │ │ │ │ └── zz_generated.deepcopy.go │ │ │ │ │ ├── config │ │ │ │ │ ├── certmanager │ │ │ │ │ │ ├── certificate.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── kustomizeconfig.yaml │ │ │ │ │ ├── crd │ │ │ │ │ │ ├── bases │ │ │ │ │ │ │ └── batch.tutorial.kubebuilder.io_cronjobs.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ │ └── patches │ │ │ │ │ │ │ ├── cainjection_in_cronjobs.yaml │ │ │ │ │ │ │ └── webhook_in_cronjobs.yaml │ │ │ │ │ ├── default │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── manager_auth_proxy_patch.yaml │ │ │ │ │ │ ├── manager_webhook_patch.yaml │ │ │ │ │ │ └── webhookcainjection_patch.yaml │ │ │ │ │ ├── manager │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── manager.yaml │ │ │ │ │ ├── prometheus │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── monitor.yaml │ │ │ │ │ ├── rbac │ │ │ │ │ │ ├── auth_proxy_client_clusterrole.yaml │ │ │ │ │ │ ├── auth_proxy_role.yaml │ │ │ │ │ │ ├── auth_proxy_role_binding.yaml │ │ │ │ │ │ ├── auth_proxy_service.yaml │ │ │ │ │ │ ├── cronjob_editor_role.yaml │ │ │ │ │ │ ├── cronjob_viewer_role.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── leader_election_role.yaml │ │ │ │ │ │ ├── leader_election_role_binding.yaml │ │ │ │ │ │ ├── role.yaml │ │ │ │ │ │ └── role_binding.yaml │ │ │ │ │ ├── samples │ │ │ │ │ │ └── batch_v1_cronjob.yaml │ │ │ │ │ └── webhook │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ │ ├── manifests.yaml │ │ │ │ │ │ └── service.yaml │ │ │ │ │ ├── controllers │ │ │ │ │ ├── cronjob_controller.go │ │ │ │ │ ├── cronjob_controller_test.go │ │ │ │ │ └── suite_test.go │ │ │ │ │ ├── go.mod │ │ │ │ │ ├── go.sum │ │ │ │ │ ├── hack │ │ │ │ │ └── boilerplate.go.txt │ │ │ │ │ └── main.go │ │ │ ├── webhook-implementation.md │ │ │ └── writing-tests.md │ │ ├── introduction.md │ │ ├── logos │ │ │ ├── README.md │ │ │ ├── favicon.png │ │ │ └── logo-single-line.png │ │ ├── migration │ │ │ ├── guide.md │ │ │ ├── multi-group.md │ │ │ └── v1vsv2.md │ │ ├── migrations.md │ │ ├── multiversion-tutorial │ │ │ ├── api-changes.md │ │ │ ├── complete-graph-8.svg │ │ │ ├── conversion-concepts.md │ │ │ ├── conversion-diagram.svg │ │ │ ├── conversion.md │ │ │ ├── deployment.md │ │ │ ├── hub-spoke-graph.svg │ │ │ ├── testdata │ │ │ │ ├── generate_multiversion.sh │ │ │ │ └── project │ │ │ │ │ ├── .dockerignore │ │ │ │ │ ├── .gitignore │ │ │ │ │ ├── Dockerfile │ │ │ │ │ ├── Makefile │ │ │ │ │ ├── PROJECT │ │ │ │ │ ├── api │ │ │ │ │ ├── v1 │ │ │ │ │ │ ├── cronjob_conversion.go │ │ │ │ │ │ ├── cronjob_types.go │ │ │ │ │ │ ├── cronjob_webhook.go │ │ │ │ │ │ ├── groupversion_info.go │ │ │ │ │ │ └── zz_generated.deepcopy.go │ │ │ │ │ └── v2 │ │ │ │ │ │ ├── cronjob_conversion.go │ │ │ │ │ │ ├── cronjob_types.go │ │ │ │ │ │ ├── cronjob_webhook.go │ │ │ │ │ │ ├── groupversion_info.go │ │ │ │ │ │ └── zz_generated.deepcopy.go │ │ │ │ │ ├── config │ │ │ │ │ ├── certmanager │ │ │ │ │ ├── crd │ │ │ │ │ │ ├── bases │ │ │ │ │ │ │ └── batch.tutorial.kubebuilder.io_cronjobs.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ │ └── patches │ │ │ │ │ │ │ ├── cainjection_in_cronjobs.yaml │ │ │ │ │ │ │ └── webhook_in_cronjobs.yaml │ │ │ │ │ ├── default │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── manager_auth_proxy_patch.yaml │ │ │ │ │ │ ├── manager_webhook_patch.yaml │ │ │ │ │ │ └── webhookcainjection_patch.yaml │ │ │ │ │ ├── manager │ │ │ │ │ ├── prometheus │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── monitor.yaml │ │ │ │ │ ├── rbac │ │ │ │ │ ├── samples │ │ │ │ │ │ ├── batch_v1_cronjob.yaml │ │ │ │ │ │ └── batch_v2_cronjob.yaml │ │ │ │ │ └── webhook │ │ │ │ │ ├── controllers │ │ │ │ │ ├── cronjob_controller.go │ │ │ │ │ └── suite_test.go │ │ │ │ │ ├── go.mod │ │ │ │ │ ├── go.sum │ │ │ │ │ ├── hack │ │ │ │ │ └── boilerplate.go.txt │ │ │ │ │ └── main.go │ │ │ ├── tutorial.md │ │ │ └── webhooks.md │ │ ├── quick-start.md │ │ └── reference │ │ │ ├── admission-webhook.md │ │ │ ├── artifacts.md │ │ │ ├── completion.md │ │ │ ├── controller-gen.md │ │ │ ├── envtest.md │ │ │ ├── generating-crd.md │ │ │ ├── kind.md │ │ │ ├── makefile-helpers.md │ │ │ ├── markers.md │ │ │ ├── markers │ │ │ ├── crd-processing.md │ │ │ ├── crd-validation.md │ │ │ ├── crd.md │ │ │ ├── object.md │ │ │ ├── rbac.md │ │ │ └── webhook.md │ │ │ ├── metrics.md │ │ │ ├── reference.md │ │ │ ├── using-finalizers.md │ │ │ ├── webhook-for-core-types.md │ │ │ ├── webhook-overview.md │ │ │ └── writing-tests.md │ ├── term.md │ ├── theme │ │ ├── css │ │ │ ├── custom.css │ │ │ └── markers.css │ │ ├── header.hbs │ │ └── index.hbs │ └── utils │ │ ├── go.mod │ │ ├── go.sum │ │ ├── litgo │ │ └── literate.go │ │ ├── markerdocs │ │ ├── doctypes.go │ │ ├── html.go │ │ └── main.go │ │ └── plugin │ │ ├── input.go │ │ ├── plugin.go │ │ └── utils.go ├── gif │ ├── implementapi.gif │ ├── kb-demo.v2.0.1.svg │ ├── quickstart-1.0.0.gif │ └── quickstart.gif ├── kubebuilder_annotation.md ├── kubebuilder_v0_v1_difference.md ├── migration_guide.md ├── testing │ ├── e2e.md │ └── integration.md └── using_an_external_type.md ├── generate_testdata.sh ├── go.mod ├── go.sum ├── internal ├── cmdutil │ └── cmdutil.go └── config │ ├── config.go │ ├── config_suite_test.go │ └── config_test.go ├── netlify.toml ├── pkg ├── cli │ ├── alpha.go │ ├── api.go │ ├── cli.go │ ├── cli_suite_test.go │ ├── cli_test.go │ ├── cmd_helpers.go │ ├── create.go │ ├── init.go │ ├── plugins.go │ ├── plugins_test.go │ └── webhook.go ├── internal │ └── validation │ │ ├── dns.go │ │ └── project.go ├── model │ ├── config │ │ ├── config.go │ │ ├── config_suite_test.go │ │ └── config_test.go │ ├── file │ │ ├── errors.go │ │ ├── file.go │ │ ├── funcmap.go │ │ ├── interfaces.go │ │ ├── marker.go │ │ └── mixins.go │ ├── plugin.go │ ├── resource │ │ ├── options.go │ │ ├── options_test.go │ │ ├── resource.go │ │ ├── resource_suite_test.go │ │ └── resource_test.go │ └── universe.go └── plugin │ ├── interfaces.go │ ├── internal │ ├── filesystem │ │ ├── errors.go │ │ ├── errors_test.go │ │ ├── filesystem.go │ │ ├── filesystem_test.go │ │ ├── mock.go │ │ └── mock_test.go │ ├── machinery │ │ ├── errors.go │ │ ├── errors_test.go │ │ ├── scaffold.go │ │ └── scaffold_test.go │ └── util │ │ ├── exec.go │ │ ├── go_version.go │ │ ├── go_version_test.go │ │ ├── repository.go │ │ └── stdin.go │ ├── plugin.go │ ├── plugin_test.go │ ├── scaffold │ └── interface.go │ ├── v2 │ ├── api.go │ ├── init.go │ ├── plugin.go │ ├── scaffolds │ │ ├── api.go │ │ ├── doc.go │ │ ├── edit.go │ │ ├── init.go │ │ ├── internal │ │ │ └── templates │ │ │ │ ├── authproxyrole.go │ │ │ │ ├── authproxyrolebinding.go │ │ │ │ ├── boilerplate.go │ │ │ │ ├── certmanager │ │ │ │ ├── certificate.go │ │ │ │ ├── kustomize.go │ │ │ │ └── kustomizeconfig.go │ │ │ │ ├── controller │ │ │ │ ├── controller.go │ │ │ │ └── controller_suitetest.go │ │ │ │ ├── crd │ │ │ │ ├── enablecainjection_patch.go │ │ │ │ ├── enablewebhook_patch.go │ │ │ │ ├── kustomization.go │ │ │ │ └── kustomizeconfig.go │ │ │ │ ├── crd_editor_rbac.go │ │ │ │ ├── crd_sample.go │ │ │ │ ├── crd_viewer_rbac.go │ │ │ │ ├── dockerfile.go │ │ │ │ ├── gitignore.go │ │ │ │ ├── gomod.go │ │ │ │ ├── group.go │ │ │ │ ├── kustomize.go │ │ │ │ ├── leaderelectionrole.go │ │ │ │ ├── leaderelectionrolebinding.go │ │ │ │ ├── main.go │ │ │ │ ├── makefile.go │ │ │ │ ├── manager │ │ │ │ ├── config.go │ │ │ │ └── kustomization.go │ │ │ │ ├── metricsauth │ │ │ │ ├── auth_proxy_patch.go │ │ │ │ ├── authproxyservice.go │ │ │ │ └── clientclusterrole.go │ │ │ │ ├── mgrrolebinding.go │ │ │ │ ├── prometheus │ │ │ │ ├── kustomize.go │ │ │ │ └── monitor.go │ │ │ │ ├── rbac.go │ │ │ │ ├── types.go │ │ │ │ ├── webhook │ │ │ │ ├── enablecainection_patch.go │ │ │ │ ├── kustomization.go │ │ │ │ ├── kustomizeconfig.go │ │ │ │ ├── service.go │ │ │ │ └── webhook.go │ │ │ │ └── webhook_manager_patch.go │ │ └── webhook.go │ └── webhook.go │ └── v3 │ ├── api.go │ ├── init.go │ ├── plugin.go │ ├── scaffolds │ ├── api.go │ ├── doc.go │ ├── edit.go │ ├── init.go │ ├── internal │ │ └── templates │ │ │ ├── config │ │ │ ├── api │ │ │ │ ├── group.go │ │ │ │ ├── types.go │ │ │ │ └── webhook.go │ │ │ ├── certmanager │ │ │ │ ├── certificate.go │ │ │ │ ├── kustomize.go │ │ │ │ └── kustomizeconfig.go │ │ │ ├── controller │ │ │ │ ├── controller.go │ │ │ │ └── controller_suitetest.go │ │ │ ├── crd │ │ │ │ ├── enablecainjection_patch.go │ │ │ │ ├── enablewebhook_patch.go │ │ │ │ ├── kustomization.go │ │ │ │ └── kustomizeconfig.go │ │ │ ├── hack │ │ │ │ └── boilerplate.go │ │ │ ├── kdefault │ │ │ │ ├── auth_proxy_patch.go │ │ │ │ ├── enablecainection_patch.go │ │ │ │ ├── kustomize.go │ │ │ │ └── webhook_manager_patch.go │ │ │ ├── manager │ │ │ │ ├── config.go │ │ │ │ └── kustomization.go │ │ │ ├── prometheus │ │ │ │ ├── kustomize.go │ │ │ │ └── monitor.go │ │ │ ├── rbac │ │ │ │ ├── auth_proxy_role.go │ │ │ │ ├── auth_proxy_rolebinding.go │ │ │ │ ├── auth_proxy_service.go │ │ │ │ ├── client_cluster_role.go │ │ │ │ ├── crd_editor_rbac.go │ │ │ │ ├── crd_viewer_rbac.go │ │ │ │ ├── leader_election_role.go │ │ │ │ ├── leader_election_rolebinding.go │ │ │ │ ├── manager_role_binding.go │ │ │ │ └── rbac.go │ │ │ ├── samples │ │ │ │ └── crd_sample.go │ │ │ └── webhook │ │ │ │ ├── kustomization.go │ │ │ │ ├── kustomizeconfig.go │ │ │ │ └── service.go │ │ │ ├── dockerfile.go │ │ │ ├── dockerignorefile.go │ │ │ ├── gitignore.go │ │ │ ├── gomod.go │ │ │ ├── main.go │ │ │ └── makefile.go │ └── webhook.go │ └── webhook.go ├── plugins ├── README.md └── addon │ ├── channel.go │ ├── controller.go │ ├── helpers.go │ ├── manifest.go │ ├── plugin.go │ └── type.go ├── scripts ├── demo │ ├── README.md │ ├── run.sh │ └── util.sh ├── install.sh └── setup.sh ├── test.sh ├── test ├── e2e │ ├── utils │ │ ├── kubectl.go │ │ ├── test_context.go │ │ └── util.go │ ├── v2 │ │ ├── e2e_suite.go │ │ └── e2e_test.go │ └── v3 │ │ ├── e2e_suite.go │ │ └── e2e_test.go └── kind-config.yaml ├── test_e2e.sh ├── test_e2e_local.sh └── testdata ├── project-v2-addon ├── .gitignore ├── Dockerfile ├── Makefile ├── PROJECT ├── api │ └── v1 │ │ ├── admiral_types.go │ │ ├── captain_types.go │ │ ├── firstmate_types.go │ │ ├── groupversion_info.go │ │ └── zz_generated.deepcopy.go ├── channels │ ├── packages │ │ ├── admiral │ │ │ └── 0.0.1 │ │ │ │ └── manifest.yaml │ │ ├── captain │ │ │ └── 0.0.1 │ │ │ │ └── manifest.yaml │ │ └── firstmate │ │ │ └── 0.0.1 │ │ │ └── manifest.yaml │ └── stable ├── config │ ├── certmanager │ │ ├── certificate.yaml │ │ ├── kustomization.yaml │ │ └── kustomizeconfig.yaml │ ├── crd │ │ ├── bases │ │ │ ├── crew.testproject.org_admirals.yaml │ │ │ ├── crew.testproject.org_captains.yaml │ │ │ └── crew.testproject.org_firstmates.yaml │ │ ├── kustomization.yaml │ │ ├── kustomizeconfig.yaml │ │ └── patches │ │ │ ├── cainjection_in_admirals.yaml │ │ │ ├── cainjection_in_captains.yaml │ │ │ ├── cainjection_in_firstmates.yaml │ │ │ ├── webhook_in_admirals.yaml │ │ │ ├── webhook_in_captains.yaml │ │ │ └── webhook_in_firstmates.yaml │ ├── default │ │ ├── kustomization.yaml │ │ ├── manager_auth_proxy_patch.yaml │ │ ├── manager_webhook_patch.yaml │ │ └── webhookcainjection_patch.yaml │ ├── manager │ │ ├── kustomization.yaml │ │ └── manager.yaml │ ├── prometheus │ │ ├── kustomization.yaml │ │ └── monitor.yaml │ ├── rbac │ │ ├── admiral_editor_role.yaml │ │ ├── admiral_viewer_role.yaml │ │ ├── auth_proxy_client_clusterrole.yaml │ │ ├── auth_proxy_role.yaml │ │ ├── auth_proxy_role_binding.yaml │ │ ├── auth_proxy_service.yaml │ │ ├── captain_editor_role.yaml │ │ ├── captain_viewer_role.yaml │ │ ├── firstmate_editor_role.yaml │ │ ├── firstmate_viewer_role.yaml │ │ ├── kustomization.yaml │ │ ├── leader_election_role.yaml │ │ ├── leader_election_role_binding.yaml │ │ ├── role.yaml │ │ └── role_binding.yaml │ ├── samples │ │ ├── crew_v1_admiral.yaml │ │ ├── crew_v1_captain.yaml │ │ └── crew_v1_firstmate.yaml │ └── webhook │ │ ├── kustomization.yaml │ │ ├── kustomizeconfig.yaml │ │ └── service.yaml ├── controllers │ ├── admiral_controller.go │ ├── captain_controller.go │ ├── firstmate_controller.go │ └── suite_test.go ├── go.mod ├── hack │ └── boilerplate.go.txt └── main.go ├── project-v2-multigroup ├── .gitignore ├── Dockerfile ├── Makefile ├── PROJECT ├── apis │ ├── crew │ │ └── v1 │ │ │ ├── captain_types.go │ │ │ ├── captain_webhook.go │ │ │ ├── groupversion_info.go │ │ │ └── zz_generated.deepcopy.go │ ├── foo.policy │ │ └── v1 │ │ │ ├── groupversion_info.go │ │ │ ├── healthcheckpolicy_types.go │ │ │ └── zz_generated.deepcopy.go │ ├── sea-creatures │ │ ├── v1beta1 │ │ │ ├── groupversion_info.go │ │ │ ├── kraken_types.go │ │ │ └── zz_generated.deepcopy.go │ │ └── v1beta2 │ │ │ ├── groupversion_info.go │ │ │ ├── leviathan_types.go │ │ │ └── zz_generated.deepcopy.go │ └── ship │ │ ├── v1 │ │ ├── destroyer_types.go │ │ ├── groupversion_info.go │ │ └── zz_generated.deepcopy.go │ │ ├── v1beta1 │ │ ├── frigate_types.go │ │ ├── frigate_webhook.go │ │ ├── groupversion_info.go │ │ └── zz_generated.deepcopy.go │ │ └── v2alpha1 │ │ ├── cruiser_types.go │ │ ├── groupversion_info.go │ │ └── zz_generated.deepcopy.go ├── config │ ├── certmanager │ │ ├── certificate.yaml │ │ ├── kustomization.yaml │ │ └── kustomizeconfig.yaml │ ├── crd │ │ ├── bases │ │ │ ├── crew.testproject.org_captains.yaml │ │ │ ├── foo.policy.testproject.org_healthcheckpolicies.yaml │ │ │ ├── sea-creatures.testproject.org_krakens.yaml │ │ │ ├── sea-creatures.testproject.org_leviathans.yaml │ │ │ ├── ship.testproject.org_cruisers.yaml │ │ │ ├── ship.testproject.org_destroyers.yaml │ │ │ └── ship.testproject.org_frigates.yaml │ │ ├── kustomization.yaml │ │ ├── kustomizeconfig.yaml │ │ └── patches │ │ │ ├── cainjection_in_captains.yaml │ │ │ ├── cainjection_in_cruisers.yaml │ │ │ ├── cainjection_in_destroyers.yaml │ │ │ ├── cainjection_in_frigates.yaml │ │ │ ├── cainjection_in_healthcheckpolicies.yaml │ │ │ ├── cainjection_in_krakens.yaml │ │ │ ├── cainjection_in_leviathans.yaml │ │ │ ├── webhook_in_captains.yaml │ │ │ ├── webhook_in_cruisers.yaml │ │ │ ├── webhook_in_destroyers.yaml │ │ │ ├── webhook_in_frigates.yaml │ │ │ ├── webhook_in_healthcheckpolicies.yaml │ │ │ ├── webhook_in_krakens.yaml │ │ │ └── webhook_in_leviathans.yaml │ ├── default │ │ ├── kustomization.yaml │ │ ├── manager_auth_proxy_patch.yaml │ │ ├── manager_webhook_patch.yaml │ │ └── webhookcainjection_patch.yaml │ ├── manager │ │ ├── kustomization.yaml │ │ └── manager.yaml │ ├── prometheus │ │ ├── kustomization.yaml │ │ └── monitor.yaml │ ├── rbac │ │ ├── auth_proxy_client_clusterrole.yaml │ │ ├── auth_proxy_role.yaml │ │ ├── auth_proxy_role_binding.yaml │ │ ├── auth_proxy_service.yaml │ │ ├── captain_editor_role.yaml │ │ ├── captain_viewer_role.yaml │ │ ├── cruiser_editor_role.yaml │ │ ├── cruiser_viewer_role.yaml │ │ ├── destroyer_editor_role.yaml │ │ ├── destroyer_viewer_role.yaml │ │ ├── frigate_editor_role.yaml │ │ ├── frigate_viewer_role.yaml │ │ ├── healthcheckpolicy_editor_role.yaml │ │ ├── healthcheckpolicy_viewer_role.yaml │ │ ├── kraken_editor_role.yaml │ │ ├── kraken_viewer_role.yaml │ │ ├── kustomization.yaml │ │ ├── leader_election_role.yaml │ │ ├── leader_election_role_binding.yaml │ │ ├── leviathan_editor_role.yaml │ │ ├── leviathan_viewer_role.yaml │ │ ├── role.yaml │ │ └── role_binding.yaml │ ├── samples │ │ ├── crew_v1_captain.yaml │ │ ├── foo.policy_v1_healthcheckpolicy.yaml │ │ ├── sea-creatures_v1beta1_kraken.yaml │ │ ├── sea-creatures_v1beta2_leviathan.yaml │ │ ├── ship_v1_destroyer.yaml │ │ ├── ship_v1beta1_frigate.yaml │ │ └── ship_v2alpha1_cruiser.yaml │ └── webhook │ │ ├── kustomization.yaml │ │ ├── kustomizeconfig.yaml │ │ ├── manifests.yaml │ │ └── service.yaml ├── controllers │ ├── crew │ │ ├── captain_controller.go │ │ └── suite_test.go │ ├── foo.policy │ │ ├── healthcheckpolicy_controller.go │ │ └── suite_test.go │ ├── sea-creatures │ │ ├── kraken_controller.go │ │ ├── leviathan_controller.go │ │ └── suite_test.go │ └── ship │ │ ├── cruiser_controller.go │ │ ├── destroyer_controller.go │ │ ├── frigate_controller.go │ │ └── suite_test.go ├── go.mod ├── hack │ └── boilerplate.go.txt └── main.go ├── project-v2 ├── .gitignore ├── Dockerfile ├── Makefile ├── PROJECT ├── api │ └── v1 │ │ ├── admiral_types.go │ │ ├── captain_types.go │ │ ├── captain_webhook.go │ │ ├── firstmate_types.go │ │ ├── firstmate_webhook.go │ │ ├── groupversion_info.go │ │ └── zz_generated.deepcopy.go ├── config │ ├── certmanager │ │ ├── certificate.yaml │ │ ├── kustomization.yaml │ │ └── kustomizeconfig.yaml │ ├── crd │ │ ├── bases │ │ │ ├── crew.testproject.org_admirals.yaml │ │ │ ├── crew.testproject.org_captains.yaml │ │ │ └── crew.testproject.org_firstmates.yaml │ │ ├── kustomization.yaml │ │ ├── kustomizeconfig.yaml │ │ └── patches │ │ │ ├── cainjection_in_admirals.yaml │ │ │ ├── cainjection_in_captains.yaml │ │ │ ├── cainjection_in_firstmates.yaml │ │ │ ├── webhook_in_admirals.yaml │ │ │ ├── webhook_in_captains.yaml │ │ │ └── webhook_in_firstmates.yaml │ ├── default │ │ ├── kustomization.yaml │ │ ├── manager_auth_proxy_patch.yaml │ │ ├── manager_webhook_patch.yaml │ │ └── webhookcainjection_patch.yaml │ ├── manager │ │ ├── kustomization.yaml │ │ └── manager.yaml │ ├── prometheus │ │ ├── kustomization.yaml │ │ └── monitor.yaml │ ├── rbac │ │ ├── admiral_editor_role.yaml │ │ ├── admiral_viewer_role.yaml │ │ ├── auth_proxy_client_clusterrole.yaml │ │ ├── auth_proxy_role.yaml │ │ ├── auth_proxy_role_binding.yaml │ │ ├── auth_proxy_service.yaml │ │ ├── captain_editor_role.yaml │ │ ├── captain_viewer_role.yaml │ │ ├── firstmate_editor_role.yaml │ │ ├── firstmate_viewer_role.yaml │ │ ├── kustomization.yaml │ │ ├── leader_election_role.yaml │ │ ├── leader_election_role_binding.yaml │ │ ├── role.yaml │ │ └── role_binding.yaml │ ├── samples │ │ ├── crew_v1_admiral.yaml │ │ ├── crew_v1_captain.yaml │ │ └── crew_v1_firstmate.yaml │ └── webhook │ │ ├── kustomization.yaml │ │ ├── kustomizeconfig.yaml │ │ ├── manifests.yaml │ │ └── service.yaml ├── controllers │ ├── admiral_controller.go │ ├── captain_controller.go │ ├── firstmate_controller.go │ └── suite_test.go ├── go.mod ├── hack │ └── boilerplate.go.txt └── main.go ├── project-v3-addon ├── .dockerignore ├── .gitignore ├── Dockerfile ├── Makefile ├── PROJECT ├── api │ └── v1 │ │ ├── admiral_types.go │ │ ├── captain_types.go │ │ ├── firstmate_types.go │ │ ├── groupversion_info.go │ │ └── zz_generated.deepcopy.go ├── channels │ ├── packages │ │ ├── admiral │ │ │ └── 0.0.1 │ │ │ │ └── manifest.yaml │ │ ├── captain │ │ │ └── 0.0.1 │ │ │ │ └── manifest.yaml │ │ └── firstmate │ │ │ └── 0.0.1 │ │ │ └── manifest.yaml │ └── stable ├── config │ ├── certmanager │ │ ├── certificate.yaml │ │ ├── kustomization.yaml │ │ └── kustomizeconfig.yaml │ ├── crd │ │ ├── bases │ │ │ ├── crew.testproject.org_admirals.yaml │ │ │ ├── crew.testproject.org_captains.yaml │ │ │ └── crew.testproject.org_firstmates.yaml │ │ ├── kustomization.yaml │ │ ├── kustomizeconfig.yaml │ │ └── patches │ │ │ ├── cainjection_in_admirals.yaml │ │ │ ├── cainjection_in_captains.yaml │ │ │ ├── cainjection_in_firstmates.yaml │ │ │ ├── webhook_in_admirals.yaml │ │ │ ├── webhook_in_captains.yaml │ │ │ └── webhook_in_firstmates.yaml │ ├── default │ │ ├── kustomization.yaml │ │ ├── manager_auth_proxy_patch.yaml │ │ └── manager_webhook_patch.yaml │ ├── manager │ │ ├── kustomization.yaml │ │ └── manager.yaml │ ├── prometheus │ │ ├── kustomization.yaml │ │ └── monitor.yaml │ ├── rbac │ │ ├── admiral_editor_role.yaml │ │ ├── admiral_viewer_role.yaml │ │ ├── auth_proxy_client_clusterrole.yaml │ │ ├── auth_proxy_role.yaml │ │ ├── auth_proxy_role_binding.yaml │ │ ├── auth_proxy_service.yaml │ │ ├── captain_editor_role.yaml │ │ ├── captain_viewer_role.yaml │ │ ├── firstmate_editor_role.yaml │ │ ├── firstmate_viewer_role.yaml │ │ ├── kustomization.yaml │ │ ├── leader_election_role.yaml │ │ ├── leader_election_role_binding.yaml │ │ ├── role.yaml │ │ └── role_binding.yaml │ ├── samples │ │ ├── crew_v1_admiral.yaml │ │ ├── crew_v1_captain.yaml │ │ └── crew_v1_firstmate.yaml │ └── webhook │ │ ├── kustomization.yaml │ │ ├── kustomizeconfig.yaml │ │ └── service.yaml ├── controllers │ ├── admiral_controller.go │ ├── captain_controller.go │ ├── firstmate_controller.go │ └── suite_test.go ├── go.mod ├── hack │ └── boilerplate.go.txt └── main.go ├── project-v3-multigroup ├── .dockerignore ├── .gitignore ├── Dockerfile ├── Makefile ├── PROJECT ├── apis │ ├── crew │ │ └── v1 │ │ │ ├── captain_types.go │ │ │ ├── captain_webhook.go │ │ │ ├── groupversion_info.go │ │ │ └── zz_generated.deepcopy.go │ ├── foo.policy │ │ └── v1 │ │ │ ├── groupversion_info.go │ │ │ ├── healthcheckpolicy_types.go │ │ │ └── zz_generated.deepcopy.go │ ├── sea-creatures │ │ ├── v1beta1 │ │ │ ├── groupversion_info.go │ │ │ ├── kraken_types.go │ │ │ └── zz_generated.deepcopy.go │ │ └── v1beta2 │ │ │ ├── groupversion_info.go │ │ │ ├── leviathan_types.go │ │ │ └── zz_generated.deepcopy.go │ ├── ship │ │ ├── v1 │ │ │ ├── destroyer_types.go │ │ │ ├── groupversion_info.go │ │ │ └── zz_generated.deepcopy.go │ │ ├── v1beta1 │ │ │ ├── frigate_types.go │ │ │ ├── frigate_webhook.go │ │ │ ├── groupversion_info.go │ │ │ └── zz_generated.deepcopy.go │ │ └── v2alpha1 │ │ │ ├── cruiser_types.go │ │ │ ├── groupversion_info.go │ │ │ └── zz_generated.deepcopy.go │ └── v1 │ │ ├── groupversion_info.go │ │ ├── lakers_types.go │ │ ├── lakers_webhook.go │ │ └── zz_generated.deepcopy.go ├── config │ ├── certmanager │ │ ├── certificate.yaml │ │ ├── kustomization.yaml │ │ └── kustomizeconfig.yaml │ ├── crd │ │ ├── bases │ │ │ ├── crew.testproject.org_captains.yaml │ │ │ ├── foo.policy.testproject.org_healthcheckpolicies.yaml │ │ │ ├── sea-creatures.testproject.org_krakens.yaml │ │ │ ├── sea-creatures.testproject.org_leviathans.yaml │ │ │ ├── ship.testproject.org_cruisers.yaml │ │ │ ├── ship.testproject.org_destroyers.yaml │ │ │ ├── ship.testproject.org_frigates.yaml │ │ │ └── testproject.org_lakers.yaml │ │ ├── kustomization.yaml │ │ ├── kustomizeconfig.yaml │ │ └── patches │ │ │ ├── cainjection_in_captains.yaml │ │ │ ├── cainjection_in_cruisers.yaml │ │ │ ├── cainjection_in_destroyers.yaml │ │ │ ├── cainjection_in_frigates.yaml │ │ │ ├── cainjection_in_healthcheckpolicies.yaml │ │ │ ├── cainjection_in_krakens.yaml │ │ │ ├── cainjection_in_lakers.yaml │ │ │ ├── cainjection_in_leviathans.yaml │ │ │ ├── webhook_in_captains.yaml │ │ │ ├── webhook_in_cruisers.yaml │ │ │ ├── webhook_in_destroyers.yaml │ │ │ ├── webhook_in_frigates.yaml │ │ │ ├── webhook_in_healthcheckpolicies.yaml │ │ │ ├── webhook_in_krakens.yaml │ │ │ ├── webhook_in_lakers.yaml │ │ │ └── webhook_in_leviathans.yaml │ ├── default │ │ ├── kustomization.yaml │ │ ├── manager_auth_proxy_patch.yaml │ │ ├── manager_webhook_patch.yaml │ │ └── webhookcainjection_patch.yaml │ ├── manager │ │ ├── kustomization.yaml │ │ └── manager.yaml │ ├── prometheus │ │ ├── kustomization.yaml │ │ └── monitor.yaml │ ├── rbac │ │ ├── auth_proxy_client_clusterrole.yaml │ │ ├── auth_proxy_role.yaml │ │ ├── auth_proxy_role_binding.yaml │ │ ├── auth_proxy_service.yaml │ │ ├── captain_editor_role.yaml │ │ ├── captain_viewer_role.yaml │ │ ├── cruiser_editor_role.yaml │ │ ├── cruiser_viewer_role.yaml │ │ ├── destroyer_editor_role.yaml │ │ ├── destroyer_viewer_role.yaml │ │ ├── frigate_editor_role.yaml │ │ ├── frigate_viewer_role.yaml │ │ ├── healthcheckpolicy_editor_role.yaml │ │ ├── healthcheckpolicy_viewer_role.yaml │ │ ├── kraken_editor_role.yaml │ │ ├── kraken_viewer_role.yaml │ │ ├── kustomization.yaml │ │ ├── lakers_editor_role.yaml │ │ ├── lakers_viewer_role.yaml │ │ ├── leader_election_role.yaml │ │ ├── leader_election_role_binding.yaml │ │ ├── leviathan_editor_role.yaml │ │ ├── leviathan_viewer_role.yaml │ │ ├── role.yaml │ │ └── role_binding.yaml │ ├── samples │ │ ├── _v1_lakers.yaml │ │ ├── crew_v1_captain.yaml │ │ ├── foo.policy_v1_healthcheckpolicy.yaml │ │ ├── sea-creatures_v1beta1_kraken.yaml │ │ ├── sea-creatures_v1beta2_leviathan.yaml │ │ ├── ship_v1_destroyer.yaml │ │ ├── ship_v1beta1_frigate.yaml │ │ └── ship_v2alpha1_cruiser.yaml │ └── webhook │ │ ├── kustomization.yaml │ │ ├── kustomizeconfig.yaml │ │ ├── manifests.yaml │ │ └── service.yaml ├── controllers │ ├── crew │ │ ├── captain_controller.go │ │ └── suite_test.go │ ├── foo.policy │ │ ├── healthcheckpolicy_controller.go │ │ └── suite_test.go │ ├── lakers_controller.go │ ├── sea-creatures │ │ ├── kraken_controller.go │ │ ├── leviathan_controller.go │ │ └── suite_test.go │ ├── ship │ │ ├── cruiser_controller.go │ │ ├── destroyer_controller.go │ │ ├── frigate_controller.go │ │ └── suite_test.go │ └── suite_test.go ├── go.mod ├── hack │ └── boilerplate.go.txt └── main.go └── project-v3 ├── .dockerignore ├── .gitignore ├── Dockerfile ├── Makefile ├── PROJECT ├── api └── v1 │ ├── admiral_types.go │ ├── captain_types.go │ ├── captain_webhook.go │ ├── firstmate_types.go │ ├── firstmate_webhook.go │ ├── groupversion_info.go │ └── zz_generated.deepcopy.go ├── config ├── certmanager │ ├── certificate.yaml │ ├── kustomization.yaml │ └── kustomizeconfig.yaml ├── crd │ ├── bases │ │ ├── crew.testproject.org_admirals.yaml │ │ ├── crew.testproject.org_captains.yaml │ │ └── crew.testproject.org_firstmates.yaml │ ├── kustomization.yaml │ ├── kustomizeconfig.yaml │ └── patches │ │ ├── cainjection_in_admirals.yaml │ │ ├── cainjection_in_captains.yaml │ │ ├── cainjection_in_firstmates.yaml │ │ ├── webhook_in_admirals.yaml │ │ ├── webhook_in_captains.yaml │ │ └── webhook_in_firstmates.yaml ├── default │ ├── kustomization.yaml │ ├── manager_auth_proxy_patch.yaml │ ├── manager_webhook_patch.yaml │ └── webhookcainjection_patch.yaml ├── manager │ ├── kustomization.yaml │ └── manager.yaml ├── prometheus │ ├── kustomization.yaml │ └── monitor.yaml ├── rbac │ ├── admiral_editor_role.yaml │ ├── admiral_viewer_role.yaml │ ├── auth_proxy_client_clusterrole.yaml │ ├── auth_proxy_role.yaml │ ├── auth_proxy_role_binding.yaml │ ├── auth_proxy_service.yaml │ ├── captain_editor_role.yaml │ ├── captain_viewer_role.yaml │ ├── firstmate_editor_role.yaml │ ├── firstmate_viewer_role.yaml │ ├── kustomization.yaml │ ├── leader_election_role.yaml │ ├── leader_election_role_binding.yaml │ ├── role.yaml │ └── role_binding.yaml ├── samples │ ├── crew_v1_admiral.yaml │ ├── crew_v1_captain.yaml │ └── crew_v1_firstmate.yaml └── webhook │ ├── kustomization.yaml │ ├── kustomizeconfig.yaml │ ├── manifests.yaml │ └── service.yaml ├── controllers ├── admiral_controller.go ├── captain_controller.go ├── firstmate_controller.go └── suite_test.go ├── go.mod ├── hack └── boilerplate.go.txt └── main.go /.gitattributes: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudnativeto/kubebuilder/63e6be89a6df84728abdfc4fd7fae2da9d8ea1ea/.gitattributes -------------------------------------------------------------------------------- /.github/workflows/golangci-lint.yml: -------------------------------------------------------------------------------- 1 | name: golangci-lint 2 | on: 3 | # Trigger the workflow on push or pull request, 4 | # but only for the master branch 5 | push: 6 | branches: 7 | - master 8 | pull_request: 9 | branches: 10 | - master 11 | jobs: 12 | golangci: 13 | name: lint 14 | runs-on: ubuntu-latest 15 | steps: 16 | - uses: actions/checkout@v2 17 | - name: golangci-lint 18 | uses: golangci/golangci-lint-action@v1 19 | with: 20 | # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version. 21 | version: v1.29 22 | -------------------------------------------------------------------------------- /.github/workflows/verify.yml: -------------------------------------------------------------------------------- 1 | name: PR Verifier 2 | 3 | on: 4 | pull_request_target: 5 | types: [opened, edited, reopened] 6 | 7 | jobs: 8 | verify: 9 | runs-on: ubuntu-latest 10 | name: verify PR contents 11 | steps: 12 | - name: Verifier action 13 | id: verifier 14 | uses: kubernetes-sigs/kubebuilder-release-tools@v0.1.1 15 | with: 16 | github_token: ${{ secrets.GITHUB_TOKEN }} 17 | -------------------------------------------------------------------------------- /.golangci.yml: -------------------------------------------------------------------------------- 1 | issues: 2 | # don't skip warning about doc comments 3 | # don't exclude the default set of lint 4 | exclude-use-default: false 5 | # restore some of the defaults 6 | # (fill in the rest as needed) 7 | exclude-rules: 8 | - linters: [gosec] 9 | path: "test/e2e/*" 10 | linters: 11 | disable-all: true 12 | enable: 13 | - deadcode 14 | - dupl 15 | - errcheck 16 | - goconst 17 | - gocyclo 18 | - gofmt 19 | - goimports 20 | - golint 21 | - gosec 22 | - gosimple 23 | - govet 24 | - ineffassign 25 | - interfacer 26 | - lll 27 | - maligned 28 | - misspell 29 | - nakedret 30 | - prealloc 31 | - scopelint 32 | - staticcheck 33 | - structcheck 34 | - typecheck 35 | - unconvert 36 | - unparam 37 | - unused 38 | - varcheck 39 | 40 | run: 41 | deadline: 5m 42 | -------------------------------------------------------------------------------- /OWNERS: -------------------------------------------------------------------------------- 1 | # See the OWNERS docs: https://git.k8s.io/community/contributors/guide/owners.md 2 | 3 | approvers: 4 | - kubebuilder-admins 5 | - kubebuilder-approvers 6 | reviewers: 7 | - kubebuilder-admins 8 | - kubebuilder-reviewers 9 | - kubebuilder-approvers 10 | -------------------------------------------------------------------------------- /OWNERS_ALIASES: -------------------------------------------------------------------------------- 1 | # See the OWNERS docs: https://git.k8s.io/community/contributors/guide/owners.md 2 | 3 | aliases: 4 | # active folks who can be contacted to perform admin-related 5 | # tasks on the repo, or otherwise approve any PRs. 6 | kubebuilder-admins: 7 | - droot 8 | - mengqiy 9 | - directxman12 10 | - pwittrock 11 | 12 | # non-admin folks who can approve any PRs in the repo 13 | kubebuilder-approvers: 14 | - camilamacedo86 15 | - estroz 16 | 17 | # folks who can review and LGTM any PRs in the repo (doesn't include 18 | # approvers & admins -- those count too via the OWNERS file) 19 | kubebuilder-reviewers: 20 | - joelanford 21 | - adirio 22 | 23 | # folks who may have context on ancient history, 24 | # but are no longer directly involved 25 | # kubebuilder-emeritus-approvers: 26 | -------------------------------------------------------------------------------- /SECURITY_CONTACTS: -------------------------------------------------------------------------------- 1 | # Defined below are the security contacts for this repo. 2 | # 3 | # They are the contact point for the Product Security Team to reach out 4 | # to for triaging and handling of incoming issues. 5 | # 6 | # The below names agree to abide by the 7 | # [Embargo Policy](https://github.com/kubernetes/sig-release/blob/master/security-release-process-documentation/security-release-process.md#embargo-policy) 8 | # and will be removed and replaced if they violate that agreement. 9 | # 10 | # DO NOT REPORT SECURITY VULNERABILITIES DIRECTLY TO THESE NAMES, FOLLOW THE 11 | # INSTRUCTIONS AT https://kubernetes.io/security/ 12 | 13 | droot 14 | pwittrock 15 | -------------------------------------------------------------------------------- /WORKSPACE: -------------------------------------------------------------------------------- 1 | http_archive( 2 | name = "io_bazel_rules_go", 3 | url = "https://github.com/bazelbuild/rules_go/releases/download/0.9.0/rules_go-0.9.0.tar.gz", 4 | sha256 = "4d8d6244320dd751590f9100cf39fd7a4b75cd901e1f3ffdfd6f048328883695", 5 | ) 6 | load("@io_bazel_rules_go//go:def.bzl", "go_rules_dependencies", "go_register_toolchains") 7 | go_rules_dependencies() 8 | go_register_toolchains() 9 | 10 | load("@io_bazel_rules_go//proto:def.bzl", "proto_register_toolchains") 11 | proto_register_toolchains() 12 | 13 | -------------------------------------------------------------------------------- /build/package.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright 2018 The Kubernetes Authors. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | set -e 17 | set -x 18 | 19 | cd /workspace/_output/ 20 | tar -czvf /workspace/kubebuilder-$VERSION-$GOOS-$GOARCH.tar.gz kubebuilder 21 | -------------------------------------------------------------------------------- /code-of-conduct.md: -------------------------------------------------------------------------------- 1 | # Kubernetes Community Code of Conduct 2 | 3 | Please refer to our [Kubernetes Community Code of Conduct](https://git.k8s.io/community/code-of-conduct.md) -------------------------------------------------------------------------------- /designs/assets/version_diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudnativeto/kubebuilder/63e6be89a6df84728abdfc4fd7fae2da9d8ea1ea/designs/assets/version_diagram.png -------------------------------------------------------------------------------- /docs/README.md: -------------------------------------------------------------------------------- 1 | # Running mdBook 2 | 3 | The kubebuilder book is served using [mdBook](https://github.com/rust-lang-nursery/mdBook). If you want to test changes to the book locally, follow these directions: 4 | 5 | 1. Follow the instructions at [https://github.com/rust-lang-nursery/mdBook#installation](https://github.com/rust-lang-nursery/mdBook#installation) to 6 | install mdBook. 7 | 1. cd into the `docs/book` directory 8 | 1. Run `mdbook serve` 9 | 1. Visit [http://localhost:3000](http://localhost:3000) 10 | 11 | # Steps to deploy 12 | 13 | There are no manual steps needed to deploy the website. 14 | 15 | Kubebuilder book website is deployed on Netlify. 16 | There is a preview of the website for each PR. 17 | As soon as the PR is merged, the website will be built and deployed on Netlify. 18 | -------------------------------------------------------------------------------- /docs/book/.firebaserc: -------------------------------------------------------------------------------- 1 | {} 2 | -------------------------------------------------------------------------------- /docs/book/book.toml: -------------------------------------------------------------------------------- 1 | [book] 2 | authors = ["The Kubebuilder Maintainers"] 3 | multilingual = false 4 | src = "src" 5 | title = "The Kubebuilder Book" 6 | 7 | [output.html] 8 | google-analytics = "UA-119864590-1" 9 | curly-quotes = true 10 | additional-css = ["theme/css/markers.css", "theme/css/custom.css"] 11 | 12 | [preprocessor.literatego] 13 | command = "./litgo.sh" 14 | 15 | [preprocessor.markerdocs] 16 | command = "./markerdocs.sh" 17 | -------------------------------------------------------------------------------- /docs/book/src/404.md: -------------------------------------------------------------------------------- 1 | TODO.md -------------------------------------------------------------------------------- /docs/book/src/TODO.md: -------------------------------------------------------------------------------- 1 | # 将要做的事 2 | 3 | 如果你正在看这页,很大程度是因为在这本书中还有东西没有完成。前往[查看是否有人能发现这个](https://github.com/kubernetes-sigs/kubebuilder/issues?q=is%3Aopen+is%3Aissue+label%3Akind%2Fdocumentation)或者[向 maintainers 报告 bug](https://github.com/kubernetes-sigs/kubebuilder/issues/new?assignees=&labels=kind%2Fdocumentation)。 4 | 5 | -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/cert-manager.md: -------------------------------------------------------------------------------- 1 | # 部署 cert manager 2 | 3 | 我们建议使用 [cert manager](https://github.com/jetstack/cert-manager) 为 webhook 服务器提供证书。只要其他解决方案将证书放在期望的位置,也将会起作用。 4 | 5 | 你可以按照 [cert manager 文档](https://docs.cert-manager.io/en/latest/getting-started/install/kubernetes.html) 进行安装。 6 | 7 | Cert manager 还有一个叫做 CA 注入器的组件,该组件负责将 CA 捆绑注入到 Mutating|ValidatingWebhookConfiguration 中。 8 | 9 | 为此,你需要在 Mutating|ValidatingWebhookConfiguration 对象中使用带有 key 为 `cert-manager.io/inject-ca-from` 的注释。 10 | 注释的值应指向现有的证书 CR 实例,格式为 `/`。 11 | 12 | 这是我们用于注释 Mutating|ValidatingWebhookConfiguration 对象的 [kustomize](https://github.com/kubernetes-sigs/kustomize) patch。 13 | ```yaml 14 | {{#include ./testdata/project/config/default/webhookcainjection_patch.yaml}} 15 | ``` 16 | -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/controller-implementation.md: -------------------------------------------------------------------------------- 1 | # 实现一个控制器 2 | 3 | CronJob 控制器的基本逻辑如下: 4 | 5 | 1. 根据名称加载定时任务 6 | 7 | 2. 列出所有有效的 job,更新其状态 8 | 9 | 3. 根据保留的历史版本数清理版本过旧的 job 10 | 11 | 4. 检查当前 CronJob 是否被挂起(如果被挂起,则不执行任何操作) 12 | 13 | 5. 计算 job 下一个定时执行时间 14 | 15 | 6. 如果 job 符合执行时机,没有超出截止时间,且不被并发策略阻塞,执行该 job 16 | 17 | 7. 当任务进入运行状态或到了下一次执行时间, job 重新排队 18 | 19 | {{#literatego ./testdata/project/controllers/cronjob_controller.go}} 20 | 21 | 看起来并不复杂,不过我们总算有了个能运行的控制器了。我们先在集群里测试下,如果一切顺利,将它部署起来! 22 | -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/controller-overview.md: -------------------------------------------------------------------------------- 1 | # 控制器简介 2 | 3 | 控制器是 Kubernetes 的核心,也是任何 operator 的核心。 4 | 5 | 控制器的工作是确保对于任何给定的对象,世界的实际状态(包括集群状态,以及潜在的外部状态,如 Kubelet 的运行容器或云提供商的负载均衡器)与对象中的期望状态相匹配。每个控制器专注于一个根 Kind,但可能会与其他 Kind 交互。 6 | 7 | 我们把这个过程称为 **reconciling**。 8 | 9 | 在 controller-runtime 中,为特定种类实现 reconciling 的逻辑被称为 [*Reconciler*](https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile)。 Reconciler 接受一个对象的名称,并返回我们是否需要再次尝试(例如在错误或周期性控制器的情况下,如 HorizontalPodAutoscaler)。 10 | 11 | {{#literatego ./testdata/emptycontroller.go}} 12 | 13 | 现在我们已经了解了 Reconcile 的基本结构,我们来补充一下 `CronJob`s 的逻辑。 14 | -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/empty-main.md: -------------------------------------------------------------------------------- 1 | # 每段旅程需要一个起点,每个程序需要一个入口函数 2 | 3 | {{#literatego ./testdata/emptymain.go}} 4 | 5 | 说完这些,我们就可以开始创建我们的 API 了! -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/epilogue.md: -------------------------------------------------------------------------------- 1 | # 结语 2 | 3 | 至此,我们已经实现了一个功能比较完备的 Cronjob controller 了,利用了 KubeBuilder 的大部分特性,而且用 4 | envtest 写了 controller 的测试。 5 | 6 | 如果你想要知道更多,可以看 [Multi-Version 7 | Tutorial](/multiversion-tutorial/tutorial.md),学习如何给项目添加新API。 8 | 9 | 另外,你可以自己尝试完成以下步骤--稍后我们会有一个教程。 10 | 11 | - `kubectl get` [添加额外的列打印][printer-columns] 12 | 13 | [printer-columns]: /reference/generating-crd.md#additional-printer-columns 14 | -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/main-revisited.md: -------------------------------------------------------------------------------- 1 | # 你还记得关于 main 函数的一些要点吗? 2 | 3 | 但首先,还记得我们之前说过的 [再次回顾 `main.go`](/cronjob-tutorial/empty-main.md) 吗?让我们看一下哪些地方改变了,哪些是需要添加的。 4 | 5 | {{#literatego ./testdata/project/main.go}} 6 | 7 | *现在* 我们可以实现我们的控制器了。 8 | -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/new-api.md: -------------------------------------------------------------------------------- 1 | # 创建一个 API 2 | 3 | 搭建一个新的 Kind (你刚在 [上一章节](./gvks.md#kinds-and-resources) 中注意到的,是吗?) 和相应的控制器,我们可以用 `kubebuilder create api`: 4 | 5 | ```bash 6 | kubebuilder create api --group batch --version v1 --kind CronJob 7 | ``` 8 | 9 | 当第一次我们为每个组-版本调用这个命令的时候,它将会为新的组-版本创建一个目录。 10 | 11 | 在本案例中,创建了一个对应于`batch.tutorial.kubebuilder.io/v1`(记得我们在开始时 [`--domain`](cronjob-tutorial.md#scaffolding-out-our-project) 的设置吗?) 的 [`api/v1/`](https://sigs.k8s.io/kubebuilder/docs/book/src/cronjob-tutorial/testdata/project/api/v1) 目录。 12 | 13 | 它也为我们的`CronJob` Kind 添加了一个文件,`api/v1/cronjob_types.go`。每次当我们用不同的 kind 去调用这个命令,它将添加一个相应的新文件。 14 | 15 | 让我们来看看我们得到了哪些东西,然后我们就可以开始去填写了。 16 | 17 | {{#literatego ./testdata/emptyapi.go}} 18 | 19 | 现在我们已经看到了基本的结构了,让我们开始去填写它吧! 20 | -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/other-api-files.md: -------------------------------------------------------------------------------- 1 | # 简要说明: 剩下文件的作用? 2 | 3 | 如果你在 [`api/v1/`](https://sigs.k8s.io/kubebuilder/docs/book/src/cronjob-tutorial/testdata/project/api/v1) 目录下看到了其他文件, 4 | 你可能会注意到除了 `cronjob_types.go` 这个文件外,还有两个文件:`groupversion_info.go` 和 `zz_generated.deepcopy.go`。 5 | 6 | 7 | 虽然这些文件都不需要编辑(前者保持原样,而后者是自动生成的),但是如果知道这些文件的内容,那么将是非常有用的。 8 | 9 | ## `groupversion_info.go` 10 | 11 | `groupversion_info.go` 包含了关于 group-version 的一些元数据: 12 | 13 | {{#literatego ./testdata/project/api/v1/groupversion_info.go}} 14 | 15 | ## `zz_generated.deepcopy.go` 16 | 17 | `zz_generated.deepcopy.go` 包含了前述 `runtime.Object` 接口的自动实现,这些实现标记了代表 `Kinds` 的所有根类型。 18 | 19 | `runtime.Object` 接口的核心是一个深拷贝方法,即 `DeepCopyObject`。 20 | 21 | controller-tools 中的 `object` 生成器也能够为每一个根类型以及其子类型生成另外两个易用的方法:`DeepCopy` 和 22 | `DeepCopyInto`。 23 | -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/testdata/project/.dockerignore: -------------------------------------------------------------------------------- 1 | # More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file 2 | # Ignore all files which are not go type 3 | !**/*.go 4 | !**/*.mod 5 | !**/*.sum 6 | -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/testdata/project/.gitignore: -------------------------------------------------------------------------------- 1 | 2 | # Binaries for programs and plugins 3 | *.exe 4 | *.exe~ 5 | *.dll 6 | *.so 7 | *.dylib 8 | bin 9 | testbin/* 10 | 11 | # Test binary, build with `go test -c` 12 | *.test 13 | 14 | # Output of the go coverage tool, specifically when used with LiteIDE 15 | *.out 16 | 17 | # Kubernetes Generated files - skip generated files, except for vendored files 18 | 19 | !vendor/**/zz_generated.* 20 | 21 | # editor and IDE paraphernalia 22 | .idea 23 | *.swp 24 | *.swo 25 | *~ 26 | -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/testdata/project/PROJECT: -------------------------------------------------------------------------------- 1 | domain: tutorial.kubebuilder.io 2 | layout: go.kubebuilder.io/v3-alpha 3 | projectName: project 4 | repo: tutorial.kubebuilder.io/project 5 | resources: 6 | - group: batch 7 | kind: CronJob 8 | version: v1 9 | version: 3-alpha 10 | -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/testdata/project/config/certmanager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - certificate.yaml 3 | 4 | configurations: 5 | - kustomizeconfig.yaml 6 | -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/testdata/project/config/certmanager/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This configuration is for teaching kustomize how to update name ref and var substitution 2 | nameReference: 3 | - kind: Issuer 4 | group: cert-manager.io 5 | fieldSpecs: 6 | - kind: Certificate 7 | group: cert-manager.io 8 | path: spec/issuerRef/name 9 | 10 | varReference: 11 | - kind: Certificate 12 | group: cert-manager.io 13 | path: spec/commonName 14 | - kind: Certificate 15 | group: cert-manager.io 16 | path: spec/dnsNames 17 | -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/testdata/project/config/crd/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This file is for teaching kustomize how to substitute name and namespace reference in CRD 2 | nameReference: 3 | - kind: Service 4 | version: v1 5 | fieldSpecs: 6 | - kind: CustomResourceDefinition 7 | group: apiextensions.k8s.io 8 | path: spec/conversion/webhookClientConfig/service/name 9 | 10 | namespace: 11 | - kind: CustomResourceDefinition 12 | group: apiextensions.k8s.io 13 | path: spec/conversion/webhookClientConfig/service/namespace 14 | create: false 15 | 16 | varReference: 17 | - path: metadata/annotations 18 | -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/testdata/project/config/crd/patches/cainjection_in_cronjobs.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: cronjobs.batch.tutorial.kubebuilder.io 9 | -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/testdata/project/config/crd/patches/webhook_in_cronjobs.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: cronjobs.batch.tutorial.kubebuilder.io 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/testdata/project/config/default/manager_webhook_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | ports: 12 | - containerPort: 9443 13 | name: webhook-server 14 | protocol: TCP 15 | volumeMounts: 16 | - mountPath: /tmp/k8s-webhook-server/serving-certs 17 | name: cert 18 | readOnly: true 19 | volumes: 20 | - name: cert 21 | secret: 22 | defaultMode: 420 23 | secretName: webhook-server-cert 24 | -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/testdata/project/config/default/webhookcainjection_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch add annotation to admission webhook config and 2 | # the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. 3 | apiVersion: admissionregistration.k8s.io/v1beta1 4 | kind: MutatingWebhookConfiguration 5 | metadata: 6 | name: mutating-webhook-configuration 7 | annotations: 8 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 9 | --- 10 | apiVersion: admissionregistration.k8s.io/v1beta1 11 | kind: ValidatingWebhookConfiguration 12 | metadata: 13 | name: validating-webhook-configuration 14 | annotations: 15 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 16 | -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/testdata/project/config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/testdata/project/config/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/testdata/project/config/prometheus/monitor.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Prometheus Monitor Service (Metrics) 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | labels: 7 | control-plane: controller-manager 8 | name: controller-manager-metrics-monitor 9 | namespace: system 10 | spec: 11 | endpoints: 12 | - path: /metrics 13 | port: https 14 | selector: 15 | matchLabels: 16 | control-plane: controller-manager 17 | -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/testdata/project/config/rbac/auth_proxy_client_clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1beta1 2 | kind: ClusterRole 3 | metadata: 4 | name: metrics-reader 5 | rules: 6 | - nonResourceURLs: ["/metrics"] 7 | verbs: ["get"] 8 | -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/testdata/project/config/rbac/auth_proxy_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: proxy-role 5 | rules: 6 | - apiGroups: ["authentication.k8s.io"] 7 | resources: 8 | - tokenreviews 9 | verbs: ["create"] 10 | - apiGroups: ["authorization.k8s.io"] 11 | resources: 12 | - subjectaccessreviews 13 | verbs: ["create"] 14 | -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/testdata/project/config/rbac/auth_proxy_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: proxy-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: proxy-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/testdata/project/config/rbac/auth_proxy_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | name: controller-manager-metrics-service 7 | namespace: system 8 | spec: 9 | ports: 10 | - name: https 11 | port: 8443 12 | targetPort: https 13 | selector: 14 | control-plane: controller-manager 15 | -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/testdata/project/config/rbac/cronjob_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit cronjobs. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: cronjob-editor-role 6 | rules: 7 | - apiGroups: 8 | - batch.tutorial.kubebuilder.io 9 | resources: 10 | - cronjobs 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - batch.tutorial.kubebuilder.io 21 | resources: 22 | - cronjobs/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/testdata/project/config/rbac/cronjob_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view cronjobs. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: cronjob-viewer-role 6 | rules: 7 | - apiGroups: 8 | - batch.tutorial.kubebuilder.io 9 | resources: 10 | - cronjobs 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - batch.tutorial.kubebuilder.io 17 | resources: 18 | - cronjobs/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/testdata/project/config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - role.yaml 3 | - role_binding.yaml 4 | - leader_election_role.yaml 5 | - leader_election_role_binding.yaml 6 | # Comment the following 4 lines if you want to disable 7 | # the auth proxy (https://github.com/brancz/kube-rbac-proxy) 8 | # which protects your /metrics endpoint. 9 | - auth_proxy_service.yaml 10 | - auth_proxy_role.yaml 11 | - auth_proxy_role_binding.yaml 12 | - auth_proxy_client_clusterrole.yaml 13 | -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/testdata/project/config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: leader-election-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - "" 21 | resources: 22 | - events 23 | verbs: 24 | - create 25 | - patch 26 | -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/testdata/project/config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: leader-election-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: leader-election-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/testdata/project/config/rbac/role.yaml: -------------------------------------------------------------------------------- 1 | 2 | --- 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: ClusterRole 5 | metadata: 6 | creationTimestamp: null 7 | name: manager-role 8 | rules: 9 | - apiGroups: 10 | - batch 11 | resources: 12 | - jobs 13 | verbs: 14 | - create 15 | - delete 16 | - get 17 | - list 18 | - patch 19 | - update 20 | - watch 21 | - apiGroups: 22 | - batch 23 | resources: 24 | - jobs/status 25 | verbs: 26 | - get 27 | - apiGroups: 28 | - batch.tutorial.kubebuilder.io 29 | resources: 30 | - cronjobs 31 | verbs: 32 | - create 33 | - delete 34 | - get 35 | - list 36 | - patch 37 | - update 38 | - watch 39 | - apiGroups: 40 | - batch.tutorial.kubebuilder.io 41 | resources: 42 | - cronjobs/status 43 | verbs: 44 | - get 45 | - patch 46 | - update 47 | -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/testdata/project/config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/testdata/project/config/samples/batch_v1_cronjob.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch.tutorial.kubebuilder.io/v1 2 | kind: CronJob 3 | metadata: 4 | name: cronjob-sample 5 | spec: 6 | schedule: "*/1 * * * *" 7 | startingDeadlineSeconds: 60 8 | concurrencyPolicy: Allow # explicitly specify, but Allow is also default. 9 | jobTemplate: 10 | spec: 11 | template: 12 | spec: 13 | containers: 14 | - name: hello 15 | image: busybox 16 | args: 17 | - /bin/sh 18 | - -c 19 | - date; echo Hello from the Kubernetes cluster 20 | restartPolicy: OnFailure 21 | -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/testdata/project/config/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manifests.yaml 3 | - service.yaml 4 | 5 | configurations: 6 | - kustomizeconfig.yaml 7 | -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/testdata/project/config/webhook/service.yaml: -------------------------------------------------------------------------------- 1 | 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: webhook-service 6 | namespace: system 7 | spec: 8 | ports: 9 | - port: 443 10 | targetPort: 9443 11 | selector: 12 | control-plane: controller-manager 13 | -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/testdata/project/go.mod: -------------------------------------------------------------------------------- 1 | module tutorial.kubebuilder.io/project 2 | 3 | go 1.15 4 | 5 | require ( 6 | github.com/go-logr/logr v0.1.0 7 | github.com/onsi/ginkgo v1.12.1 8 | github.com/onsi/gomega v1.10.1 9 | github.com/robfig/cron v1.2.0 10 | k8s.io/api v0.18.6 11 | k8s.io/apimachinery v0.18.6 12 | k8s.io/client-go v0.18.6 13 | sigs.k8s.io/controller-runtime v0.6.2 14 | ) 15 | -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/testdata/project/hack/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // +kubebuilder:gen-docs:collapse=Apache License 17 | -------------------------------------------------------------------------------- /docs/book/src/cronjob-tutorial/webhook-implementation.md: -------------------------------------------------------------------------------- 1 | # 实现默认/验证 webhook 2 | 3 | 如果你想为你的 CRD 实现一个 [admission webhooks](../reference/admission-webhook.md), 4 | 你需要做的一件事就是去实现`Defaulter` 和/或 `Validator` 接口。 5 | 6 | Kubebuilder 会帮你处理剩下的事情,像下面这些: 7 | 8 | 1. 创建 webhook 服务端。 9 | 2. 确保服务端已添加到 manager 中。 10 | 3. 为你的 webhooks 创建处理函数。 11 | 4. 用路径在你的服务端中注册每个处理函数。 12 | 13 | 首先,让我们为我们的 CRD (CronJob) 创建一个 webhooks 的支架。我们将需要运行下面的命令并带上 `--defaulting` 和 `--programmatic-validation` 标志(因为我们的测试项目会用到默认和验证 webhooks): 14 | 15 | ```bash 16 | kubebuilder create webhook --group batch --version v1 --kind CronJob --defaulting --programmatic-validation 17 | ``` 18 | 19 | 这里会在你的 `main.go` 中搭建一个 webhook 函数的支架并用 manager 注册你的 webhook。 20 | 21 | {{#literatego ./testdata/project/api/v1/cronjob_webhook.go}} 22 | -------------------------------------------------------------------------------- /docs/book/src/logos/README.md: -------------------------------------------------------------------------------- 1 | # KubeBuilder 图标 2 | 3 | 图标的官方地址是在一个[公开的 GCS 桶][kb-logos-gcs]中(或者如果你喜欢 GCS 的 XML 列表,请访问[这里](kb-logos-gcs-direct))。 4 | 5 | 本书中使用了这些图标的副本,并调整它们到合适的大小。 6 | 7 | [kb-logos-gcs]: https://console.cloud.google.com/storage/browser/kubebuilder-logos 8 | 9 | [kb-logos-gcs-direct]: https://storage.googleapis.com/kubebuilder-logos 10 | -------------------------------------------------------------------------------- /docs/book/src/logos/favicon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudnativeto/kubebuilder/63e6be89a6df84728abdfc4fd7fae2da9d8ea1ea/docs/book/src/logos/favicon.png -------------------------------------------------------------------------------- /docs/book/src/logos/logo-single-line.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudnativeto/kubebuilder/63e6be89a6df84728abdfc4fd7fae2da9d8ea1ea/docs/book/src/logos/logo-single-line.png -------------------------------------------------------------------------------- /docs/book/src/migrations.md: -------------------------------------------------------------------------------- 1 | # 迁移 2 | 3 | Kubebuilder 项目结构之间的迁移通常会涉及到一些手动操作。 4 | 5 | 这部分将详细说明,在 Kubebuilder 自动生成的不同版本之间迁移或向更复杂的项目层级结构迁移时所需具备的条件。 6 | - 7 | - 8 | -------------------------------------------------------------------------------- /docs/book/src/multiversion-tutorial/conversion.md: -------------------------------------------------------------------------------- 1 | # 实现转换 2 | 3 | 采用的转换模型已经就绪,就可以开始实现转换函数了。 我们将这些函数放置在 `cronjob_conversion.go` 文件中,`cronjob_conversion.go` 文件和 `cronjob_types.go` 文件同目录,以避免我们主要的类型文件和额外的方法产生混乱。 4 | 5 | ## Hub... 6 | 7 | 首先,我们需要实现 hub 接口。我们会选择 v1 版本作为 hub 的一个实现: 8 | 9 | {{#literatego ./testdata/project/api/v1/cronjob_conversion.go}} 10 | 11 | ## ... 然后 Spokes 12 | 13 | 然后,我们需要实现我们的 spoke 接口,例如 v2 版本: 14 | 15 | {{#literatego ./testdata/project/api/v2/cronjob_conversion.go}} 16 | 17 | 现在我们的转换方法已经就绪,我们要做的就是启动我们的 main 方法来运行 webhook。 18 | -------------------------------------------------------------------------------- /docs/book/src/multiversion-tutorial/testdata/project/.dockerignore: -------------------------------------------------------------------------------- 1 | # More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file 2 | # Ignore all files which are not go type 3 | !**/*.go 4 | !**/*.mod 5 | !**/*.sum 6 | -------------------------------------------------------------------------------- /docs/book/src/multiversion-tutorial/testdata/project/.gitignore: -------------------------------------------------------------------------------- 1 | 2 | # Binaries for programs and plugins 3 | *.exe 4 | *.exe~ 5 | *.dll 6 | *.so 7 | *.dylib 8 | bin 9 | testbin/* 10 | 11 | # Test binary, build with `go test -c` 12 | *.test 13 | 14 | # Output of the go coverage tool, specifically when used with LiteIDE 15 | *.out 16 | 17 | # Kubernetes Generated files - skip generated files, except for vendored files 18 | 19 | !vendor/**/zz_generated.* 20 | 21 | # editor and IDE paraphernalia 22 | .idea 23 | *.swp 24 | *.swo 25 | *~ 26 | -------------------------------------------------------------------------------- /docs/book/src/multiversion-tutorial/testdata/project/PROJECT: -------------------------------------------------------------------------------- 1 | domain: tutorial.kubebuilder.io 2 | layout: go.kubebuilder.io/v3-alpha 3 | projectName: project 4 | repo: tutorial.kubebuilder.io/project 5 | resources: 6 | - group: batch 7 | kind: CronJob 8 | version: v1 9 | - group: batch 10 | kind: CronJob 11 | version: v2 12 | version: 3-alpha 13 | -------------------------------------------------------------------------------- /docs/book/src/multiversion-tutorial/testdata/project/config/certmanager: -------------------------------------------------------------------------------- 1 | ../../../../cronjob-tutorial/testdata/project/config/certmanager -------------------------------------------------------------------------------- /docs/book/src/multiversion-tutorial/testdata/project/config/crd/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This file is for teaching kustomize how to substitute name and namespace reference in CRD 2 | nameReference: 3 | - kind: Service 4 | version: v1 5 | fieldSpecs: 6 | - kind: CustomResourceDefinition 7 | group: apiextensions.k8s.io 8 | path: spec/conversion/webhookClientConfig/service/name 9 | 10 | namespace: 11 | - kind: CustomResourceDefinition 12 | group: apiextensions.k8s.io 13 | path: spec/conversion/webhookClientConfig/service/namespace 14 | create: false 15 | 16 | varReference: 17 | - path: metadata/annotations 18 | -------------------------------------------------------------------------------- /docs/book/src/multiversion-tutorial/testdata/project/config/crd/patches/cainjection_in_cronjobs.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: cronjobs.batch.tutorial.kubebuilder.io 9 | -------------------------------------------------------------------------------- /docs/book/src/multiversion-tutorial/testdata/project/config/crd/patches/webhook_in_cronjobs.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: cronjobs.batch.tutorial.kubebuilder.io 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | -------------------------------------------------------------------------------- /docs/book/src/multiversion-tutorial/testdata/project/config/default/manager_webhook_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | ports: 12 | - containerPort: 9443 13 | name: webhook-server 14 | protocol: TCP 15 | volumeMounts: 16 | - mountPath: /tmp/k8s-webhook-server/serving-certs 17 | name: cert 18 | readOnly: true 19 | volumes: 20 | - name: cert 21 | secret: 22 | defaultMode: 420 23 | secretName: webhook-server-cert 24 | -------------------------------------------------------------------------------- /docs/book/src/multiversion-tutorial/testdata/project/config/default/webhookcainjection_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch add annotation to admission webhook config and 2 | # the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. 3 | apiVersion: admissionregistration.k8s.io/v1beta1 4 | kind: MutatingWebhookConfiguration 5 | metadata: 6 | name: mutating-webhook-configuration 7 | annotations: 8 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 9 | --- 10 | apiVersion: admissionregistration.k8s.io/v1beta1 11 | kind: ValidatingWebhookConfiguration 12 | metadata: 13 | name: validating-webhook-configuration 14 | annotations: 15 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 16 | -------------------------------------------------------------------------------- /docs/book/src/multiversion-tutorial/testdata/project/config/manager: -------------------------------------------------------------------------------- 1 | ../../../../cronjob-tutorial/testdata/project/config/manager -------------------------------------------------------------------------------- /docs/book/src/multiversion-tutorial/testdata/project/config/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | -------------------------------------------------------------------------------- /docs/book/src/multiversion-tutorial/testdata/project/config/prometheus/monitor.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Prometheus Monitor Service (Metrics) 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | labels: 7 | control-plane: controller-manager 8 | name: controller-manager-metrics-monitor 9 | namespace: system 10 | spec: 11 | endpoints: 12 | - path: /metrics 13 | port: https 14 | selector: 15 | matchLabels: 16 | control-plane: controller-manager 17 | -------------------------------------------------------------------------------- /docs/book/src/multiversion-tutorial/testdata/project/config/rbac: -------------------------------------------------------------------------------- 1 | ../../../../cronjob-tutorial/testdata/project/config/rbac -------------------------------------------------------------------------------- /docs/book/src/multiversion-tutorial/testdata/project/config/samples/batch_v1_cronjob.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch.tutorial.kubebuilder.io/v1 2 | kind: CronJob 3 | metadata: 4 | name: cronjob-sample 5 | spec: 6 | schedule: "*/1 * * * *" 7 | startingDeadlineSeconds: 60 8 | concurrencyPolicy: Allow # explicitly specify, but Allow is also default. 9 | jobTemplate: 10 | spec: 11 | template: 12 | spec: 13 | containers: 14 | - name: hello 15 | image: busybox 16 | args: 17 | - /bin/sh 18 | - -c 19 | - date; echo Hello from the Kubernetes cluster 20 | restartPolicy: OnFailure 21 | -------------------------------------------------------------------------------- /docs/book/src/multiversion-tutorial/testdata/project/config/samples/batch_v2_cronjob.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch.tutorial.kubebuilder.io/v2 2 | kind: CronJob 3 | metadata: 4 | name: cronjob-sample 5 | spec: 6 | schedule: 7 | minute: "*/1" 8 | startingDeadlineSeconds: 60 9 | concurrencyPolicy: Allow # explicitly specify, but Allow is also default. 10 | jobTemplate: 11 | spec: 12 | template: 13 | spec: 14 | containers: 15 | - name: hello 16 | image: busybox 17 | args: 18 | - /bin/sh 19 | - -c 20 | - date; echo Hello from the Kubernetes cluster 21 | restartPolicy: OnFailure 22 | -------------------------------------------------------------------------------- /docs/book/src/multiversion-tutorial/testdata/project/config/webhook: -------------------------------------------------------------------------------- 1 | ../../../../cronjob-tutorial/testdata/project/config/webhook/ -------------------------------------------------------------------------------- /docs/book/src/multiversion-tutorial/testdata/project/go.mod: -------------------------------------------------------------------------------- 1 | module tutorial.kubebuilder.io/project 2 | 3 | go 1.15 4 | 5 | require ( 6 | github.com/go-logr/logr v0.1.0 7 | github.com/onsi/ginkgo v1.12.1 8 | github.com/onsi/gomega v1.10.1 9 | github.com/robfig/cron v1.2.0 10 | k8s.io/api v0.18.6 11 | k8s.io/apimachinery v0.18.6 12 | k8s.io/client-go v0.18.6 13 | sigs.k8s.io/controller-runtime v0.6.2 14 | ) 15 | -------------------------------------------------------------------------------- /docs/book/src/multiversion-tutorial/testdata/project/hack/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | -------------------------------------------------------------------------------- /docs/book/src/multiversion-tutorial/webhooks.md: -------------------------------------------------------------------------------- 1 | # 设置 webhook 2 | 3 | 我们的 conversion 已经就位,所以接下来就是告诉 controller-runtime 关于我们的 conversion。 4 | 5 | 通常,我们通过运行 6 | 7 | ```shell 8 | kubebuilder create webhook --group batch --version v1 --kind CronJob --conversion 9 | ``` 10 | 11 | 来搭建起 webhook 设置。然而,当我们已经创建好默认和验证过的 webhook 时,我们就已经设置好 webhook。 12 | 13 | ## Webhook 设置... 14 | 15 | {{#literatego ./testdata/project/api/v1/cronjob_webhook.go}} 16 | 17 | ## ...以及 `main.go` 18 | 19 | 同样地,我们的 main 文件也已就绪: 20 | 21 | {{#literatego ./testdata/project/main.go}} 22 | 23 | 所有都已经设置准备好!接下来要做的只有测试我们的 webhook。 24 | -------------------------------------------------------------------------------- /docs/book/src/reference/admission-webhook.md: -------------------------------------------------------------------------------- 1 | # 准入 Webhooks 2 | 3 | 准入 webhook 是 HTTP 的回调,它可以接受准入请求,处理它们并且返回准入响应。 4 | 5 | Kubernetes 提供了下面几种类型的准入 webhook: 6 | 7 | - **变更准入 Webhook** 8 | 这种类型的 webhook 会在对象创建或是更新且没有存储前改变操作对象,然后才存储。它可以用于资源请求中的默认字段,比如在 Deployment 中没有被用户制定的字段。它可以用于注入 sidecar 容器。 9 | 10 | - **验证准入 Webhook** 11 | 这种类型的 webhook 会在对象创建或是更新且没有存储前验证操作对象,然后才存储。它可以有比纯基于 schema 验证更加复杂的验证。比如:交叉字段验证和 pod 镜像白名单。 12 | 13 | 默认情况下 apiserver 自己没有对 webhook 进行认证。然而,如果你想认证客户端,你可以配置 apiserver 使用基本授权,持有 token,或者证书对 webhook 进行认证。 14 | 详细的步骤可以查看[这里](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#authenticate-apiservers)。 15 | -------------------------------------------------------------------------------- /docs/book/src/reference/artifacts.md: -------------------------------------------------------------------------------- 1 | # 制品 2 | 3 | 4 | 除了主要的二进制版本外 Kubebuilder 还发布测试二进制文件和容器镜像。 5 | 6 | ## 测试二进制文件 7 | 8 | 你可以在 `https://go.kubebuilder.io/test-tools` 中找到所有的测试二进制文件。 9 | 你可以在 `https://go.kubebuilder.io/test-tools/${version}/${os}/${arch}` 找到单独的二进制文件。 10 | 11 | ## 容器镜像 12 | 13 | 你可以在 `https://go.kubebuilder.io/images/${os}` 或者 `gcr.io/kubebuilder/thirdparty-${os}` 中找到与你系统相对应的所有容器镜像。 14 | 你可以在 `https://go.kubebuilder.io/images/${os}/${version}` 或者 `gcr.io/kubebuilder/thirdparty-${os}:${version}` 中找到单独的容器镜像。 15 | -------------------------------------------------------------------------------- /docs/book/src/reference/markers/crd-processing.md: -------------------------------------------------------------------------------- 1 | # CRD 处理 2 | 3 | 当你有自定义资源请求时,这些标记有助于 Kubernetes API 服务器控制处理 API。 4 | 5 | 作为例子可查看章节[生成 CRDs](/reference/generating-crd.md). 6 | 7 | {{#markerdocs CRD processing}} 8 | -------------------------------------------------------------------------------- /docs/book/src/reference/markers/crd-validation.md: -------------------------------------------------------------------------------- 1 | # CRD Validation 2 | 3 | These markers modify how the CRD validation schema is produced for the 4 | types and fields they modify. Each corresponds roughly to an OpenAPI/JSON 5 | schema option. 6 | 这些标记修改了如何为其修改的类型和字段生成 CRD 验证框架。每个标记大致对应一个 OpenAPI/JSON 模式选项。 7 | 8 | 有关示例,请参见[生成 CRDs](/reference/generating-crd.md)。 9 | 10 | {{#markerdocs CRD validation}} 11 | -------------------------------------------------------------------------------- /docs/book/src/reference/markers/crd.md: -------------------------------------------------------------------------------- 1 | # CRD 生成 2 | 3 | 这些标记描述了如何从一系列 Go 类型和包中构建出一个 CRD。而[验证标记](./crd-validation.md)则描述了实际验证模式的生成。 4 | 5 | 从 [生成 CRDs](/reference/generating-crd.md) 查看示例。 6 | 7 | {{#markerdocs CRD}} 8 | -------------------------------------------------------------------------------- /docs/book/src/reference/markers/object.md: -------------------------------------------------------------------------------- 1 | # Object/DeepCopy 2 | 3 | 这些标记控制何时生成 `DeepCopy` 和 `runtime.Object` 实现方法。 4 | 5 | {{#markerdocs object}} 6 | -------------------------------------------------------------------------------- /docs/book/src/reference/markers/rbac.md: -------------------------------------------------------------------------------- 1 | # RBAC 2 | 3 | 这些标签会导致生成一个 [RBAC 的 ClusterRole](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole)。这可以让您描述控制器所需要的权限,以及使用这些权限的代码。 4 | 5 | {{#markerdocs RBAC}} 6 | -------------------------------------------------------------------------------- /docs/book/src/reference/markers/webhook.md: -------------------------------------------------------------------------------- 1 | # Webhook 2 | 3 | 这些标记描述了[webhook配置](../webhook-overview.md)如何生成。 4 | 使用这些使你的 webhook 描述与实现它们的代码保持一致。 5 | 6 | {{#markerdocs Webhook}} 7 | -------------------------------------------------------------------------------- /docs/book/src/reference/using-finalizers.md: -------------------------------------------------------------------------------- 1 | # 使用 Finalizers 2 | 3 | `Finalizers` 允许控制器实现异步预删除挂钩。假设你为 API 类型的每个对象创建了一个外部资源(例如存储桶),并且想要从 Kubernetes 中删除对象同时删除关联的外部资源,则可以使用 finalizers 来实现。 4 | 5 | 您可以在[Kubernetes参考文档中](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#finalizers)阅读有关 finalizers 的更多信息。以下部分演示了如何在控制器的 `Reconcile` 方法中注册和触发预删除挂钩。 6 | 7 | 要注意的关键点是 finalizers 使对象上的“删除”成为设置删除时间戳的“更新”。对象上存在删除时间戳记表明该对象正在被删除。否则,在没有 finalizers 的情况下,删除将显示为协调,缓存中缺少该对象。 8 | 9 | 注意: 10 | - 如果未删除对象并且未注册 finalizers ,则添加 finalizers 并在 Kubernetes 中更新对象。 11 | - 如果要删除对象,但 finalizers 列表中仍存在 finalizers ,请执行预删除逻辑并移除 finalizers 并更新对象。 12 | - 确保预删除逻辑是幂等的。 13 | 14 | {{#literatego ../cronjob-tutorial/testdata/finalizer_example.go}} 15 | 16 | -------------------------------------------------------------------------------- /docs/book/src/reference/webhook-overview.md: -------------------------------------------------------------------------------- 1 | # Webhook 2 | 3 | Webhooks 是一种以阻塞方式发送的信息请求。实现 webhooks 的 web 应用程序将在特定事件发生时向其他应用程序发送 HTTP 请求。 4 | 5 | 在 kubernetes 中,有下面三种 webhook:[admission webhook](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#admission-webhooks), 6 | [authorization webhook](https://kubernetes.io/docs/reference/access-authn-authz/webhook/) 和 [CRD conversion webhook](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definition-versioning/#webhook-conversion)。 7 | 8 | 在 [controller-runtime](https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/webhook?tab=doc) 库中,我们支持 admission webhooks 和 CRD conversion webhooks。 9 | 10 | Kubernetes 在 1.9 版本中(该特性进入 beta 版时)支持这些动态 admission webhooks。 11 | 12 | Kubernetes 在 1.15 版本(该特性进入 beta 版时)支持 conversion webhook。 13 | -------------------------------------------------------------------------------- /docs/book/src/reference/writing-tests.md: -------------------------------------------------------------------------------- 1 | # 编写 controller 测试 2 | -------------------------------------------------------------------------------- /docs/book/term.md: -------------------------------------------------------------------------------- 1 | ## 格式约定 2 | 3 | - 中文和英文之间加空格 4 | - 中文标点与英文之间**不需要**加空格 5 | - 中文与数字之间、英文与数字之间都**需要**加空格。 6 | - 出现并列的词请使用中文顿号 7 | 8 | ## 常用词汇 9 | 常用词汇指常见的技术类词汇,使用本表格中固定、统一的译文。 10 | 11 | - scaffolding: 12 | - Reconcile: 13 | -------------------------------------------------------------------------------- /docs/book/theme/css/custom.css: -------------------------------------------------------------------------------- 1 | .menu-title img { 2 | vertical-align: bottom; 3 | } 4 | 5 | #notice-bar { 6 | background: var(--bg); 7 | padding: 1em; 8 | margin-left: calc(-1 * var(--page-padding)); 9 | margin-right: calc(-1 * var(--page-padding)); 10 | margin-bottom: 1em; 11 | 12 | border-bottom: 1px solid var(--table-border-color); 13 | box-shadow: 0 1px 5px 0 var(--table-border-color); 14 | } 15 | 16 | #notice-bar * { 17 | color: var(--fg); 18 | } 19 | 20 | #notice-bar a { 21 | text-decoration: none; 22 | } 23 | 24 | #notice-bar a:not(.header) { 25 | color: var(--links); 26 | } 27 | 28 | #notice-bar h2 { 29 | margin-top: 0; 30 | } 31 | -------------------------------------------------------------------------------- /docs/book/theme/header.hbs: -------------------------------------------------------------------------------- 1 |
2 |

kubebuilder 中文文档由云原生社区主导翻译。任何问题可以在这儿提issue。issue模版可以参考这个。 3 |

4 |
5 | -------------------------------------------------------------------------------- /docs/book/utils/go.mod: -------------------------------------------------------------------------------- 1 | module sigs.k8s.io/kubebuilder/docs/book/utils 2 | 3 | go 1.15 4 | -------------------------------------------------------------------------------- /docs/book/utils/go.sum: -------------------------------------------------------------------------------- 1 | sigs.k8s.io/kubebuilder v1.0.8 h1:XYctSbuOICM9z1Ok0GIWChc1cj90EEEczeJQnb7ZPf0= 2 | -------------------------------------------------------------------------------- /docs/gif/implementapi.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudnativeto/kubebuilder/63e6be89a6df84728abdfc4fd7fae2da9d8ea1ea/docs/gif/implementapi.gif -------------------------------------------------------------------------------- /docs/gif/quickstart-1.0.0.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudnativeto/kubebuilder/63e6be89a6df84728abdfc4fd7fae2da9d8ea1ea/docs/gif/quickstart-1.0.0.gif -------------------------------------------------------------------------------- /docs/gif/quickstart.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudnativeto/kubebuilder/63e6be89a6df84728abdfc4fd7fae2da9d8ea1ea/docs/gif/quickstart.gif -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module sigs.k8s.io/kubebuilder 2 | 3 | go 1.15 4 | 5 | require ( 6 | github.com/gobuffalo/flect v0.2.2 7 | github.com/onsi/ginkgo v1.12.0 8 | github.com/onsi/gomega v1.9.0 9 | github.com/spf13/afero v1.2.2 10 | github.com/spf13/cobra v0.0.7 11 | github.com/spf13/pflag v1.0.5 12 | golang.org/x/tools v0.0.0-20200403190813-44a64ad78b9b 13 | sigs.k8s.io/yaml v1.2.0 14 | ) 15 | -------------------------------------------------------------------------------- /internal/config/config_suite_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package config 18 | 19 | import ( 20 | "testing" 21 | 22 | . "github.com/onsi/ginkgo" 23 | . "github.com/onsi/gomega" 24 | ) 25 | 26 | func TestCLI(t *testing.T) { 27 | RegisterFailHandler(Fail) 28 | RunSpecs(t, "Config Suite") 29 | } 30 | -------------------------------------------------------------------------------- /pkg/model/config/config_suite_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package config 18 | 19 | import ( 20 | "testing" 21 | 22 | . "github.com/onsi/ginkgo" 23 | . "github.com/onsi/gomega" 24 | ) 25 | 26 | func TestCLI(t *testing.T) { 27 | RegisterFailHandler(Fail) 28 | RunSpecs(t, "Config Suite") 29 | } 30 | -------------------------------------------------------------------------------- /pkg/model/resource/resource_suite_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package resource_test 18 | 19 | import ( 20 | "testing" 21 | 22 | . "github.com/onsi/ginkgo" 23 | . "github.com/onsi/gomega" 24 | ) 25 | 26 | func TestResource(t *testing.T) { 27 | RegisterFailHandler(Fail) 28 | RunSpecs(t, "Resource Suite") 29 | } 30 | -------------------------------------------------------------------------------- /pkg/plugin/scaffold/interface.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package scaffold 18 | 19 | // Scaffolder interface creates files to set up a controller manager 20 | type Scaffolder interface { 21 | // Scaffold performs the scaffolding 22 | Scaffold() error 23 | } 24 | -------------------------------------------------------------------------------- /pkg/plugin/v2/scaffolds/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2018 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package scaffolds contains libraries for scaffolding code to use with controller-runtime 18 | package scaffolds 19 | -------------------------------------------------------------------------------- /pkg/plugin/v3/scaffolds/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package scaffolds contains libraries for scaffolding code to use with controller-runtime 18 | package scaffolds 19 | -------------------------------------------------------------------------------- /plugins/addon/plugin.go: -------------------------------------------------------------------------------- 1 | package addon 2 | 3 | import ( 4 | "sigs.k8s.io/kubebuilder/pkg/model" 5 | ) 6 | 7 | // Plugin implements model.Plugin 8 | type Plugin struct { 9 | } 10 | 11 | // Pipe implements model.Plugin 12 | func (p *Plugin) Pipe(u *model.Universe) error { 13 | functions := []PluginFunc{ 14 | ExampleManifest, 15 | ExampleChannel, 16 | ReplaceController, 17 | ReplaceTypes, 18 | } 19 | 20 | for _, fn := range functions { 21 | if err := fn(u); err != nil { 22 | return err 23 | } 24 | 25 | } 26 | 27 | return nil 28 | } 29 | -------------------------------------------------------------------------------- /scripts/demo/README.md: -------------------------------------------------------------------------------- 1 | This directory contains scripts to run a quick demo of KubeBuilder. 2 | 3 | Steps to run demo: 4 | 5 | ```sh 6 | mkdir /tmp/kb-demo 7 | cd /tmp/kb-demo 8 | DEMO_AUTO_RUN=1 ./run.sh 9 | 10 | ``` 11 | 12 | Instructions for producing the demo movie: 13 | 14 | ```sh 15 | 16 | # Create temporary directory 17 | mkdir /tmp/kb-demo 18 | cd /tmp/kb-demo 19 | 20 | asciinema rec 21 | /scripts/demo/run.sh 22 | 23 | to terminate the script 24 | to terminate the asciinema recording 25 | to save the recording locally 26 | 27 | # Edit the recorded file by editing the controller-gen path 28 | # Once you are happy with the recording, use svg-term program to generate the svg 29 | 30 | svg-term --cast= --out demo.svg --window 31 | ``` 32 | -------------------------------------------------------------------------------- /test/kind-config.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 The Kubernetes Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | kind: Cluster 16 | apiVersion: kind.x-k8s.io/v1alpha4 17 | nodes: 18 | - role: control-plane 19 | - role: worker 20 | - role: worker 21 | - role: worker 22 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/.gitignore: -------------------------------------------------------------------------------- 1 | 2 | # Binaries for programs and plugins 3 | *.exe 4 | *.exe~ 5 | *.dll 6 | *.so 7 | *.dylib 8 | bin 9 | 10 | # Test binary, build with `go test -c` 11 | *.test 12 | 13 | # Output of the go coverage tool, specifically when used with LiteIDE 14 | *.out 15 | 16 | # Kubernetes Generated files - skip generated files, except for vendored files 17 | 18 | !vendor/**/zz_generated.* 19 | 20 | # editor and IDE paraphernalia 21 | .idea 22 | *.swp 23 | *.swo 24 | *~ 25 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/PROJECT: -------------------------------------------------------------------------------- 1 | domain: testproject.org 2 | repo: sigs.k8s.io/kubebuilder/testdata/project-v2-addon 3 | resources: 4 | - group: crew 5 | kind: Captain 6 | version: v1 7 | - group: crew 8 | kind: FirstMate 9 | version: v1 10 | - group: crew 11 | kind: Admiral 12 | version: v1 13 | version: "2" 14 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/channels/packages/admiral/0.0.1/manifest.yaml: -------------------------------------------------------------------------------- 1 | # Placeholder manifest - replace with the manifest for your addon 2 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/channels/packages/captain/0.0.1/manifest.yaml: -------------------------------------------------------------------------------- 1 | # Placeholder manifest - replace with the manifest for your addon 2 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/channels/packages/firstmate/0.0.1/manifest.yaml: -------------------------------------------------------------------------------- 1 | # Placeholder manifest - replace with the manifest for your addon 2 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/channels/stable: -------------------------------------------------------------------------------- 1 | # Versions for the stable channel 2 | manifests: 3 | - version: 0.0.1 4 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/config/certmanager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - certificate.yaml 3 | 4 | configurations: 5 | - kustomizeconfig.yaml 6 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/config/certmanager/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This configuration is for teaching kustomize how to update name ref and var substitution 2 | nameReference: 3 | - kind: Issuer 4 | group: cert-manager.io 5 | fieldSpecs: 6 | - kind: Certificate 7 | group: cert-manager.io 8 | path: spec/issuerRef/name 9 | 10 | varReference: 11 | - kind: Certificate 12 | group: cert-manager.io 13 | path: spec/commonName 14 | - kind: Certificate 15 | group: cert-manager.io 16 | path: spec/dnsNames 17 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/config/crd/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This file is for teaching kustomize how to substitute name and namespace reference in CRD 2 | nameReference: 3 | - kind: Service 4 | version: v1 5 | fieldSpecs: 6 | - kind: CustomResourceDefinition 7 | group: apiextensions.k8s.io 8 | path: spec/conversion/webhookClientConfig/service/name 9 | 10 | namespace: 11 | - kind: CustomResourceDefinition 12 | group: apiextensions.k8s.io 13 | path: spec/conversion/webhookClientConfig/service/namespace 14 | create: false 15 | 16 | varReference: 17 | - path: metadata/annotations 18 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/config/crd/patches/cainjection_in_admirals.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: admirals.crew.testproject.org 9 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/config/crd/patches/cainjection_in_captains.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: captains.crew.testproject.org 9 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/config/crd/patches/cainjection_in_firstmates.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: firstmates.crew.testproject.org 9 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/config/crd/patches/webhook_in_admirals.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: admirals.crew.testproject.org 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, 12 | # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) 13 | caBundle: Cg== 14 | service: 15 | namespace: system 16 | name: webhook-service 17 | path: /convert 18 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/config/crd/patches/webhook_in_captains.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: captains.crew.testproject.org 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, 12 | # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) 13 | caBundle: Cg== 14 | service: 15 | namespace: system 16 | name: webhook-service 17 | path: /convert 18 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/config/crd/patches/webhook_in_firstmates.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: firstmates.crew.testproject.org 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, 12 | # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) 13 | caBundle: Cg== 14 | service: 15 | namespace: system 16 | name: webhook-service 17 | path: /convert 18 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/config/default/manager_auth_proxy_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch inject a sidecar container which is a HTTP proxy for the 2 | # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: controller-manager 7 | namespace: system 8 | spec: 9 | template: 10 | spec: 11 | containers: 12 | - name: kube-rbac-proxy 13 | image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 14 | args: 15 | - "--secure-listen-address=0.0.0.0:8443" 16 | - "--upstream=http://127.0.0.1:8080/" 17 | - "--logtostderr=true" 18 | - "--v=10" 19 | ports: 20 | - containerPort: 8443 21 | name: https 22 | - name: manager 23 | args: 24 | - "--metrics-addr=127.0.0.1:8080" 25 | - "--enable-leader-election" 26 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/config/default/manager_webhook_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | ports: 12 | - containerPort: 9443 13 | name: webhook-server 14 | protocol: TCP 15 | volumeMounts: 16 | - mountPath: /tmp/k8s-webhook-server/serving-certs 17 | name: cert 18 | readOnly: true 19 | volumes: 20 | - name: cert 21 | secret: 22 | defaultMode: 420 23 | secretName: webhook-server-cert 24 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/config/default/webhookcainjection_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch add annotation to admission webhook config and 2 | # the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. 3 | apiVersion: admissionregistration.k8s.io/v1beta1 4 | kind: MutatingWebhookConfiguration 5 | metadata: 6 | name: mutating-webhook-configuration 7 | annotations: 8 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 9 | --- 10 | apiVersion: admissionregistration.k8s.io/v1beta1 11 | kind: ValidatingWebhookConfiguration 12 | metadata: 13 | name: validating-webhook-configuration 14 | annotations: 15 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 16 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/config/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/config/prometheus/monitor.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Prometheus Monitor Service (Metrics) 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | labels: 7 | control-plane: controller-manager 8 | name: controller-manager-metrics-monitor 9 | namespace: system 10 | spec: 11 | endpoints: 12 | - path: /metrics 13 | port: https 14 | selector: 15 | matchLabels: 16 | control-plane: controller-manager 17 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/config/rbac/admiral_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit admirals. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: admiral-editor-role 6 | rules: 7 | - apiGroups: 8 | - crew.testproject.org 9 | resources: 10 | - admirals 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - crew.testproject.org 21 | resources: 22 | - admirals/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/config/rbac/admiral_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view admirals. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: admiral-viewer-role 6 | rules: 7 | - apiGroups: 8 | - crew.testproject.org 9 | resources: 10 | - admirals 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - crew.testproject.org 17 | resources: 18 | - admirals/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/config/rbac/auth_proxy_client_clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: metrics-reader 5 | rules: 6 | - nonResourceURLs: ["/metrics"] 7 | verbs: ["get"] 8 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/config/rbac/auth_proxy_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: proxy-role 5 | rules: 6 | - apiGroups: ["authentication.k8s.io"] 7 | resources: 8 | - tokenreviews 9 | verbs: ["create"] 10 | - apiGroups: ["authorization.k8s.io"] 11 | resources: 12 | - subjectaccessreviews 13 | verbs: ["create"] 14 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/config/rbac/auth_proxy_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: proxy-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: proxy-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/config/rbac/auth_proxy_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | name: controller-manager-metrics-service 7 | namespace: system 8 | spec: 9 | ports: 10 | - name: https 11 | port: 8443 12 | targetPort: https 13 | selector: 14 | control-plane: controller-manager 15 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/config/rbac/captain_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit captains. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: captain-editor-role 6 | rules: 7 | - apiGroups: 8 | - crew.testproject.org 9 | resources: 10 | - captains 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - crew.testproject.org 21 | resources: 22 | - captains/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/config/rbac/captain_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view captains. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: captain-viewer-role 6 | rules: 7 | - apiGroups: 8 | - crew.testproject.org 9 | resources: 10 | - captains 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - crew.testproject.org 17 | resources: 18 | - captains/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/config/rbac/firstmate_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit firstmates. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: firstmate-editor-role 6 | rules: 7 | - apiGroups: 8 | - crew.testproject.org 9 | resources: 10 | - firstmates 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - crew.testproject.org 21 | resources: 22 | - firstmates/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/config/rbac/firstmate_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view firstmates. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: firstmate-viewer-role 6 | rules: 7 | - apiGroups: 8 | - crew.testproject.org 9 | resources: 10 | - firstmates 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - crew.testproject.org 17 | resources: 18 | - firstmates/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - role.yaml 3 | - role_binding.yaml 4 | - leader_election_role.yaml 5 | - leader_election_role_binding.yaml 6 | # Comment the following 4 lines if you want to disable 7 | # the auth proxy (https://github.com/brancz/kube-rbac-proxy) 8 | # which protects your /metrics endpoint. 9 | - auth_proxy_service.yaml 10 | - auth_proxy_role.yaml 11 | - auth_proxy_role_binding.yaml 12 | - auth_proxy_client_clusterrole.yaml 13 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: leader-election-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - "" 21 | resources: 22 | - configmaps/status 23 | verbs: 24 | - get 25 | - update 26 | - patch 27 | - apiGroups: 28 | - "" 29 | resources: 30 | - events 31 | verbs: 32 | - create 33 | - patch 34 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: leader-election-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: leader-election-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/config/samples/crew_v1_admiral.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: crew.testproject.org/v1 2 | kind: Admiral 3 | metadata: 4 | name: admiral-sample 5 | spec: 6 | # Add fields here 7 | foo: bar 8 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/config/samples/crew_v1_captain.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: crew.testproject.org/v1 2 | kind: Captain 3 | metadata: 4 | name: captain-sample 5 | spec: 6 | # Add fields here 7 | foo: bar 8 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/config/samples/crew_v1_firstmate.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: crew.testproject.org/v1 2 | kind: FirstMate 3 | metadata: 4 | name: firstmate-sample 5 | spec: 6 | # Add fields here 7 | foo: bar 8 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/config/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manifests.yaml 3 | - service.yaml 4 | 5 | configurations: 6 | - kustomizeconfig.yaml 7 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/config/webhook/service.yaml: -------------------------------------------------------------------------------- 1 | 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: webhook-service 6 | namespace: system 7 | spec: 8 | ports: 9 | - port: 443 10 | targetPort: 9443 11 | selector: 12 | control-plane: controller-manager 13 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/go.mod: -------------------------------------------------------------------------------- 1 | module sigs.k8s.io/kubebuilder/testdata/project-v2-addon 2 | 3 | go 1.13 4 | 5 | require ( 6 | github.com/go-logr/logr v0.1.0 7 | github.com/onsi/ginkgo v1.12.1 8 | github.com/onsi/gomega v1.10.1 9 | k8s.io/apimachinery v0.18.6 10 | k8s.io/client-go v0.18.6 11 | sigs.k8s.io/controller-runtime v0.6.3 12 | sigs.k8s.io/kubebuilder-declarative-pattern v0.0.0-20200522144838-848d48e5b073 13 | ) 14 | -------------------------------------------------------------------------------- /testdata/project-v2-addon/hack/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/.gitignore: -------------------------------------------------------------------------------- 1 | 2 | # Binaries for programs and plugins 3 | *.exe 4 | *.exe~ 5 | *.dll 6 | *.so 7 | *.dylib 8 | bin 9 | 10 | # Test binary, build with `go test -c` 11 | *.test 12 | 13 | # Output of the go coverage tool, specifically when used with LiteIDE 14 | *.out 15 | 16 | # Kubernetes Generated files - skip generated files, except for vendored files 17 | 18 | !vendor/**/zz_generated.* 19 | 20 | # editor and IDE paraphernalia 21 | .idea 22 | *.swp 23 | *.swo 24 | *~ 25 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/PROJECT: -------------------------------------------------------------------------------- 1 | domain: testproject.org 2 | multigroup: true 3 | repo: sigs.k8s.io/kubebuilder/testdata/project-v2-multigroup 4 | resources: 5 | - group: crew 6 | kind: Captain 7 | version: v1 8 | - group: ship 9 | kind: Frigate 10 | version: v1beta1 11 | - group: ship 12 | kind: Destroyer 13 | version: v1 14 | - group: ship 15 | kind: Cruiser 16 | version: v2alpha1 17 | - group: sea-creatures 18 | kind: Kraken 19 | version: v1beta1 20 | - group: sea-creatures 21 | kind: Leviathan 22 | version: v1beta2 23 | - group: foo.policy 24 | kind: HealthCheckPolicy 25 | version: v1 26 | version: "2" 27 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/certmanager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - certificate.yaml 3 | 4 | configurations: 5 | - kustomizeconfig.yaml 6 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/certmanager/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This configuration is for teaching kustomize how to update name ref and var substitution 2 | nameReference: 3 | - kind: Issuer 4 | group: cert-manager.io 5 | fieldSpecs: 6 | - kind: Certificate 7 | group: cert-manager.io 8 | path: spec/issuerRef/name 9 | 10 | varReference: 11 | - kind: Certificate 12 | group: cert-manager.io 13 | path: spec/commonName 14 | - kind: Certificate 15 | group: cert-manager.io 16 | path: spec/dnsNames 17 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/crd/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This file is for teaching kustomize how to substitute name and namespace reference in CRD 2 | nameReference: 3 | - kind: Service 4 | version: v1 5 | fieldSpecs: 6 | - kind: CustomResourceDefinition 7 | group: apiextensions.k8s.io 8 | path: spec/conversion/webhookClientConfig/service/name 9 | 10 | namespace: 11 | - kind: CustomResourceDefinition 12 | group: apiextensions.k8s.io 13 | path: spec/conversion/webhookClientConfig/service/namespace 14 | create: false 15 | 16 | varReference: 17 | - path: metadata/annotations 18 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/crd/patches/cainjection_in_captains.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: captains.crew.testproject.org 9 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/crd/patches/cainjection_in_cruisers.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: cruisers.ship.testproject.org 9 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/crd/patches/cainjection_in_destroyers.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: destroyers.ship.testproject.org 9 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/crd/patches/cainjection_in_frigates.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: frigates.ship.testproject.org 9 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/crd/patches/cainjection_in_healthcheckpolicies.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: healthcheckpolicies.foo.policy.testproject.org 9 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/crd/patches/cainjection_in_krakens.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: krakens.sea-creatures.testproject.org 9 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/crd/patches/cainjection_in_leviathans.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: leviathans.sea-creatures.testproject.org 9 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/crd/patches/webhook_in_captains.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: captains.crew.testproject.org 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, 12 | # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) 13 | caBundle: Cg== 14 | service: 15 | namespace: system 16 | name: webhook-service 17 | path: /convert 18 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/crd/patches/webhook_in_cruisers.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: cruisers.ship.testproject.org 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, 12 | # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) 13 | caBundle: Cg== 14 | service: 15 | namespace: system 16 | name: webhook-service 17 | path: /convert 18 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/crd/patches/webhook_in_destroyers.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: destroyers.ship.testproject.org 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, 12 | # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) 13 | caBundle: Cg== 14 | service: 15 | namespace: system 16 | name: webhook-service 17 | path: /convert 18 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/crd/patches/webhook_in_frigates.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: frigates.ship.testproject.org 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, 12 | # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) 13 | caBundle: Cg== 14 | service: 15 | namespace: system 16 | name: webhook-service 17 | path: /convert 18 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/crd/patches/webhook_in_healthcheckpolicies.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: healthcheckpolicies.foo.policy.testproject.org 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, 12 | # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) 13 | caBundle: Cg== 14 | service: 15 | namespace: system 16 | name: webhook-service 17 | path: /convert 18 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/crd/patches/webhook_in_krakens.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: krakens.sea-creatures.testproject.org 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, 12 | # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) 13 | caBundle: Cg== 14 | service: 15 | namespace: system 16 | name: webhook-service 17 | path: /convert 18 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/crd/patches/webhook_in_leviathans.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: leviathans.sea-creatures.testproject.org 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, 12 | # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) 13 | caBundle: Cg== 14 | service: 15 | namespace: system 16 | name: webhook-service 17 | path: /convert 18 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/default/manager_auth_proxy_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch inject a sidecar container which is a HTTP proxy for the 2 | # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: controller-manager 7 | namespace: system 8 | spec: 9 | template: 10 | spec: 11 | containers: 12 | - name: kube-rbac-proxy 13 | image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 14 | args: 15 | - "--secure-listen-address=0.0.0.0:8443" 16 | - "--upstream=http://127.0.0.1:8080/" 17 | - "--logtostderr=true" 18 | - "--v=10" 19 | ports: 20 | - containerPort: 8443 21 | name: https 22 | - name: manager 23 | args: 24 | - "--metrics-addr=127.0.0.1:8080" 25 | - "--enable-leader-election" 26 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/default/manager_webhook_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | ports: 12 | - containerPort: 9443 13 | name: webhook-server 14 | protocol: TCP 15 | volumeMounts: 16 | - mountPath: /tmp/k8s-webhook-server/serving-certs 17 | name: cert 18 | readOnly: true 19 | volumes: 20 | - name: cert 21 | secret: 22 | defaultMode: 420 23 | secretName: webhook-server-cert 24 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/default/webhookcainjection_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch add annotation to admission webhook config and 2 | # the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. 3 | apiVersion: admissionregistration.k8s.io/v1beta1 4 | kind: MutatingWebhookConfiguration 5 | metadata: 6 | name: mutating-webhook-configuration 7 | annotations: 8 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 9 | --- 10 | apiVersion: admissionregistration.k8s.io/v1beta1 11 | kind: ValidatingWebhookConfiguration 12 | metadata: 13 | name: validating-webhook-configuration 14 | annotations: 15 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 16 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/prometheus/monitor.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Prometheus Monitor Service (Metrics) 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | labels: 7 | control-plane: controller-manager 8 | name: controller-manager-metrics-monitor 9 | namespace: system 10 | spec: 11 | endpoints: 12 | - path: /metrics 13 | port: https 14 | selector: 15 | matchLabels: 16 | control-plane: controller-manager 17 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/rbac/auth_proxy_client_clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: metrics-reader 5 | rules: 6 | - nonResourceURLs: ["/metrics"] 7 | verbs: ["get"] 8 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/rbac/auth_proxy_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: proxy-role 5 | rules: 6 | - apiGroups: ["authentication.k8s.io"] 7 | resources: 8 | - tokenreviews 9 | verbs: ["create"] 10 | - apiGroups: ["authorization.k8s.io"] 11 | resources: 12 | - subjectaccessreviews 13 | verbs: ["create"] 14 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/rbac/auth_proxy_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: proxy-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: proxy-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/rbac/auth_proxy_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | name: controller-manager-metrics-service 7 | namespace: system 8 | spec: 9 | ports: 10 | - name: https 11 | port: 8443 12 | targetPort: https 13 | selector: 14 | control-plane: controller-manager 15 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/rbac/captain_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit captains. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: captain-editor-role 6 | rules: 7 | - apiGroups: 8 | - crew.testproject.org 9 | resources: 10 | - captains 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - crew.testproject.org 21 | resources: 22 | - captains/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/rbac/captain_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view captains. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: captain-viewer-role 6 | rules: 7 | - apiGroups: 8 | - crew.testproject.org 9 | resources: 10 | - captains 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - crew.testproject.org 17 | resources: 18 | - captains/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/rbac/cruiser_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit cruisers. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: cruiser-editor-role 6 | rules: 7 | - apiGroups: 8 | - ship.testproject.org 9 | resources: 10 | - cruisers 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - ship.testproject.org 21 | resources: 22 | - cruisers/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/rbac/cruiser_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view cruisers. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: cruiser-viewer-role 6 | rules: 7 | - apiGroups: 8 | - ship.testproject.org 9 | resources: 10 | - cruisers 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - ship.testproject.org 17 | resources: 18 | - cruisers/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/rbac/destroyer_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit destroyers. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: destroyer-editor-role 6 | rules: 7 | - apiGroups: 8 | - ship.testproject.org 9 | resources: 10 | - destroyers 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - ship.testproject.org 21 | resources: 22 | - destroyers/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/rbac/destroyer_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view destroyers. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: destroyer-viewer-role 6 | rules: 7 | - apiGroups: 8 | - ship.testproject.org 9 | resources: 10 | - destroyers 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - ship.testproject.org 17 | resources: 18 | - destroyers/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/rbac/frigate_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit frigates. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: frigate-editor-role 6 | rules: 7 | - apiGroups: 8 | - ship.testproject.org 9 | resources: 10 | - frigates 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - ship.testproject.org 21 | resources: 22 | - frigates/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/rbac/frigate_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view frigates. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: frigate-viewer-role 6 | rules: 7 | - apiGroups: 8 | - ship.testproject.org 9 | resources: 10 | - frigates 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - ship.testproject.org 17 | resources: 18 | - frigates/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/rbac/healthcheckpolicy_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit healthcheckpolicies. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: healthcheckpolicy-editor-role 6 | rules: 7 | - apiGroups: 8 | - foo.policy.testproject.org 9 | resources: 10 | - healthcheckpolicies 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - foo.policy.testproject.org 21 | resources: 22 | - healthcheckpolicies/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/rbac/healthcheckpolicy_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view healthcheckpolicies. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: healthcheckpolicy-viewer-role 6 | rules: 7 | - apiGroups: 8 | - foo.policy.testproject.org 9 | resources: 10 | - healthcheckpolicies 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - foo.policy.testproject.org 17 | resources: 18 | - healthcheckpolicies/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/rbac/kraken_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit krakens. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: kraken-editor-role 6 | rules: 7 | - apiGroups: 8 | - sea-creatures.testproject.org 9 | resources: 10 | - krakens 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - sea-creatures.testproject.org 21 | resources: 22 | - krakens/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/rbac/kraken_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view krakens. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: kraken-viewer-role 6 | rules: 7 | - apiGroups: 8 | - sea-creatures.testproject.org 9 | resources: 10 | - krakens 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - sea-creatures.testproject.org 17 | resources: 18 | - krakens/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - role.yaml 3 | - role_binding.yaml 4 | - leader_election_role.yaml 5 | - leader_election_role_binding.yaml 6 | # Comment the following 4 lines if you want to disable 7 | # the auth proxy (https://github.com/brancz/kube-rbac-proxy) 8 | # which protects your /metrics endpoint. 9 | - auth_proxy_service.yaml 10 | - auth_proxy_role.yaml 11 | - auth_proxy_role_binding.yaml 12 | - auth_proxy_client_clusterrole.yaml 13 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: leader-election-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - "" 21 | resources: 22 | - configmaps/status 23 | verbs: 24 | - get 25 | - update 26 | - patch 27 | - apiGroups: 28 | - "" 29 | resources: 30 | - events 31 | verbs: 32 | - create 33 | - patch 34 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: leader-election-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: leader-election-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/rbac/leviathan_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit leviathans. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: leviathan-editor-role 6 | rules: 7 | - apiGroups: 8 | - sea-creatures.testproject.org 9 | resources: 10 | - leviathans 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - sea-creatures.testproject.org 21 | resources: 22 | - leviathans/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/rbac/leviathan_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view leviathans. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: leviathan-viewer-role 6 | rules: 7 | - apiGroups: 8 | - sea-creatures.testproject.org 9 | resources: 10 | - leviathans 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - sea-creatures.testproject.org 17 | resources: 18 | - leviathans/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/samples/crew_v1_captain.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: crew.testproject.org/v1 2 | kind: Captain 3 | metadata: 4 | name: captain-sample 5 | spec: 6 | # Add fields here 7 | foo: bar 8 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/samples/foo.policy_v1_healthcheckpolicy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: foo.policy.testproject.org/v1 2 | kind: HealthCheckPolicy 3 | metadata: 4 | name: healthcheckpolicy-sample 5 | spec: 6 | # Add fields here 7 | foo: bar 8 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/samples/sea-creatures_v1beta1_kraken.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: sea-creatures.testproject.org/v1beta1 2 | kind: Kraken 3 | metadata: 4 | name: kraken-sample 5 | spec: 6 | # Add fields here 7 | foo: bar 8 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/samples/sea-creatures_v1beta2_leviathan.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: sea-creatures.testproject.org/v1beta2 2 | kind: Leviathan 3 | metadata: 4 | name: leviathan-sample 5 | spec: 6 | # Add fields here 7 | foo: bar 8 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/samples/ship_v1_destroyer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: ship.testproject.org/v1 2 | kind: Destroyer 3 | metadata: 4 | name: destroyer-sample 5 | spec: 6 | # Add fields here 7 | foo: bar 8 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/samples/ship_v1beta1_frigate.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: ship.testproject.org/v1beta1 2 | kind: Frigate 3 | metadata: 4 | name: frigate-sample 5 | spec: 6 | # Add fields here 7 | foo: bar 8 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/samples/ship_v2alpha1_cruiser.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: ship.testproject.org/v2alpha1 2 | kind: Cruiser 3 | metadata: 4 | name: cruiser-sample 5 | spec: 6 | # Add fields here 7 | foo: bar 8 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manifests.yaml 3 | - service.yaml 4 | 5 | configurations: 6 | - kustomizeconfig.yaml 7 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/config/webhook/service.yaml: -------------------------------------------------------------------------------- 1 | 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: webhook-service 6 | namespace: system 7 | spec: 8 | ports: 9 | - port: 443 10 | targetPort: 9443 11 | selector: 12 | control-plane: controller-manager 13 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/go.mod: -------------------------------------------------------------------------------- 1 | module sigs.k8s.io/kubebuilder/testdata/project-v2-multigroup 2 | 3 | go 1.13 4 | 5 | require ( 6 | github.com/go-logr/logr v0.1.0 7 | github.com/onsi/ginkgo v1.12.1 8 | github.com/onsi/gomega v1.10.1 9 | k8s.io/apimachinery v0.18.6 10 | k8s.io/client-go v0.18.6 11 | sigs.k8s.io/controller-runtime v0.6.3 12 | ) 13 | -------------------------------------------------------------------------------- /testdata/project-v2-multigroup/hack/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ -------------------------------------------------------------------------------- /testdata/project-v2/.gitignore: -------------------------------------------------------------------------------- 1 | 2 | # Binaries for programs and plugins 3 | *.exe 4 | *.exe~ 5 | *.dll 6 | *.so 7 | *.dylib 8 | bin 9 | 10 | # Test binary, build with `go test -c` 11 | *.test 12 | 13 | # Output of the go coverage tool, specifically when used with LiteIDE 14 | *.out 15 | 16 | # Kubernetes Generated files - skip generated files, except for vendored files 17 | 18 | !vendor/**/zz_generated.* 19 | 20 | # editor and IDE paraphernalia 21 | .idea 22 | *.swp 23 | *.swo 24 | *~ 25 | -------------------------------------------------------------------------------- /testdata/project-v2/Dockerfile: -------------------------------------------------------------------------------- 1 | # Build the manager binary 2 | FROM golang:1.13 as builder 3 | 4 | WORKDIR /workspace 5 | # Copy the Go Modules manifests 6 | COPY go.mod go.mod 7 | COPY go.sum go.sum 8 | # cache deps before building and copying source so that we don't need to re-download as much 9 | # and so that source changes don't invalidate our downloaded layer 10 | RUN go mod download 11 | 12 | # Copy the go source 13 | COPY main.go main.go 14 | COPY api/ api/ 15 | COPY controllers/ controllers/ 16 | 17 | # Build 18 | RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o manager main.go 19 | 20 | # Use distroless as minimal base image to package the manager binary 21 | # Refer to https://github.com/GoogleContainerTools/distroless for more details 22 | FROM gcr.io/distroless/static:nonroot 23 | WORKDIR / 24 | COPY --from=builder /workspace/manager . 25 | USER nonroot:nonroot 26 | 27 | ENTRYPOINT ["/manager"] 28 | -------------------------------------------------------------------------------- /testdata/project-v2/PROJECT: -------------------------------------------------------------------------------- 1 | domain: testproject.org 2 | repo: sigs.k8s.io/kubebuilder/testdata/project-v2 3 | resources: 4 | - group: crew 5 | kind: Captain 6 | version: v1 7 | - group: crew 8 | kind: FirstMate 9 | version: v1 10 | - group: crew 11 | kind: Admiral 12 | version: v1 13 | version: "2" 14 | -------------------------------------------------------------------------------- /testdata/project-v2/config/certmanager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - certificate.yaml 3 | 4 | configurations: 5 | - kustomizeconfig.yaml 6 | -------------------------------------------------------------------------------- /testdata/project-v2/config/certmanager/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This configuration is for teaching kustomize how to update name ref and var substitution 2 | nameReference: 3 | - kind: Issuer 4 | group: cert-manager.io 5 | fieldSpecs: 6 | - kind: Certificate 7 | group: cert-manager.io 8 | path: spec/issuerRef/name 9 | 10 | varReference: 11 | - kind: Certificate 12 | group: cert-manager.io 13 | path: spec/commonName 14 | - kind: Certificate 15 | group: cert-manager.io 16 | path: spec/dnsNames 17 | -------------------------------------------------------------------------------- /testdata/project-v2/config/crd/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This file is for teaching kustomize how to substitute name and namespace reference in CRD 2 | nameReference: 3 | - kind: Service 4 | version: v1 5 | fieldSpecs: 6 | - kind: CustomResourceDefinition 7 | group: apiextensions.k8s.io 8 | path: spec/conversion/webhookClientConfig/service/name 9 | 10 | namespace: 11 | - kind: CustomResourceDefinition 12 | group: apiextensions.k8s.io 13 | path: spec/conversion/webhookClientConfig/service/namespace 14 | create: false 15 | 16 | varReference: 17 | - path: metadata/annotations 18 | -------------------------------------------------------------------------------- /testdata/project-v2/config/crd/patches/cainjection_in_admirals.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: admirals.crew.testproject.org 9 | -------------------------------------------------------------------------------- /testdata/project-v2/config/crd/patches/cainjection_in_captains.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: captains.crew.testproject.org 9 | -------------------------------------------------------------------------------- /testdata/project-v2/config/crd/patches/cainjection_in_firstmates.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: firstmates.crew.testproject.org 9 | -------------------------------------------------------------------------------- /testdata/project-v2/config/crd/patches/webhook_in_admirals.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: admirals.crew.testproject.org 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, 12 | # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) 13 | caBundle: Cg== 14 | service: 15 | namespace: system 16 | name: webhook-service 17 | path: /convert 18 | -------------------------------------------------------------------------------- /testdata/project-v2/config/crd/patches/webhook_in_captains.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: captains.crew.testproject.org 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, 12 | # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) 13 | caBundle: Cg== 14 | service: 15 | namespace: system 16 | name: webhook-service 17 | path: /convert 18 | -------------------------------------------------------------------------------- /testdata/project-v2/config/crd/patches/webhook_in_firstmates.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: firstmates.crew.testproject.org 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, 12 | # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) 13 | caBundle: Cg== 14 | service: 15 | namespace: system 16 | name: webhook-service 17 | path: /convert 18 | -------------------------------------------------------------------------------- /testdata/project-v2/config/default/manager_auth_proxy_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch inject a sidecar container which is a HTTP proxy for the 2 | # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: controller-manager 7 | namespace: system 8 | spec: 9 | template: 10 | spec: 11 | containers: 12 | - name: kube-rbac-proxy 13 | image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 14 | args: 15 | - "--secure-listen-address=0.0.0.0:8443" 16 | - "--upstream=http://127.0.0.1:8080/" 17 | - "--logtostderr=true" 18 | - "--v=10" 19 | ports: 20 | - containerPort: 8443 21 | name: https 22 | - name: manager 23 | args: 24 | - "--metrics-addr=127.0.0.1:8080" 25 | - "--enable-leader-election" 26 | -------------------------------------------------------------------------------- /testdata/project-v2/config/default/manager_webhook_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | ports: 12 | - containerPort: 9443 13 | name: webhook-server 14 | protocol: TCP 15 | volumeMounts: 16 | - mountPath: /tmp/k8s-webhook-server/serving-certs 17 | name: cert 18 | readOnly: true 19 | volumes: 20 | - name: cert 21 | secret: 22 | defaultMode: 420 23 | secretName: webhook-server-cert 24 | -------------------------------------------------------------------------------- /testdata/project-v2/config/default/webhookcainjection_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch add annotation to admission webhook config and 2 | # the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. 3 | apiVersion: admissionregistration.k8s.io/v1beta1 4 | kind: MutatingWebhookConfiguration 5 | metadata: 6 | name: mutating-webhook-configuration 7 | annotations: 8 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 9 | --- 10 | apiVersion: admissionregistration.k8s.io/v1beta1 11 | kind: ValidatingWebhookConfiguration 12 | metadata: 13 | name: validating-webhook-configuration 14 | annotations: 15 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 16 | -------------------------------------------------------------------------------- /testdata/project-v2/config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | -------------------------------------------------------------------------------- /testdata/project-v2/config/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | -------------------------------------------------------------------------------- /testdata/project-v2/config/prometheus/monitor.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Prometheus Monitor Service (Metrics) 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | labels: 7 | control-plane: controller-manager 8 | name: controller-manager-metrics-monitor 9 | namespace: system 10 | spec: 11 | endpoints: 12 | - path: /metrics 13 | port: https 14 | selector: 15 | matchLabels: 16 | control-plane: controller-manager 17 | -------------------------------------------------------------------------------- /testdata/project-v2/config/rbac/admiral_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit admirals. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: admiral-editor-role 6 | rules: 7 | - apiGroups: 8 | - crew.testproject.org 9 | resources: 10 | - admirals 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - crew.testproject.org 21 | resources: 22 | - admirals/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /testdata/project-v2/config/rbac/admiral_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view admirals. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: admiral-viewer-role 6 | rules: 7 | - apiGroups: 8 | - crew.testproject.org 9 | resources: 10 | - admirals 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - crew.testproject.org 17 | resources: 18 | - admirals/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /testdata/project-v2/config/rbac/auth_proxy_client_clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: metrics-reader 5 | rules: 6 | - nonResourceURLs: ["/metrics"] 7 | verbs: ["get"] 8 | -------------------------------------------------------------------------------- /testdata/project-v2/config/rbac/auth_proxy_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: proxy-role 5 | rules: 6 | - apiGroups: ["authentication.k8s.io"] 7 | resources: 8 | - tokenreviews 9 | verbs: ["create"] 10 | - apiGroups: ["authorization.k8s.io"] 11 | resources: 12 | - subjectaccessreviews 13 | verbs: ["create"] 14 | -------------------------------------------------------------------------------- /testdata/project-v2/config/rbac/auth_proxy_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: proxy-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: proxy-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /testdata/project-v2/config/rbac/auth_proxy_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | name: controller-manager-metrics-service 7 | namespace: system 8 | spec: 9 | ports: 10 | - name: https 11 | port: 8443 12 | targetPort: https 13 | selector: 14 | control-plane: controller-manager 15 | -------------------------------------------------------------------------------- /testdata/project-v2/config/rbac/captain_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit captains. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: captain-editor-role 6 | rules: 7 | - apiGroups: 8 | - crew.testproject.org 9 | resources: 10 | - captains 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - crew.testproject.org 21 | resources: 22 | - captains/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /testdata/project-v2/config/rbac/captain_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view captains. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: captain-viewer-role 6 | rules: 7 | - apiGroups: 8 | - crew.testproject.org 9 | resources: 10 | - captains 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - crew.testproject.org 17 | resources: 18 | - captains/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /testdata/project-v2/config/rbac/firstmate_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit firstmates. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: firstmate-editor-role 6 | rules: 7 | - apiGroups: 8 | - crew.testproject.org 9 | resources: 10 | - firstmates 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - crew.testproject.org 21 | resources: 22 | - firstmates/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /testdata/project-v2/config/rbac/firstmate_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view firstmates. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: firstmate-viewer-role 6 | rules: 7 | - apiGroups: 8 | - crew.testproject.org 9 | resources: 10 | - firstmates 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - crew.testproject.org 17 | resources: 18 | - firstmates/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /testdata/project-v2/config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - role.yaml 3 | - role_binding.yaml 4 | - leader_election_role.yaml 5 | - leader_election_role_binding.yaml 6 | # Comment the following 4 lines if you want to disable 7 | # the auth proxy (https://github.com/brancz/kube-rbac-proxy) 8 | # which protects your /metrics endpoint. 9 | - auth_proxy_service.yaml 10 | - auth_proxy_role.yaml 11 | - auth_proxy_role_binding.yaml 12 | - auth_proxy_client_clusterrole.yaml 13 | -------------------------------------------------------------------------------- /testdata/project-v2/config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: leader-election-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - "" 21 | resources: 22 | - configmaps/status 23 | verbs: 24 | - get 25 | - update 26 | - patch 27 | - apiGroups: 28 | - "" 29 | resources: 30 | - events 31 | verbs: 32 | - create 33 | - patch 34 | -------------------------------------------------------------------------------- /testdata/project-v2/config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: leader-election-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: leader-election-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /testdata/project-v2/config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /testdata/project-v2/config/samples/crew_v1_admiral.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: crew.testproject.org/v1 2 | kind: Admiral 3 | metadata: 4 | name: admiral-sample 5 | spec: 6 | # Add fields here 7 | foo: bar 8 | -------------------------------------------------------------------------------- /testdata/project-v2/config/samples/crew_v1_captain.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: crew.testproject.org/v1 2 | kind: Captain 3 | metadata: 4 | name: captain-sample 5 | spec: 6 | # Add fields here 7 | foo: bar 8 | -------------------------------------------------------------------------------- /testdata/project-v2/config/samples/crew_v1_firstmate.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: crew.testproject.org/v1 2 | kind: FirstMate 3 | metadata: 4 | name: firstmate-sample 5 | spec: 6 | # Add fields here 7 | foo: bar 8 | -------------------------------------------------------------------------------- /testdata/project-v2/config/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manifests.yaml 3 | - service.yaml 4 | 5 | configurations: 6 | - kustomizeconfig.yaml 7 | -------------------------------------------------------------------------------- /testdata/project-v2/config/webhook/service.yaml: -------------------------------------------------------------------------------- 1 | 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: webhook-service 6 | namespace: system 7 | spec: 8 | ports: 9 | - port: 443 10 | targetPort: 9443 11 | selector: 12 | control-plane: controller-manager 13 | -------------------------------------------------------------------------------- /testdata/project-v2/go.mod: -------------------------------------------------------------------------------- 1 | module sigs.k8s.io/kubebuilder/testdata/project-v2 2 | 3 | go 1.13 4 | 5 | require ( 6 | github.com/go-logr/logr v0.1.0 7 | github.com/onsi/ginkgo v1.12.1 8 | github.com/onsi/gomega v1.10.1 9 | k8s.io/apimachinery v0.18.6 10 | k8s.io/client-go v0.18.6 11 | sigs.k8s.io/controller-runtime v0.6.3 12 | ) 13 | -------------------------------------------------------------------------------- /testdata/project-v2/hack/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ -------------------------------------------------------------------------------- /testdata/project-v3-addon/.dockerignore: -------------------------------------------------------------------------------- 1 | # More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file 2 | # Ignore all files which are not go type 3 | !**/*.go 4 | !**/*.mod 5 | !**/*.sum 6 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/.gitignore: -------------------------------------------------------------------------------- 1 | 2 | # Binaries for programs and plugins 3 | *.exe 4 | *.exe~ 5 | *.dll 6 | *.so 7 | *.dylib 8 | bin 9 | 10 | # Test binary, build with `go test -c` 11 | *.test 12 | 13 | # Output of the go coverage tool, specifically when used with LiteIDE 14 | *.out 15 | 16 | # Kubernetes Generated files - skip generated files, except for vendored files 17 | 18 | !vendor/**/zz_generated.* 19 | 20 | # editor and IDE paraphernalia 21 | .idea 22 | *.swp 23 | *.swo 24 | *~ 25 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/Dockerfile: -------------------------------------------------------------------------------- 1 | # Build the manager binary 2 | FROM golang:1.15 as builder 3 | 4 | WORKDIR /workspace 5 | # Copy the Go Modules manifests 6 | COPY go.mod go.mod 7 | COPY go.sum go.sum 8 | # cache deps before building and copying source so that we don't need to re-download as much 9 | # and so that source changes don't invalidate our downloaded layer 10 | RUN go mod download 11 | 12 | # Copy the go source 13 | COPY main.go main.go 14 | COPY api/ api/ 15 | COPY controllers/ controllers/ 16 | 17 | # Build 18 | RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o manager main.go 19 | 20 | # Use distroless as minimal base image to package the manager binary 21 | # Refer to https://github.com/GoogleContainerTools/distroless for more details 22 | FROM gcr.io/distroless/static:nonroot 23 | WORKDIR / 24 | COPY --from=builder /workspace/manager . 25 | USER 65532:65532 26 | 27 | ENTRYPOINT ["/manager"] 28 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/PROJECT: -------------------------------------------------------------------------------- 1 | domain: testproject.org 2 | layout: go.kubebuilder.io/v3-alpha 3 | projectName: project-v3-addon 4 | repo: sigs.k8s.io/kubebuilder/testdata/project-v3-addon 5 | resources: 6 | - group: crew 7 | kind: Captain 8 | version: v1 9 | - group: crew 10 | kind: FirstMate 11 | version: v1 12 | - group: crew 13 | kind: Admiral 14 | version: v1 15 | version: 3-alpha 16 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/channels/packages/admiral/0.0.1/manifest.yaml: -------------------------------------------------------------------------------- 1 | # Placeholder manifest - replace with the manifest for your addon 2 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/channels/packages/captain/0.0.1/manifest.yaml: -------------------------------------------------------------------------------- 1 | # Placeholder manifest - replace with the manifest for your addon 2 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/channels/packages/firstmate/0.0.1/manifest.yaml: -------------------------------------------------------------------------------- 1 | # Placeholder manifest - replace with the manifest for your addon 2 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/channels/stable: -------------------------------------------------------------------------------- 1 | # Versions for the stable channel 2 | manifests: 3 | - version: 0.0.1 4 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/config/certmanager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - certificate.yaml 3 | 4 | configurations: 5 | - kustomizeconfig.yaml 6 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/config/certmanager/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This configuration is for teaching kustomize how to update name ref and var substitution 2 | nameReference: 3 | - kind: Issuer 4 | group: cert-manager.io 5 | fieldSpecs: 6 | - kind: Certificate 7 | group: cert-manager.io 8 | path: spec/issuerRef/name 9 | 10 | varReference: 11 | - kind: Certificate 12 | group: cert-manager.io 13 | path: spec/commonName 14 | - kind: Certificate 15 | group: cert-manager.io 16 | path: spec/dnsNames 17 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/config/crd/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This file is for teaching kustomize how to substitute name and namespace reference in CRD 2 | nameReference: 3 | - kind: Service 4 | version: v1 5 | fieldSpecs: 6 | - kind: CustomResourceDefinition 7 | group: apiextensions.k8s.io 8 | path: spec/conversion/webhookClientConfig/service/name 9 | 10 | namespace: 11 | - kind: CustomResourceDefinition 12 | group: apiextensions.k8s.io 13 | path: spec/conversion/webhookClientConfig/service/namespace 14 | create: false 15 | 16 | varReference: 17 | - path: metadata/annotations 18 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/config/crd/patches/cainjection_in_admirals.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: admirals.crew.testproject.org 9 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/config/crd/patches/cainjection_in_captains.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: captains.crew.testproject.org 9 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/config/crd/patches/cainjection_in_firstmates.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: firstmates.crew.testproject.org 9 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/config/crd/patches/webhook_in_admirals.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: admirals.crew.testproject.org 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/config/crd/patches/webhook_in_captains.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: captains.crew.testproject.org 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/config/crd/patches/webhook_in_firstmates.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: firstmates.crew.testproject.org 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/config/default/manager_auth_proxy_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch inject a sidecar container which is a HTTP proxy for the 2 | # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: controller-manager 7 | namespace: system 8 | spec: 9 | template: 10 | spec: 11 | containers: 12 | - name: kube-rbac-proxy 13 | image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 14 | args: 15 | - "--secure-listen-address=0.0.0.0:8443" 16 | - "--upstream=http://127.0.0.1:8080/" 17 | - "--logtostderr=true" 18 | - "--v=10" 19 | ports: 20 | - containerPort: 8443 21 | name: https 22 | - name: manager 23 | args: 24 | - "--metrics-addr=127.0.0.1:8080" 25 | - "--enable-leader-election" 26 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/config/default/manager_webhook_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | ports: 12 | - containerPort: 9443 13 | name: webhook-server 14 | protocol: TCP 15 | volumeMounts: 16 | - mountPath: /tmp/k8s-webhook-server/serving-certs 17 | name: cert 18 | readOnly: true 19 | volumes: 20 | - name: cert 21 | secret: 22 | defaultMode: 420 23 | secretName: webhook-server-cert 24 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/config/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/config/prometheus/monitor.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Prometheus Monitor Service (Metrics) 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | labels: 7 | control-plane: controller-manager 8 | name: controller-manager-metrics-monitor 9 | namespace: system 10 | spec: 11 | endpoints: 12 | - path: /metrics 13 | port: https 14 | selector: 15 | matchLabels: 16 | control-plane: controller-manager 17 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/config/rbac/admiral_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit admirals. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: admiral-editor-role 6 | rules: 7 | - apiGroups: 8 | - crew.testproject.org 9 | resources: 10 | - admirals 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - crew.testproject.org 21 | resources: 22 | - admirals/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/config/rbac/admiral_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view admirals. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: admiral-viewer-role 6 | rules: 7 | - apiGroups: 8 | - crew.testproject.org 9 | resources: 10 | - admirals 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - crew.testproject.org 17 | resources: 18 | - admirals/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/config/rbac/auth_proxy_client_clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: metrics-reader 5 | rules: 6 | - nonResourceURLs: ["/metrics"] 7 | verbs: ["get"] 8 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/config/rbac/auth_proxy_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: proxy-role 5 | rules: 6 | - apiGroups: ["authentication.k8s.io"] 7 | resources: 8 | - tokenreviews 9 | verbs: ["create"] 10 | - apiGroups: ["authorization.k8s.io"] 11 | resources: 12 | - subjectaccessreviews 13 | verbs: ["create"] 14 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/config/rbac/auth_proxy_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: proxy-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: proxy-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/config/rbac/auth_proxy_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | name: controller-manager-metrics-service 7 | namespace: system 8 | spec: 9 | ports: 10 | - name: https 11 | port: 8443 12 | targetPort: https 13 | selector: 14 | control-plane: controller-manager 15 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/config/rbac/captain_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit captains. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: captain-editor-role 6 | rules: 7 | - apiGroups: 8 | - crew.testproject.org 9 | resources: 10 | - captains 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - crew.testproject.org 21 | resources: 22 | - captains/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/config/rbac/captain_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view captains. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: captain-viewer-role 6 | rules: 7 | - apiGroups: 8 | - crew.testproject.org 9 | resources: 10 | - captains 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - crew.testproject.org 17 | resources: 18 | - captains/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/config/rbac/firstmate_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit firstmates. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: firstmate-editor-role 6 | rules: 7 | - apiGroups: 8 | - crew.testproject.org 9 | resources: 10 | - firstmates 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - crew.testproject.org 21 | resources: 22 | - firstmates/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/config/rbac/firstmate_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view firstmates. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: firstmate-viewer-role 6 | rules: 7 | - apiGroups: 8 | - crew.testproject.org 9 | resources: 10 | - firstmates 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - crew.testproject.org 17 | resources: 18 | - firstmates/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - role.yaml 3 | - role_binding.yaml 4 | - leader_election_role.yaml 5 | - leader_election_role_binding.yaml 6 | # Comment the following 4 lines if you want to disable 7 | # the auth proxy (https://github.com/brancz/kube-rbac-proxy) 8 | # which protects your /metrics endpoint. 9 | - auth_proxy_service.yaml 10 | - auth_proxy_role.yaml 11 | - auth_proxy_role_binding.yaml 12 | - auth_proxy_client_clusterrole.yaml 13 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: leader-election-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - "" 21 | resources: 22 | - events 23 | verbs: 24 | - create 25 | - patch 26 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: leader-election-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: leader-election-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/config/samples/crew_v1_admiral.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: crew.testproject.org/v1 2 | kind: Admiral 3 | metadata: 4 | name: admiral-sample 5 | spec: 6 | # Add fields here 7 | foo: bar 8 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/config/samples/crew_v1_captain.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: crew.testproject.org/v1 2 | kind: Captain 3 | metadata: 4 | name: captain-sample 5 | spec: 6 | # Add fields here 7 | foo: bar 8 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/config/samples/crew_v1_firstmate.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: crew.testproject.org/v1 2 | kind: FirstMate 3 | metadata: 4 | name: firstmate-sample 5 | spec: 6 | # Add fields here 7 | foo: bar 8 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/config/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manifests.yaml 3 | - service.yaml 4 | 5 | configurations: 6 | - kustomizeconfig.yaml 7 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/config/webhook/service.yaml: -------------------------------------------------------------------------------- 1 | 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: webhook-service 6 | namespace: system 7 | spec: 8 | ports: 9 | - port: 443 10 | targetPort: 9443 11 | selector: 12 | control-plane: controller-manager 13 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/go.mod: -------------------------------------------------------------------------------- 1 | module sigs.k8s.io/kubebuilder/testdata/project-v3-addon 2 | 3 | go 1.15 4 | 5 | require ( 6 | github.com/go-logr/logr v0.1.0 7 | github.com/onsi/ginkgo v1.12.1 8 | github.com/onsi/gomega v1.10.1 9 | k8s.io/apimachinery v0.18.6 10 | k8s.io/client-go v0.18.6 11 | sigs.k8s.io/controller-runtime v0.6.3 12 | sigs.k8s.io/kubebuilder-declarative-pattern v0.0.0-20200522144838-848d48e5b073 13 | ) 14 | -------------------------------------------------------------------------------- /testdata/project-v3-addon/hack/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/.dockerignore: -------------------------------------------------------------------------------- 1 | # More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file 2 | # Ignore all files which are not go type 3 | !**/*.go 4 | !**/*.mod 5 | !**/*.sum 6 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/.gitignore: -------------------------------------------------------------------------------- 1 | 2 | # Binaries for programs and plugins 3 | *.exe 4 | *.exe~ 5 | *.dll 6 | *.so 7 | *.dylib 8 | bin 9 | 10 | # Test binary, build with `go test -c` 11 | *.test 12 | 13 | # Output of the go coverage tool, specifically when used with LiteIDE 14 | *.out 15 | 16 | # Kubernetes Generated files - skip generated files, except for vendored files 17 | 18 | !vendor/**/zz_generated.* 19 | 20 | # editor and IDE paraphernalia 21 | .idea 22 | *.swp 23 | *.swo 24 | *~ 25 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/PROJECT: -------------------------------------------------------------------------------- 1 | domain: testproject.org 2 | layout: go.kubebuilder.io/v3-alpha 3 | multigroup: true 4 | projectName: project-v3-multigroup 5 | repo: sigs.k8s.io/kubebuilder/testdata/project-v3-multigroup 6 | resources: 7 | - group: crew 8 | kind: Captain 9 | version: v1 10 | - group: ship 11 | kind: Frigate 12 | version: v1beta1 13 | - group: ship 14 | kind: Destroyer 15 | version: v1 16 | - group: ship 17 | kind: Cruiser 18 | version: v2alpha1 19 | - group: sea-creatures 20 | kind: Kraken 21 | version: v1beta1 22 | - group: sea-creatures 23 | kind: Leviathan 24 | version: v1beta2 25 | - group: foo.policy 26 | kind: HealthCheckPolicy 27 | version: v1 28 | - kind: Lakers 29 | version: v1 30 | version: 3-alpha 31 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/certmanager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - certificate.yaml 3 | 4 | configurations: 5 | - kustomizeconfig.yaml 6 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/certmanager/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This configuration is for teaching kustomize how to update name ref and var substitution 2 | nameReference: 3 | - kind: Issuer 4 | group: cert-manager.io 5 | fieldSpecs: 6 | - kind: Certificate 7 | group: cert-manager.io 8 | path: spec/issuerRef/name 9 | 10 | varReference: 11 | - kind: Certificate 12 | group: cert-manager.io 13 | path: spec/commonName 14 | - kind: Certificate 15 | group: cert-manager.io 16 | path: spec/dnsNames 17 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/crd/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This file is for teaching kustomize how to substitute name and namespace reference in CRD 2 | nameReference: 3 | - kind: Service 4 | version: v1 5 | fieldSpecs: 6 | - kind: CustomResourceDefinition 7 | group: apiextensions.k8s.io 8 | path: spec/conversion/webhookClientConfig/service/name 9 | 10 | namespace: 11 | - kind: CustomResourceDefinition 12 | group: apiextensions.k8s.io 13 | path: spec/conversion/webhookClientConfig/service/namespace 14 | create: false 15 | 16 | varReference: 17 | - path: metadata/annotations 18 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/crd/patches/cainjection_in_captains.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: captains.crew.testproject.org 9 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/crd/patches/cainjection_in_cruisers.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: cruisers.ship.testproject.org 9 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/crd/patches/cainjection_in_destroyers.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: destroyers.ship.testproject.org 9 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/crd/patches/cainjection_in_frigates.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: frigates.ship.testproject.org 9 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/crd/patches/cainjection_in_healthcheckpolicies.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: healthcheckpolicies.foo.policy.testproject.org 9 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/crd/patches/cainjection_in_krakens.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: krakens.sea-creatures.testproject.org 9 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/crd/patches/cainjection_in_lakers.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: lakers.testproject.org 9 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/crd/patches/cainjection_in_leviathans.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: leviathans.sea-creatures.testproject.org 9 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/crd/patches/webhook_in_captains.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: captains.crew.testproject.org 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/crd/patches/webhook_in_cruisers.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: cruisers.ship.testproject.org 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/crd/patches/webhook_in_destroyers.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: destroyers.ship.testproject.org 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/crd/patches/webhook_in_frigates.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: frigates.ship.testproject.org 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/crd/patches/webhook_in_healthcheckpolicies.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: healthcheckpolicies.foo.policy.testproject.org 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/crd/patches/webhook_in_krakens.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: krakens.sea-creatures.testproject.org 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/crd/patches/webhook_in_lakers.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: lakers.testproject.org 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/crd/patches/webhook_in_leviathans.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: leviathans.sea-creatures.testproject.org 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/default/manager_auth_proxy_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch inject a sidecar container which is a HTTP proxy for the 2 | # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: controller-manager 7 | namespace: system 8 | spec: 9 | template: 10 | spec: 11 | containers: 12 | - name: kube-rbac-proxy 13 | image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 14 | args: 15 | - "--secure-listen-address=0.0.0.0:8443" 16 | - "--upstream=http://127.0.0.1:8080/" 17 | - "--logtostderr=true" 18 | - "--v=10" 19 | ports: 20 | - containerPort: 8443 21 | name: https 22 | - name: manager 23 | args: 24 | - "--metrics-addr=127.0.0.1:8080" 25 | - "--enable-leader-election" 26 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/default/manager_webhook_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | ports: 12 | - containerPort: 9443 13 | name: webhook-server 14 | protocol: TCP 15 | volumeMounts: 16 | - mountPath: /tmp/k8s-webhook-server/serving-certs 17 | name: cert 18 | readOnly: true 19 | volumes: 20 | - name: cert 21 | secret: 22 | defaultMode: 420 23 | secretName: webhook-server-cert 24 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/default/webhookcainjection_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch add annotation to admission webhook config and 2 | # the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. 3 | apiVersion: admissionregistration.k8s.io/v1beta1 4 | kind: MutatingWebhookConfiguration 5 | metadata: 6 | name: mutating-webhook-configuration 7 | annotations: 8 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 9 | --- 10 | apiVersion: admissionregistration.k8s.io/v1beta1 11 | kind: ValidatingWebhookConfiguration 12 | metadata: 13 | name: validating-webhook-configuration 14 | annotations: 15 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 16 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/prometheus/monitor.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Prometheus Monitor Service (Metrics) 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | labels: 7 | control-plane: controller-manager 8 | name: controller-manager-metrics-monitor 9 | namespace: system 10 | spec: 11 | endpoints: 12 | - path: /metrics 13 | port: https 14 | selector: 15 | matchLabels: 16 | control-plane: controller-manager 17 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/rbac/auth_proxy_client_clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: metrics-reader 5 | rules: 6 | - nonResourceURLs: ["/metrics"] 7 | verbs: ["get"] 8 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/rbac/auth_proxy_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: proxy-role 5 | rules: 6 | - apiGroups: ["authentication.k8s.io"] 7 | resources: 8 | - tokenreviews 9 | verbs: ["create"] 10 | - apiGroups: ["authorization.k8s.io"] 11 | resources: 12 | - subjectaccessreviews 13 | verbs: ["create"] 14 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/rbac/auth_proxy_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: proxy-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: proxy-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/rbac/auth_proxy_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | name: controller-manager-metrics-service 7 | namespace: system 8 | spec: 9 | ports: 10 | - name: https 11 | port: 8443 12 | targetPort: https 13 | selector: 14 | control-plane: controller-manager 15 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/rbac/captain_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit captains. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: captain-editor-role 6 | rules: 7 | - apiGroups: 8 | - crew.testproject.org 9 | resources: 10 | - captains 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - crew.testproject.org 21 | resources: 22 | - captains/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/rbac/captain_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view captains. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: captain-viewer-role 6 | rules: 7 | - apiGroups: 8 | - crew.testproject.org 9 | resources: 10 | - captains 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - crew.testproject.org 17 | resources: 18 | - captains/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/rbac/cruiser_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit cruisers. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: cruiser-editor-role 6 | rules: 7 | - apiGroups: 8 | - ship.testproject.org 9 | resources: 10 | - cruisers 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - ship.testproject.org 21 | resources: 22 | - cruisers/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/rbac/cruiser_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view cruisers. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: cruiser-viewer-role 6 | rules: 7 | - apiGroups: 8 | - ship.testproject.org 9 | resources: 10 | - cruisers 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - ship.testproject.org 17 | resources: 18 | - cruisers/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/rbac/destroyer_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit destroyers. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: destroyer-editor-role 6 | rules: 7 | - apiGroups: 8 | - ship.testproject.org 9 | resources: 10 | - destroyers 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - ship.testproject.org 21 | resources: 22 | - destroyers/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/rbac/destroyer_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view destroyers. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: destroyer-viewer-role 6 | rules: 7 | - apiGroups: 8 | - ship.testproject.org 9 | resources: 10 | - destroyers 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - ship.testproject.org 17 | resources: 18 | - destroyers/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/rbac/frigate_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit frigates. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: frigate-editor-role 6 | rules: 7 | - apiGroups: 8 | - ship.testproject.org 9 | resources: 10 | - frigates 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - ship.testproject.org 21 | resources: 22 | - frigates/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/rbac/frigate_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view frigates. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: frigate-viewer-role 6 | rules: 7 | - apiGroups: 8 | - ship.testproject.org 9 | resources: 10 | - frigates 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - ship.testproject.org 17 | resources: 18 | - frigates/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/rbac/healthcheckpolicy_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit healthcheckpolicies. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: healthcheckpolicy-editor-role 6 | rules: 7 | - apiGroups: 8 | - foo.policy.testproject.org 9 | resources: 10 | - healthcheckpolicies 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - foo.policy.testproject.org 21 | resources: 22 | - healthcheckpolicies/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/rbac/healthcheckpolicy_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view healthcheckpolicies. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: healthcheckpolicy-viewer-role 6 | rules: 7 | - apiGroups: 8 | - foo.policy.testproject.org 9 | resources: 10 | - healthcheckpolicies 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - foo.policy.testproject.org 17 | resources: 18 | - healthcheckpolicies/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/rbac/kraken_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit krakens. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: kraken-editor-role 6 | rules: 7 | - apiGroups: 8 | - sea-creatures.testproject.org 9 | resources: 10 | - krakens 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - sea-creatures.testproject.org 21 | resources: 22 | - krakens/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/rbac/kraken_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view krakens. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: kraken-viewer-role 6 | rules: 7 | - apiGroups: 8 | - sea-creatures.testproject.org 9 | resources: 10 | - krakens 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - sea-creatures.testproject.org 17 | resources: 18 | - krakens/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - role.yaml 3 | - role_binding.yaml 4 | - leader_election_role.yaml 5 | - leader_election_role_binding.yaml 6 | # Comment the following 4 lines if you want to disable 7 | # the auth proxy (https://github.com/brancz/kube-rbac-proxy) 8 | # which protects your /metrics endpoint. 9 | - auth_proxy_service.yaml 10 | - auth_proxy_role.yaml 11 | - auth_proxy_role_binding.yaml 12 | - auth_proxy_client_clusterrole.yaml 13 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/rbac/lakers_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit lakers. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: lakers-editor-role 6 | rules: 7 | - apiGroups: 8 | - testproject.org 9 | resources: 10 | - lakers 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - testproject.org 21 | resources: 22 | - lakers/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/rbac/lakers_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view lakers. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: lakers-viewer-role 6 | rules: 7 | - apiGroups: 8 | - testproject.org 9 | resources: 10 | - lakers 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - testproject.org 17 | resources: 18 | - lakers/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: leader-election-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - "" 21 | resources: 22 | - events 23 | verbs: 24 | - create 25 | - patch 26 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: leader-election-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: leader-election-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/rbac/leviathan_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit leviathans. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: leviathan-editor-role 6 | rules: 7 | - apiGroups: 8 | - sea-creatures.testproject.org 9 | resources: 10 | - leviathans 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - sea-creatures.testproject.org 21 | resources: 22 | - leviathans/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/rbac/leviathan_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view leviathans. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: leviathan-viewer-role 6 | rules: 7 | - apiGroups: 8 | - sea-creatures.testproject.org 9 | resources: 10 | - leviathans 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - sea-creatures.testproject.org 17 | resources: 18 | - leviathans/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/samples/_v1_lakers.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: testproject.org/v1 2 | kind: Lakers 3 | metadata: 4 | name: lakers-sample 5 | spec: 6 | # Add fields here 7 | foo: bar 8 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/samples/crew_v1_captain.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: crew.testproject.org/v1 2 | kind: Captain 3 | metadata: 4 | name: captain-sample 5 | spec: 6 | # Add fields here 7 | foo: bar 8 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/samples/foo.policy_v1_healthcheckpolicy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: foo.policy.testproject.org/v1 2 | kind: HealthCheckPolicy 3 | metadata: 4 | name: healthcheckpolicy-sample 5 | spec: 6 | # Add fields here 7 | foo: bar 8 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/samples/sea-creatures_v1beta1_kraken.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: sea-creatures.testproject.org/v1beta1 2 | kind: Kraken 3 | metadata: 4 | name: kraken-sample 5 | spec: 6 | # Add fields here 7 | foo: bar 8 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/samples/sea-creatures_v1beta2_leviathan.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: sea-creatures.testproject.org/v1beta2 2 | kind: Leviathan 3 | metadata: 4 | name: leviathan-sample 5 | spec: 6 | # Add fields here 7 | foo: bar 8 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/samples/ship_v1_destroyer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: ship.testproject.org/v1 2 | kind: Destroyer 3 | metadata: 4 | name: destroyer-sample 5 | spec: 6 | # Add fields here 7 | foo: bar 8 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/samples/ship_v1beta1_frigate.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: ship.testproject.org/v1beta1 2 | kind: Frigate 3 | metadata: 4 | name: frigate-sample 5 | spec: 6 | # Add fields here 7 | foo: bar 8 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/samples/ship_v2alpha1_cruiser.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: ship.testproject.org/v2alpha1 2 | kind: Cruiser 3 | metadata: 4 | name: cruiser-sample 5 | spec: 6 | # Add fields here 7 | foo: bar 8 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manifests.yaml 3 | - service.yaml 4 | 5 | configurations: 6 | - kustomizeconfig.yaml 7 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/config/webhook/service.yaml: -------------------------------------------------------------------------------- 1 | 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: webhook-service 6 | namespace: system 7 | spec: 8 | ports: 9 | - port: 443 10 | targetPort: 9443 11 | selector: 12 | control-plane: controller-manager 13 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/go.mod: -------------------------------------------------------------------------------- 1 | module sigs.k8s.io/kubebuilder/testdata/project-v3-multigroup 2 | 3 | go 1.15 4 | 5 | require ( 6 | github.com/go-logr/logr v0.1.0 7 | github.com/onsi/ginkgo v1.12.1 8 | github.com/onsi/gomega v1.10.1 9 | k8s.io/apimachinery v0.18.6 10 | k8s.io/client-go v0.18.6 11 | sigs.k8s.io/controller-runtime v0.6.3 12 | ) 13 | -------------------------------------------------------------------------------- /testdata/project-v3-multigroup/hack/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ -------------------------------------------------------------------------------- /testdata/project-v3/.dockerignore: -------------------------------------------------------------------------------- 1 | # More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file 2 | # Ignore all files which are not go type 3 | !**/*.go 4 | !**/*.mod 5 | !**/*.sum 6 | -------------------------------------------------------------------------------- /testdata/project-v3/.gitignore: -------------------------------------------------------------------------------- 1 | 2 | # Binaries for programs and plugins 3 | *.exe 4 | *.exe~ 5 | *.dll 6 | *.so 7 | *.dylib 8 | bin 9 | 10 | # Test binary, build with `go test -c` 11 | *.test 12 | 13 | # Output of the go coverage tool, specifically when used with LiteIDE 14 | *.out 15 | 16 | # Kubernetes Generated files - skip generated files, except for vendored files 17 | 18 | !vendor/**/zz_generated.* 19 | 20 | # editor and IDE paraphernalia 21 | .idea 22 | *.swp 23 | *.swo 24 | *~ 25 | -------------------------------------------------------------------------------- /testdata/project-v3/Dockerfile: -------------------------------------------------------------------------------- 1 | # Build the manager binary 2 | FROM golang:1.15 as builder 3 | 4 | WORKDIR /workspace 5 | # Copy the Go Modules manifests 6 | COPY go.mod go.mod 7 | COPY go.sum go.sum 8 | # cache deps before building and copying source so that we don't need to re-download as much 9 | # and so that source changes don't invalidate our downloaded layer 10 | RUN go mod download 11 | 12 | # Copy the go source 13 | COPY main.go main.go 14 | COPY api/ api/ 15 | COPY controllers/ controllers/ 16 | 17 | # Build 18 | RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o manager main.go 19 | 20 | # Use distroless as minimal base image to package the manager binary 21 | # Refer to https://github.com/GoogleContainerTools/distroless for more details 22 | FROM gcr.io/distroless/static:nonroot 23 | WORKDIR / 24 | COPY --from=builder /workspace/manager . 25 | USER 65532:65532 26 | 27 | ENTRYPOINT ["/manager"] 28 | -------------------------------------------------------------------------------- /testdata/project-v3/PROJECT: -------------------------------------------------------------------------------- 1 | domain: testproject.org 2 | layout: go.kubebuilder.io/v3-alpha 3 | projectName: project-v3 4 | repo: sigs.k8s.io/kubebuilder/testdata/project-v3 5 | resources: 6 | - group: crew 7 | kind: Captain 8 | version: v1 9 | - group: crew 10 | kind: FirstMate 11 | version: v1 12 | - group: crew 13 | kind: Admiral 14 | version: v1 15 | version: 3-alpha 16 | -------------------------------------------------------------------------------- /testdata/project-v3/config/certmanager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - certificate.yaml 3 | 4 | configurations: 5 | - kustomizeconfig.yaml 6 | -------------------------------------------------------------------------------- /testdata/project-v3/config/certmanager/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This configuration is for teaching kustomize how to update name ref and var substitution 2 | nameReference: 3 | - kind: Issuer 4 | group: cert-manager.io 5 | fieldSpecs: 6 | - kind: Certificate 7 | group: cert-manager.io 8 | path: spec/issuerRef/name 9 | 10 | varReference: 11 | - kind: Certificate 12 | group: cert-manager.io 13 | path: spec/commonName 14 | - kind: Certificate 15 | group: cert-manager.io 16 | path: spec/dnsNames 17 | -------------------------------------------------------------------------------- /testdata/project-v3/config/crd/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This file is for teaching kustomize how to substitute name and namespace reference in CRD 2 | nameReference: 3 | - kind: Service 4 | version: v1 5 | fieldSpecs: 6 | - kind: CustomResourceDefinition 7 | group: apiextensions.k8s.io 8 | path: spec/conversion/webhookClientConfig/service/name 9 | 10 | namespace: 11 | - kind: CustomResourceDefinition 12 | group: apiextensions.k8s.io 13 | path: spec/conversion/webhookClientConfig/service/namespace 14 | create: false 15 | 16 | varReference: 17 | - path: metadata/annotations 18 | -------------------------------------------------------------------------------- /testdata/project-v3/config/crd/patches/cainjection_in_admirals.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: admirals.crew.testproject.org 9 | -------------------------------------------------------------------------------- /testdata/project-v3/config/crd/patches/cainjection_in_captains.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: captains.crew.testproject.org 9 | -------------------------------------------------------------------------------- /testdata/project-v3/config/crd/patches/cainjection_in_firstmates.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: firstmates.crew.testproject.org 9 | -------------------------------------------------------------------------------- /testdata/project-v3/config/crd/patches/webhook_in_admirals.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: admirals.crew.testproject.org 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | -------------------------------------------------------------------------------- /testdata/project-v3/config/crd/patches/webhook_in_captains.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: captains.crew.testproject.org 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | -------------------------------------------------------------------------------- /testdata/project-v3/config/crd/patches/webhook_in_firstmates.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: firstmates.crew.testproject.org 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | -------------------------------------------------------------------------------- /testdata/project-v3/config/default/manager_auth_proxy_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch inject a sidecar container which is a HTTP proxy for the 2 | # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: controller-manager 7 | namespace: system 8 | spec: 9 | template: 10 | spec: 11 | containers: 12 | - name: kube-rbac-proxy 13 | image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 14 | args: 15 | - "--secure-listen-address=0.0.0.0:8443" 16 | - "--upstream=http://127.0.0.1:8080/" 17 | - "--logtostderr=true" 18 | - "--v=10" 19 | ports: 20 | - containerPort: 8443 21 | name: https 22 | - name: manager 23 | args: 24 | - "--metrics-addr=127.0.0.1:8080" 25 | - "--enable-leader-election" 26 | -------------------------------------------------------------------------------- /testdata/project-v3/config/default/manager_webhook_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | ports: 12 | - containerPort: 9443 13 | name: webhook-server 14 | protocol: TCP 15 | volumeMounts: 16 | - mountPath: /tmp/k8s-webhook-server/serving-certs 17 | name: cert 18 | readOnly: true 19 | volumes: 20 | - name: cert 21 | secret: 22 | defaultMode: 420 23 | secretName: webhook-server-cert 24 | -------------------------------------------------------------------------------- /testdata/project-v3/config/default/webhookcainjection_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch add annotation to admission webhook config and 2 | # the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. 3 | apiVersion: admissionregistration.k8s.io/v1beta1 4 | kind: MutatingWebhookConfiguration 5 | metadata: 6 | name: mutating-webhook-configuration 7 | annotations: 8 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 9 | --- 10 | apiVersion: admissionregistration.k8s.io/v1beta1 11 | kind: ValidatingWebhookConfiguration 12 | metadata: 13 | name: validating-webhook-configuration 14 | annotations: 15 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 16 | -------------------------------------------------------------------------------- /testdata/project-v3/config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | -------------------------------------------------------------------------------- /testdata/project-v3/config/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | -------------------------------------------------------------------------------- /testdata/project-v3/config/prometheus/monitor.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Prometheus Monitor Service (Metrics) 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | labels: 7 | control-plane: controller-manager 8 | name: controller-manager-metrics-monitor 9 | namespace: system 10 | spec: 11 | endpoints: 12 | - path: /metrics 13 | port: https 14 | selector: 15 | matchLabels: 16 | control-plane: controller-manager 17 | -------------------------------------------------------------------------------- /testdata/project-v3/config/rbac/admiral_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit admirals. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: admiral-editor-role 6 | rules: 7 | - apiGroups: 8 | - crew.testproject.org 9 | resources: 10 | - admirals 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - crew.testproject.org 21 | resources: 22 | - admirals/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /testdata/project-v3/config/rbac/admiral_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view admirals. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: admiral-viewer-role 6 | rules: 7 | - apiGroups: 8 | - crew.testproject.org 9 | resources: 10 | - admirals 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - crew.testproject.org 17 | resources: 18 | - admirals/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /testdata/project-v3/config/rbac/auth_proxy_client_clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: metrics-reader 5 | rules: 6 | - nonResourceURLs: ["/metrics"] 7 | verbs: ["get"] 8 | -------------------------------------------------------------------------------- /testdata/project-v3/config/rbac/auth_proxy_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: proxy-role 5 | rules: 6 | - apiGroups: ["authentication.k8s.io"] 7 | resources: 8 | - tokenreviews 9 | verbs: ["create"] 10 | - apiGroups: ["authorization.k8s.io"] 11 | resources: 12 | - subjectaccessreviews 13 | verbs: ["create"] 14 | -------------------------------------------------------------------------------- /testdata/project-v3/config/rbac/auth_proxy_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: proxy-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: proxy-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /testdata/project-v3/config/rbac/auth_proxy_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | name: controller-manager-metrics-service 7 | namespace: system 8 | spec: 9 | ports: 10 | - name: https 11 | port: 8443 12 | targetPort: https 13 | selector: 14 | control-plane: controller-manager 15 | -------------------------------------------------------------------------------- /testdata/project-v3/config/rbac/captain_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit captains. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: captain-editor-role 6 | rules: 7 | - apiGroups: 8 | - crew.testproject.org 9 | resources: 10 | - captains 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - crew.testproject.org 21 | resources: 22 | - captains/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /testdata/project-v3/config/rbac/captain_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view captains. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: captain-viewer-role 6 | rules: 7 | - apiGroups: 8 | - crew.testproject.org 9 | resources: 10 | - captains 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - crew.testproject.org 17 | resources: 18 | - captains/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /testdata/project-v3/config/rbac/firstmate_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit firstmates. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: firstmate-editor-role 6 | rules: 7 | - apiGroups: 8 | - crew.testproject.org 9 | resources: 10 | - firstmates 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - crew.testproject.org 21 | resources: 22 | - firstmates/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /testdata/project-v3/config/rbac/firstmate_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view firstmates. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: firstmate-viewer-role 6 | rules: 7 | - apiGroups: 8 | - crew.testproject.org 9 | resources: 10 | - firstmates 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - crew.testproject.org 17 | resources: 18 | - firstmates/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /testdata/project-v3/config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - role.yaml 3 | - role_binding.yaml 4 | - leader_election_role.yaml 5 | - leader_election_role_binding.yaml 6 | # Comment the following 4 lines if you want to disable 7 | # the auth proxy (https://github.com/brancz/kube-rbac-proxy) 8 | # which protects your /metrics endpoint. 9 | - auth_proxy_service.yaml 10 | - auth_proxy_role.yaml 11 | - auth_proxy_role_binding.yaml 12 | - auth_proxy_client_clusterrole.yaml 13 | -------------------------------------------------------------------------------- /testdata/project-v3/config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: leader-election-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - "" 21 | resources: 22 | - events 23 | verbs: 24 | - create 25 | - patch 26 | -------------------------------------------------------------------------------- /testdata/project-v3/config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: leader-election-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: leader-election-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /testdata/project-v3/config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /testdata/project-v3/config/samples/crew_v1_admiral.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: crew.testproject.org/v1 2 | kind: Admiral 3 | metadata: 4 | name: admiral-sample 5 | spec: 6 | # Add fields here 7 | foo: bar 8 | -------------------------------------------------------------------------------- /testdata/project-v3/config/samples/crew_v1_captain.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: crew.testproject.org/v1 2 | kind: Captain 3 | metadata: 4 | name: captain-sample 5 | spec: 6 | # Add fields here 7 | foo: bar 8 | -------------------------------------------------------------------------------- /testdata/project-v3/config/samples/crew_v1_firstmate.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: crew.testproject.org/v1 2 | kind: FirstMate 3 | metadata: 4 | name: firstmate-sample 5 | spec: 6 | # Add fields here 7 | foo: bar 8 | -------------------------------------------------------------------------------- /testdata/project-v3/config/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manifests.yaml 3 | - service.yaml 4 | 5 | configurations: 6 | - kustomizeconfig.yaml 7 | -------------------------------------------------------------------------------- /testdata/project-v3/config/webhook/service.yaml: -------------------------------------------------------------------------------- 1 | 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: webhook-service 6 | namespace: system 7 | spec: 8 | ports: 9 | - port: 443 10 | targetPort: 9443 11 | selector: 12 | control-plane: controller-manager 13 | -------------------------------------------------------------------------------- /testdata/project-v3/go.mod: -------------------------------------------------------------------------------- 1 | module sigs.k8s.io/kubebuilder/testdata/project-v3 2 | 3 | go 1.15 4 | 5 | require ( 6 | github.com/go-logr/logr v0.1.0 7 | github.com/onsi/ginkgo v1.12.1 8 | github.com/onsi/gomega v1.10.1 9 | k8s.io/apimachinery v0.18.6 10 | k8s.io/client-go v0.18.6 11 | sigs.k8s.io/controller-runtime v0.6.3 12 | ) 13 | -------------------------------------------------------------------------------- /testdata/project-v3/hack/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ --------------------------------------------------------------------------------