Merge pull request #820 from st1t/remove-imagetag

Change imagetag to image in docs/eschewedFeatures.md
Merge pull request #813 from yujunz/varref
2026-06-17 20:08:17 +00:00 · 2019-02-25 08:50:55 -08:00 · 2019-02-25 08:48:49 -08:00 · 2019-02-25 20:23:36 +09:00 · 2019-02-24 11:36:09 +08:00 · 2019-02-23 04:48:37 -08:00
213 changed files with 10158 additions and 5090 deletions
--- a/1
+++ b/1
@@ -1,6 +1,5 @@
 aliases:
  kustomize-admins:
-    - grodrigues3
    - monopole
    - pwittrock
  kustomize-maintainers:
--- a/README.md
+++ b/README.md
@@ -9,7 +9,9 @@ patch [kubernetes style] API objects.  It's like
 [`make`], in that what it does is declared in a file,
 and it's like [`sed`], in that it emits editted text.

-This tool is sponsored by [sig-cli] ([KEP]).
+This tool is sponsored by [sig-cli] ([KEP]), and
+inspired by [DAM].
+

 [![Build Status](https://travis-ci.org/kubernetes-sigs/kustomize.svg?branch=master)](https://travis-ci.org/kubernetes-sigs/kustomize)
 [![Go Report Card](https://goreportcard.com/badge/github.com/kubernetes-sigs/kustomize)](https://goreportcard.com/report/github.com/kubernetes-sigs/kustomize)
@@ -115,29 +117,87 @@ The YAML can be directly [applied] to a cluster:
 > kustomize build ~/someApp/overlays/production | kubectl apply -f -
 > ```

-## Community, discussion, contribution, and support
+## Community

-Learn how to engage with the Kubernetes community on the [community page].
+### Filing bug reports

-You can reach the maintainers of this project at:
+
+##### A good report specifies
+
+ * the output of `kustomize version`,
+ * the input (the content of `kustomization.yaml`
+   and any files it refers to),
+ * the expected YAML output.
+
+##### A _great_ report is a bug reproduction test
+ 
+Kustomize has a simple test harness in the
+[target package] for specifying a kustomization's
+input and the expected output.
+See this [example of a target test].
+ 
+The pattern is
+ * call `NewKustTestHarness`
+ * specify kustomization input data (resources,
+   patches, etc.) as inline strings,
+ * call `makeKustTarget().MakeCustomizedResMap()`
+ * compare the actual output to expected output
+
+In a bug reproduction test, the expected output string
+initially contains the _wrong_ (unexpected) output,
+thus unambiguously reproducing the bug.
+
+Nearby comments should explain what the output
+_should_ be, and have a TODO pointing to the related
+issue.
+
+The person who fixes the bug then has a clear
+bug reproduction and a test to modify when
+the bug is fixed.
+
+The bug reporter can then see the bug was fixed,
+and has permanent regression coverage to prevent
+its reintroduction.
+ 
+### Feature requests
+
+Feature requests are welcome.
+
+Before working on an implementation, please
+ * Read the [eschewed feature list].
+ * File an issue describing
+   how the new feature would behave
+   and label it [kind/feature].
+
+### Other communication channels

 - [Slack]
 - [Mailing List]
+- General kubernetes [community page]

 ### Code of conduct

-Participation in the Kubernetes community is governed by the [Kubernetes Code of Conduct].
+Participation in the Kubernetes community
+is governed by the [Kubernetes Code of Conduct].

-[KEP]: https://github.com/kubernetes/community/blob/master/keps/sig-cli/0008-kustomize.md
 [`make`]: https://www.gnu.org/software/make
 [`sed`]: https://www.gnu.org/software/sed
+[DAM]: docs/glossary.md#declarative-application-management
+[KEP]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cli/0008-kustomize.md
+[Kubernetes Code of Conduct]: code-of-conduct.md
+[Mailing List]: https://groups.google.com/forum/#!forum/kubernetes-sig-cli
+[Slack]: https://kubernetes.slack.com/messages/sig-cli
 [applied]: docs/glossary.md#apply
 [base]: docs/glossary.md#base
+[community page]: http://kubernetes.io/community/
 [declarative configuration]: docs/glossary.md#declarative-application-management
+[eschewed feature list]: docs/eschewedFeatures.md
+[example of a target test]: https://github.com/kubernetes-sigs/kustomize/blob/master/pkg/target/baseandoverlaysmall_test.go
 [examples]: examples/README.md
 [imageBase]: docs/base.jpg
 [imageOverlay]: docs/overlay.jpg
 [install]: docs/INSTALL.md
+[kind/feature]: https://github.com/kubernetes-sigs/kustomize/labels/kind%2Ffeature
 [kubernetes style]: docs/glossary.md#kubernetes-style-object
 [kustomization]: docs/glossary.md#kustomization
 [overlay]: docs/glossary.md#overlay
@@ -146,10 +206,7 @@ Participation in the Kubernetes community is governed by the [Kubernetes Code of
 [resource]: docs/glossary.md#resource
 [resources]: docs/glossary.md#resource
 [sig-cli]: https://github.com/kubernetes/community/blob/master/sig-cli/README.md
+[target package]: https://github.com/kubernetes-sigs/kustomize/tree/master/pkg/target
 [variant]: docs/glossary.md#variant
 [variants]: docs/glossary.md#variant
 [workflows]: docs/workflows.md
-[community page]: http://kubernetes.io/community/
-[Kubernetes Code of Conduct]: code-of-conduct.md
-[Slack]: https://kubernetes.slack.com/messages/sig-cli
-[Mailing List]: https://groups.google.com/forum/#!forum/kubernetes-sig-cli
--- a/docs/README.md
+++ b/docs/README.md
@@ -6,6 +6,11 @@
   [kustomization](glossary.md#kustomization)
   with explanations of each field.

+ * [versioning policy](versioningPolicy.md) - How the code and the kustomization
+   file evolve in time.
+   
+ * [version 2.0.0](version2.0.0.md) - Release note of Kustomize 2.0.0.
+
 * [workflow](workflows.md) - Some steps one might take in using
   bespoke and off-the-shelf configurations.
  
--- a/docs/eschewedFeatures.md
+++ b/docs/eschewedFeatures.md
@@ -1,5 +1,10 @@
 # Eschewed Features

+The maintainers established this list to
+place bounds on the kustomize feature
+set.  The bounds can be changed with
+a consensus on the risks.
+
 For a bigger picture about why kustomize
 does some things and not others, see the
 glossary entry for [DAM].
@@ -10,8 +15,8 @@ glossary entry for [DAM].
 _compositions_ or _mixins_ - concepts that are widely accepted as
 a best practice in various programming languages.

-To this end, `kustomize` offers various _addition_ directives.  One
-can add labels, annotations, patches, resources and bases.
+To this end, `kustomize` offers various _addition_ directives.
+One may add labels, annotations, patches, resources, bases, etc.
 Corresponding _removal_ directives are not offered.

 Removal semantics would introduce many possibilities for
@@ -31,6 +36,48 @@ what you don't want and commit it to your private fork, then use
 kustomize on your fork.  As often as desired, use _git rebase_ to
 capture improvements from the upstream base.

+## Unstructured edits
+
+_Structured edits_ are changes controlled by
+knowledge of the k8s API, and YAML or JSON syntax.
+
+Most edits performed by kustomize can be expressed as
+[JSON patches] or [SMP patches].  Common edits, like
+adding labels or adding a name prefix, get dedicated 
+shorthand commands.  Another class of edits take
+data from one specific object's field and use it in
+another (e.g. a service object's name found and
+copied into a container's command line).
+
+These edits are designed to create valid output
+given valid input, and can provide syntactically
+and semantically informed error messages if inputs
+are invalid.
+
+_Unstructured edits_, e.g. a templating approach,
+or a command to replace any target string in the
+character stream with some other string, aren't
+limited by any syntax or object structure.
+  
+Such powerful techniques are eschewed because
+- There would be no way to say that a kustomization
+  was correct without running it and checking
+  the output.
+- Errors in the output would be
+  disconnected from the edit that caused it.
+- They are toil to maintain by a rotating
+  staff of operators.
+    
+Kustomizations are meant to be sharable and stackable.
+Imagine tracing down a problem rooted in a
+clever set of stacked regexp replacements
+performed by various overlays on some remote base. 
+
+Other tools (sed, jinja, erb, envsubst, helm, ksonnet,
+etc.) provide varying degrees of unstructured editting
+and/or embedded languages, and can be used instead
+of, or in a pipe with, kustomize.
+
 ## Build-time side effects from CLI args or env variables

 `kustomize` supports the best practice of storing one's
@@ -39,7 +86,7 @@ entire configuration in a version control system.
 Changing `kustomize build` configuration output as a result
 of additional arguments or flags to `build`, or by
 consulting shell environment variable values in `build`
-code, would violate that goal.
+code, would frustrate that goal.

 `kustomize` insteads offers [kustomization] file `edit`
 commands.  Like any shell command, they can accept
@@ -49,7 +96,7 @@ For example, to set the tag used on an image to match an
 environment variable, run

 ```
-kustomize edit set imagetag nginx:$MY_NGINX_VERSION
+kustomize edit set image nginx:$MY_NGINX_VERSION
 ```

 as part of some encapsulating work flow executed before
@@ -74,12 +121,10 @@ commands that accept globbed arguments, expand them at _edit
 time_ relative to the local file system, and store the resulting
 explicit names into the kustomization file.

-In this way the resources, patches and bases used at _build time_
-remain explicitly declared in version control.
-
-
-[DAM]: glossary.md#declarative-application-management
 [base]: glossary.md#base
+[DAM]: glossary.md#declarative-application-management
+[java import]: https://www.codebyamir.com/blog/pitfalls-java-import-wildcards
+[JSON patches]: glossary.md#patchjson6902
 [kustomization]: glossary.md#kustomization
 [OTS workflow]: workflows.md#off-the-shelf-configuration
-[java import]: https://www.codebyamir.com/blog/pitfalls-java-import-wildcards
+[SMP patches]: glossary.md#patchstrategicmerge
--- a/docs/glossary.md
+++ b/docs/glossary.md
@@ -5,6 +5,7 @@
 [Declarative Application Management]: https://github.com/kubernetes/community/blob/master/contributors/design-proposals/architecture/declarative-application-management.md
 [JSON]: https://www.json.org/
 [JSONPatch]: https://tools.ietf.org/html/rfc6902
+[JSONMergePatch]: https://tools.ietf.org/html/rfc7386
 [Resource]: #resource
 [YAML]: http://www.yaml.org/start.html
 [application]: #application
@@ -298,6 +299,9 @@ directives include _replace_ (the default), _merge_
 (avoid replacing a list), _delete_ and a few more
 (see [these notes][strategic-merge]).

+Note that for custom resources, SMPs are treated as
+[json merge patches][JSONMergePatch].
+
 Fun fact - any resource file can be used as
 an SMP, overwriting matching fields in another
 resource with the same group/version/kind/name,
--- a/docs/kustomization.yaml
+++ b/docs/kustomization.yaml
@@ -28,9 +28,12 @@
 # don't exist.
 #
 # In practice, fields with no value should simply be
-# omitted from kustomize.yaml to reduce the content
+# omitted from kustomization.yaml to reduce the content
 # visible in configuration reviews.
 # ----------------------------------------------------
+# apiVersion and kind of Kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization

 # Adds namespace to all resources.
 namespace: my-namespace
@@ -66,13 +69,16 @@ commonAnnotations:
 # markers ("---").
 resources:
 - some-service.yaml
- ../some-dir/some-deployment.yaml
+- sub-dir/some-deployment.yaml

 # Each entry in this list results in the creation of
 # one ConfigMap resource (it's a generator of n maps).
 # The example below creates two ConfigMaps. One with the
 # names and contents of the given files, the other with
 # key/value as data.
+# Each configMapGenerator item accepts a parameter of
+# behavior: [create|replace|merge]. This allows an overlay to modify or
+# replace an existing configMap from the parent.
 configMapGenerator:
 - name: myJavaServerProps
  files:
@@ -85,28 +91,23 @@ configMapGenerator:

 # Each entry in this list results in the creation of
 # one Secret resource (it's a generator of n secrets).
-# A command can do anything to get a secret,
-# e.g. prompt the user directly, start a webserver to
-# initate an oauth dance, etc.
 secretGenerator:
 - name: app-tls
-  commands:
-    tls.crt: "cat secret/tls.cert"
-    tls.key: "cat secret/tls.key"
+  files:
+    - secret/tls.cert
+    - secret/tls.key
+  type: "kubernetes.io/tls"
+- name: app-tls-namespaced
+  # you can define a namespace to generate secret in, defaults to: "default"
+  namespace: apps
+  files:
+    - tls.crt=catsecret/tls.cert
+    - tls.key=secret/tls.key
  type: "kubernetes.io/tls"
- name: downloaded_secret
-  # timeoutSeconds specifies the number of seconds to
-  # wait for the commands below. It defaults to 5 seconds.
-  timeoutSeconds: 30
-  commands:
-    username: "curl -s https://path/to/secrets/username.yaml"
-    password: "curl -s https://path/to/secrets/password.yaml"
-  type: Opaque
 - name: env_file_secret
-  # envCommand is similar to command but outputs lines of key=val pairs
-  # i.e. a Docker .env file or a .ini file.
-  # you can only specify one envCommand per secret.
-  envCommand: printf \"DB_USERNAME=admin\nDB_PASSWORD=somepw\"
+  # env is a path to a file to read lines of key=val
+  # you can only specify one env file per secret.
+  env: env.txt
  type: Opaque

 # generatorOptions modify behavior of all ConfigMap and Secret generators
@@ -117,11 +118,6 @@ generatorOptions:
  # annotations to add to all generated resources
  annotations:
    kustomize.generated.resource: somevalue
-  # timeoutSeconds specifies the timeout for commands
-  timeoutSeconds: 30
-  # shell and arguments to use as a context for commands used in resource
-  # generation. Default at time of writing: ["sh", "-c"]
-  shell: ["sh", "-c"]
  # disableNameSuffixHash is true disables the default behavior of adding a
  # suffix to the names of generated resources that is a hash of
  # the resource contents.
@@ -163,7 +159,7 @@ bases:
 # a memory request/limit, change an env var in a
 # ConfigMap, etc.  Small patches are easy to review and
 # easy to mix together in overlays.
-patches:
+patchesStrategicMerge:
 - service_port_8888.yaml
 - deployment_increase_replicas.yaml
 - deployment_increase_memory.yaml
@@ -219,11 +215,13 @@ crds:
 - crds/typeA.yaml
 - crds/typeB.yaml

-# Vars are used to insert values from resources that cannot be referenced
-# otherwise. For example if you need to pass a Service's name to the arguments
-# or environment variables of a program but without hard coding the actual name
-# of the Service you'd insert `$(MY_SERVICE_NAME)` into the value field of the
-# env var or into the command or args of the container as shown here:
+# Vars are used to capture text from one resource's field
+# and insert that text elsewhere.
+#
+# For example, suppose someone specifies the name of a k8s Service
+# object in a container's command line, and the name of a
+# k8s Secret object in a container's environment variable,
+# so that the following would work:
 # ```
 #   containers:
 #     - image: myimage
@@ -233,19 +231,8 @@ crds:
 #           value: $(SOME_SECRET_NAME)
 # ```
 #
-# Then you'll add an entry to `vars:` like shown below with the same name
-# and a reference to the resource from which to pull the field's value.
-# The actual field's path is optional and by default it will use
-# `metadata.name`. Currently only string type fields are supported, no integers
-# or booleans, etc. Also array access is currently not possible. For example getting
-# the image field of container number 2 inside of a pod can currently not be done.
+# To do so, add an entry to `vars:` as follows:
 #
-# Not every location of a variable is supported. To see a complete list of locations
-# see the file [varreference.go](https://github.com/kubernetes-sigs/kustomize/blob/master/pkg/transformers/config/defaultconfig/varreference.go#L20).
-#
-# An example of a situation where you'd not use vars is when you'd like to set a
-# pod's `serviceAccountName`. In that case you would just reference the ServiceAccount
-# by name and Kustomize will resolve it to the eventual name while building the manifests.
 vars:
  - name: SOME_SECRET_NAME
    objref:
@@ -266,23 +253,64 @@ vars:
      apiVersion: apps/v1
    fieldref:
      fieldpath: spec.template.spec.restartPolicy
+#
+# A var is a tuple of variable name, object reference and field
+# reference within that object.  That's where the text is found.
+#
+# The field reference is optional; it defaults to `metadata.name`,
+# a normal default, since kustomize is used to generate or
+# modify the names of resources.
+#
+# At time of writing, only string type fields are supported.
+# No ints, bools, arrays etc.  It's not possible to, say,
+# extract the name of the image in container number 2 of
+# some pod template.
+#
+# A variable reference, i.e. the string '$(FOO)', can only
+# be placed in particular fields of particular objects as
+# specified by kustomize's configuration data.
+#
+# The default config data for vars is at
+# https://github.com/kubernetes-sigs/kustomize/blob/master/pkg/transformers/config/defaultconfig/varreference.go
+# Long story short, the default targets are all
+# container command args and env value fields.
+#
+# Vars should _not_ be used for inserting names in places
+# where kustomize is already handling that job.  E.g.,
+# a Deployment may reference a ConfigMap by name, and
+# if kustomize changes the name of a ConfigMap, it knows
+# to change the name reference in the Deployment.

-# ImageTags modify the tags for images without creating patches.
-# E.g. Given this fragment of a Deployment:
+
+# Images modify the name, tags and/or digest for images without creating patches.
+# E.g. Given this kubernetes Deployment fragment:
 # ```
 #  containers:
-#    - name: myapp
-#      image: mycontainerregistry/myimage:v0
+#    - name: mypostgresdb
+#      image: postgres:8
 #    - name: nginxapp
 #      image: nginx:1.7.9
+#    - name: myapp
+#      image: my-demo-app:latest
+#    - name: alpine-app
+#      image: alpine:3.7
 #```
-# one can change the tag of myimage to v1 and the tag of nginx to 1.8.0 with the following:
+# one can change the `image` in the following ways:
+# 
+# - `postgres:8` to `my-registry/my-postgres:v1`,
+# - nginx tag `1.7.9` to `1.8.0`,
+# - image name `my-demo-app` to `my-app`,
+# - alpine's tag `3.7` to a digest value
 #
-# It also supports digests. If digest is present newTag is ignored.
-imageTags:
-  - name: mycontainerregistry/myimage
+# all with the following *kustomization*:
+
+images:
+  - name: postgres
+    newName: my-registry/my-postgres
    newTag: v1
  - name: nginx
    newTag: 1.8.0
+  - name: my-demo-app
+    newName: my-app
  - name: alpine
    digest: sha256:24a0c4b4a4c0eb97a1aabb8e29f18e917d05abfe1b7a7c07857230879ce7d3d3
--- a/docs/version2.0.0.md
+++ b/docs/version2.0.0.md
@@ -0,0 +1,70 @@
+# Kustomize 2.0.0
+
+After security review, a field used in secret generation (see below) was removed from the definition of a kustomization file with no mechanism to convert it to a new form. Also, the set of files accessible from a kustomization file has been further constrained.
+
+Per the [versioning policy](versioningPolicy.md), backward incompatible changes trigger an increment of the major version number, hence we go from 1.0.11 to 2.0.0. We're taking this major version increment opportunity to remove some already deprecated fields, and the code paths associated with them.
+
+## Backward Incompatible Changes
+
+### Kustomization Path Constraints
+A kustomization file can specify paths to other files, including resources, patches, configmap generation data, secret generation data and bases. In the case of a base, the path can be a git URL instead.
+
+In 1.x, these paths had to be relative to the current kustomization directory (the location of the kustomization file used in the `build` command).
+
+In 2.0, bases can continue to specify, via relative paths, kustomizations outside the current kustomization directory.
+But non-base paths are constrained to terminate in or below the current kustomization directory. Further, bases specified via a git URL may not reference files outside of the directory used to clone the repository.
+
+### Kustomization Field Removals
+
+#### patches
+`patches` was deprecated and replaced by `patchesStrategicMerge` when `patchesJson6902` was introduced.
+In Kustomize 2.0.0, `patches` is removed. Please use `patchesStrategicMerge` instead.
+
+#### imageTags
+`imageTags` is replaced by `images` since `images` can provide more features to change image names, registries, tags and digests.
+
+#### secretGenerator/commands
+`commands` is removed from SecretGenerator due to [security concern](https://docs.google.com/document/d/1FYgLVdq-siB_Cef9yuQBmit0PbrE8lsyTBdGI2eA2y8/edit). One can use `files` or `literals`, similar to ConfigMapGenerator, to generate a secret.
+```
+secretGenerator:
+- name: app-tls
+  files:
+    - secret/tls.cert
+    - secret/tls.key
+  type: "kubernetes.io/tls"
+```
+
+## Compatible Changes (New Features)
+As this release is triggered by a security change,
+there are no major new features to announce. A few things that are worth mentioning in this release are:
+
+* More than _40_ issues closed since 1.0.11 release (including many extensions to transformation rules).
+* Users can run `kustomize edit fix` to migrate a kustomization file working with previous versions to one working with 2.0.0. For example, a kustomization.yaml with following content
+  ```
+  patches:
+    - deployment-patch.yaml
+  imageTags:
+    - name: postgres
+      newTag: v1
+  ```
+  
+  will be converted to
+  
+  ```
+  apiVersion: kustomize.config.k8s.io/v1beta1
+  kind: Kustomization
+  patchesStrategicMerge:
+    - deployment-patch.yaml
+  images:
+    - name: postgres
+      newTag: v1
+  ```
+
+* Kustomization filename
+
+  In previous versions, the canonical name of a kustomization file is `kustomization.yaml`. Kustomize 2.0.0 is extended to recognize more file names: `kustomization.yaml`, `kustomization.yml` and `Kustomization`. In a directory, only one of those filenames is allowed. If there are more than one found, Kustomize will exit with an error. Please select the best filename for your use cases.
+* No longer planning to deprecate namespace prefix/suffix. The deprecation warning
+   ```
+   Adding nameprefix and namesuffix to Namespace resource will be deprecated in next release.
+   ```
+    is removed. Since changing this behavior will break many users' workflow. Kustomize will continue with adding nameprefix and namesuffix to Namespace resources.
--- a/docs/versioningPolicy.md
+++ b/docs/versioningPolicy.md
@@ -0,0 +1,220 @@
+# Versioning
+
+Running `kustomize` means one is running a
+particular version of a program, reading a
+particular version of a [kustomization] file.
+
+## Program Versioning
+
+The command `kustomize version` prints a three
+field version tag (e.g. `1.0.11`) that aspires to
+[semantic versioning].
+
+When enough changes have accumulated to
+warrant a new release, a [release process]
+is followed, and the fields in the version
+number are bumped per semver.
+
+## Kustomization File Versioning
+
+At the time of writing (circa release of v2.0.0):
+
+ - A [kustomization] file is just a YAML file that
+   can be successfully parsed into a particular Go
+   struct defined in the `kustomize` binary.
+
+ - This struct does not have a version number,
+   which is the same as saying that its version
+   number matches the program's version number,
+   since it's compiled in.
+
+### Field Change Policy
+
+- A field's meaning cannot be changed.
+
+- A field may be deprecated, then removed.
+
+- Deprecation means triggering a _minor_ (semver)
+  version bump in the program, and
+  defining a migration path in a non-fatal
+  error message.
+
+- Removal means triggering a _major_ (semver)
+  version bump, and fatal error if field encountered
+  (as with any unknown field).
+
+### The `edit fix` Command
+
+This `kustomize` command reads a Kustomization
+file, converts deprecated fields to new
+fields, and writes it out again in the latest
+format.
+
+This is a type version upgrade mechanism that
+works within _major_ program revisions.  There is
+no downgrade capability, as there's no use case
+for it (see discussion below).
+
+### Examples
+
+At the time of writing, in v1.0.x, there were 12
+minor releases, with backward compatible
+deprecations fixable via `edit fix`.
+
+With the 2.0.0 release, there were three field
+removals:
+
+- `imageTag` was deprecated when `image` was
+   introduced, because the latter offers more
+   general features for image data manipulation.
+   `imageTag` was removed in v2.0.0.
+
+- `patches` was deprecated and replaced by
+   `PatchesStrategicMerge` when `PatchesJson6902`
+   was introduced, to make a clearer
+   distinction between patch specification formats.
+   `patches` was removed in v2.0.0.
+
+- `secretGenerator/commands` was removed
+   due to security concerns in v2.0.0
+   with no deprecation period.
+
+The `edit fix` command in a v2.0.x binary
+will no longer recognize these fields.
+
+## Relationship to the k8s API
+
+### Review of k8s API versioning
+
+The k8s API has specific [conventions] and a
+process for making [changes].
+
+The presence of an `apiVersion` field in a k8s
+native type signals:
+
+ - its reliability level (alpha vs beta vs
+   generally available),
+
+ - the existence of code to provide default values
+   to fields not present in a serialization,
+   
+ - the existence of code to provide both forward
+   and backward conversion between different
+   versions of types.
+   
+The k8s API promises a lossless _conversion_
+between versions over a specific range.  This
+means that a recent client can write an object
+bearing the newest possible value for its version,
+the server will accept it and store it in
+"versionless" JSON form in storage, and can
+convert it to a range of older versions should
+an older client request data.
+
+For native k8s types, this all requires writing Go
+code in the kubernetes core repo, to provide
+defaulting and conversions.
+
+For CRDs, there's a [proposal] on how to manage
+versioning (e.g. a remote service can offer type
+defaulting and conversions).
+
+### Kustomization file versioning
+
+The critical difference between k8s API versioning
+and kustomization file versioning is
+
+ - A k8s API server is able to go _forward_ and
+   _backward_ in versioning, to work with older
+   clients, over [some range].
+
+ - The `kustomize edit fix` command only moves
+   _forward_ within a _major_ program
+   version.
+
+At the time of writing, the YAML in a
+kustomization file does not represent a [k8s API]
+object, and the kustomize command and associated
+library is neither a server of, nor a client to,
+the k8s API.
+
+### Additional Kustomization file rules
+
+In addition to the [field change policy] described
+above, kustomization files conform to
+the following rules.
+
+#### Eschew classic k8s fields
+
+Field names with dedicated meaning in k8s
+(`metadata`, `spec`, `status`, etc.)  aren't used.
+
+This is enforced via code review.
+
+#### Optional use of k8s `kind` and `apiVersion`
+
+At the time of writing two [special] k8s
+resource fields are allowed, but not required, in
+a kustomization file: [`kind`] and [`apiVersion`].
+
+If either field is present, they both must be, and
+they must have the following values:
+
+```
+kind: Kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+```
+
+They are allowed to exist and have specific values
+in a kustomization file only as a sort of
+domain-squatting behavior for some future API.  A
+kustomize user gains nothing from adding these
+fields to a kustomization file.
+
+### Why not require `kind` and `apiVersion`?
+
+#### Ease of use and setting proper expectations
+
+Use cases for a kustomization file don't include a
+server storing muliple k8s kinds and offering
+version downgrades.
+
+The kustomization file is more akin to a
+`Makefile`.  A kustomize command can either read a
+kustomization file, or it cannot, and in the later
+case will complain as specifically as possible
+about why (e.g. `unknown field Foo`).
+
+So requiring a `kind` and `apiVersion` would just
+be boilerplate in a user's files, and in all the
+examples and tests.
+
+Nevertheless, _a user still benefits from a
+versioning policy_ and has a `fix` command to
+upgrade files as needed.
+
+#### We can change our minds
+
+When/if the kustomization struct graduates to some
+kind of API status, with an expectation of
+"versionless" storage and downgrade capability,
+whatever it looks like at that moment can be
+locked into `/v1beta1` or `/v1` and the `kind`
+and `apiVersion` fields can be required from that
+moment forward.
+
+
+[field change policy]: #field-change-policy
+[some range]: https://kubernetes.io/docs/reference/using-api/deprecation-policy
+[proposal]: https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/customresources-versioning.md
+[beta-level rules]: https://github.com/kubernetes/community/blob/master/contributors/devel/api_changes.md#alpha-beta-and-stable-versions
+[changes]: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api_changes.md
+[adapt]: https://github.com/kubernetes-sigs/kustomize/blob/master/pkg/types/kustomization.go#L166
+[special]: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#resources
+[k8s API]: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md
+[conventions]: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md
+[release process]: ../build/README.md
+[kustomization]: glossary.md#kustomization
+[`kind`]: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#types-kinds
+[`apiVersion`]: https://kubernetes.io/docs/concepts/overview/kubernetes-api/#api-versioning
+[semantic versioning]: https://semver.org
--- a/examples/README.md
+++ b/examples/README.md
@@ -37,7 +37,7 @@ go get sigs.k8s.io/kustomize
   
 * [vars](wordpress/README.md) - Injecting k8s runtime data into container arguments (e.g. to point wordpress to a SQL service) by vars.
 
- * [image tags](imageTags.md) - Updating image tags without applying a patch.
+ * [image names and tags](image.md) - Updating image names and tags without applying a patch.

 * [multibases](multibases/README.md) - Composing three variants (dev, staging, production) with a common base.

--- a/examples/combineConfigs.md
+++ b/examples/combineConfigs.md
@@ -92,9 +92,9 @@ secret holding them (not covering that here).
 <!--
 secretGenerator:
 - name: app-tls
-  commands:
-    tls.crt: "cat tls.cert"
-    tls.key: "cat tls.key"
+  files:
+    tls.crt=tls.cert
+    tls.key=tls.key
  type: "kubernetes.io/tls"
 EOF
 -->
--- a/examples/generatorOptions.md
+++ b/examples/generatorOptions.md
@@ -5,12 +5,10 @@ Kustomize provides options to modify the behavior of ConfigMap and Secret genera
 - disable appending a content hash suffix to the names of generated resources
 - adding labels to generated resources
 - adding annotations to generated resources
- - changing shell and arguments for getting data from commands
- - changing timeout for executing commands
 
 This demo shows how to use these options. First create a workspace.
 ```
-DEMO_HOME=$(mkdir -d)
+DEMO_HOME=$(mktemp -d)
 ```

 Create a kustomization and add a ConfigMap generator to it.
--- a/examples/imageTags.md
+++ b/examples/imageTags.md
@@ -1,4 +1,4 @@
-# Demo: change image tags
+# Demo: change image names and tags


 Define a place to work:
@@ -42,21 +42,22 @@ EOF
 ```

 The `myapp-pod` resource declares an initContainer and a container, both use the image `busybox:1.29.0`.
-The tag `1.29.0` can be changed by adding `imageTags` in `kustomization.yaml`.
+The image `busybox` and tag `1.29.0` can be changed by adding `images` in `kustomization.yaml`.


-Add `imageTags`:
-<!-- @addImageTags @test -->
+Add `images`:
+<!-- @addImages @test -->
 ```
 cd $DEMO_HOME
-kustomize edit set imagetag busybox:1.29.1
+kustomize edit set image busybox=alpine:3.6
 ```

-The `kustomization.yaml` will be added following `imageTags`.
+The following `images` will be added to `kustomization.yaml`:
 > ```
-> imageTags:
+> images:
 > - name: busybox
->   newTag: 1.29.1
+>   newName: alpine
+>   newTag: 3.6
 > ```

 Now build this `kustomization`
@@ -65,11 +66,11 @@ Now build this `kustomization`
 kustomize build $DEMO_HOME
 ```

-Confirm that this replaces _both_ busybox tags:
+Confirm that this replaces _both_ busybox images and tags for `alpine:3.6`:

-<!-- @confirmTags @test -->
+<!-- @confirmImages @test -->
 ```
-test 2 == \
-  $(kustomize build $DEMO_HOME | grep busybox:1.29.1 | wc -l); \
+test 2 = \
+  $(kustomize build $DEMO_HOME | grep alpine:3.6 | wc -l); \
  echo $?
 ```
--- a/examples/transformerconfigs/README.md
+++ b/examples/transformerconfigs/README.md
@@ -87,7 +87,7 @@ nameReference:
    (etc.)    
 ```

-## cusotmizing transformer configurations
+## customizing transformer configurations

 Kustomize has a default set of configurations. They can be saved to local directory through `kustomize config save -d`. Kustomize allows modifying those configuration files and using them in kustomization.yaml file. This tutorial shows how to customize those configurations to
 - [support a CRD type](crd/README.md)
--- a/examples/transformerconfigs/crd/README.md
+++ b/examples/transformerconfigs/crd/README.md
@@ -17,7 +17,7 @@ Get the default transformer configurations using this command:
 kustomize config save -d $DEMO_HOME/kustomizeconfig
 ```
 The default configurations are saved
-in the directory `$DEMO_HOME/kusotmizeconfig` as several files
+in the directory `$DEMO_HOME/kustomizeconfig` as several files

 > ```
 > commonannotations.yaml
--- a/k8sdeps/configmapandsecret/configmapfactory.go
+++ b/k8sdeps/configmapandsecret/configmapfactory.go
@@ -19,28 +19,26 @@ package configmapandsecret

 import (
 	"fmt"
-	"path"
 	"strings"
+	"unicode/utf8"

 	"github.com/pkg/errors"
 	"k8s.io/api/core/v1"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/util/validation"
-	"sigs.k8s.io/kustomize/pkg/fs"
+	"sigs.k8s.io/kustomize/k8sdeps/kv"
 	"sigs.k8s.io/kustomize/pkg/ifc"
 	"sigs.k8s.io/kustomize/pkg/types"
 )

 // ConfigMapFactory makes ConfigMaps.
 type ConfigMapFactory struct {
-	fSys fs.FileSystem
-	ldr  ifc.Loader
+	ldr ifc.Loader
 }

 // NewConfigMapFactory returns a new ConfigMapFactory.
-func NewConfigMapFactory(
-	fSys fs.FileSystem, l ifc.Loader) *ConfigMapFactory {
-	return &ConfigMapFactory{fSys: fSys, ldr: l}
+func NewConfigMapFactory(l ifc.Loader) *ConfigMapFactory {
+	return &ConfigMapFactory{ldr: l}
 }

 func (f *ConfigMapFactory) makeFreshConfigMap(
@@ -49,6 +47,7 @@ func (f *ConfigMapFactory) makeFreshConfigMap(
 	cm.APIVersion = "v1"
 	cm.Kind = "ConfigMap"
 	cm.Name = args.Name
+	cm.Namespace = args.Namespace
 	cm.Data = map[string]string{}
 	return cm
 }
@@ -56,7 +55,7 @@ func (f *ConfigMapFactory) makeFreshConfigMap(
 // MakeConfigMap returns a new ConfigMap, or nil and an error.
 func (f *ConfigMapFactory) MakeConfigMap(
 	args *types.ConfigMapArgs, options *types.GeneratorOptions) (*corev1.ConfigMap, error) {
-	var all []kvPair
+	var all []kv.Pair
 	var err error
 	cm := f.makeFreshConfigMap(args)

@@ -82,8 +81,8 @@ func (f *ConfigMapFactory) MakeConfigMap(
 	}
 	all = append(all, pairs...)

-	for _, kv := range all {
-		err = addKvToConfigMap(cm, kv.key, kv.value)
+	for _, p := range all {
+		err = addKvToConfigMap(cm, p.Key, p.Value)
 		if err != nil {
 			return nil, err
 		}
@@ -95,45 +94,6 @@ func (f *ConfigMapFactory) MakeConfigMap(
 	return cm, nil
 }

-func keyValuesFromLiteralSources(sources []string) ([]kvPair, error) {
-	var kvs []kvPair
-	for _, s := range sources {
-		k, v, err := parseLiteralSource(s)
-		if err != nil {
-			return nil, err
-		}
-		kvs = append(kvs, kvPair{key: k, value: v})
-	}
-	return kvs, nil
-}
-
-func keyValuesFromFileSources(ldr ifc.Loader, sources []string) ([]kvPair, error) {
-	var kvs []kvPair
-	for _, s := range sources {
-		k, fPath, err := parseFileSource(s)
-		if err != nil {
-			return nil, err
-		}
-		content, err := ldr.Load(fPath)
-		if err != nil {
-			return nil, err
-		}
-		kvs = append(kvs, kvPair{key: k, value: string(content)})
-	}
-	return kvs, nil
-}
-
-func keyValuesFromEnvFile(l ifc.Loader, path string) ([]kvPair, error) {
-	if path == "" {
-		return nil, nil
-	}
-	content, err := l.Load(path)
-	if err != nil {
-		return nil, err
-	}
-	return keyValuesFromLines(content)
-}
-
 // addKvToConfigMap adds the given key and data to the given config map.
 // Error if key invalid, or already exists.
 func addKvToConfigMap(configMap *v1.ConfigMap, keyName, data string) error {
@@ -141,50 +101,26 @@ func addKvToConfigMap(configMap *v1.ConfigMap, keyName, data string) error {
 	if errs := validation.IsConfigMapKey(keyName); len(errs) != 0 {
 		return fmt.Errorf("%q is not a valid key name for a ConfigMap: %s", keyName, strings.Join(errs, ";"))
 	}
-	if _, entryExists := configMap.Data[keyName]; entryExists {
-		return fmt.Errorf("cannot add key %s, another key by that name already exists: %v", keyName, configMap.Data)
+
+	keyExistsErrorMsg := "cannot add key %s, another key by that name already exists: %v"
+
+	// If the configmap data contains byte sequences that are all in the UTF-8
+	// range, we will write it to .Data
+	if utf8.Valid([]byte(data)) {
+		if _, entryExists := configMap.Data[keyName]; entryExists {
+			return fmt.Errorf(keyExistsErrorMsg, keyName, configMap.Data)
+		}
+		configMap.Data[keyName] = data
+		return nil
 	}
-	configMap.Data[keyName] = data
+
+	// otherwise, it's BinaryData
+	if configMap.BinaryData == nil {
+		configMap.BinaryData = map[string][]byte{}
+	}
+	if _, entryExists := configMap.BinaryData[keyName]; entryExists {
+		return fmt.Errorf(keyExistsErrorMsg, keyName, configMap.BinaryData)
+	}
+	configMap.BinaryData[keyName] = []byte(data)
 	return nil
 }
-
-// parseFileSource parses the source given.
-//
-//  Acceptable formats include:
-//   1.  source-path: the basename will become the key name
-//   2.  source-name=source-path: the source-name will become the key name and
-//       source-path is the path to the key file.
-//
-// Key names cannot include '='.
-func parseFileSource(source string) (keyName, filePath string, err error) {
-	numSeparators := strings.Count(source, "=")
-	switch {
-	case numSeparators == 0:
-		return path.Base(source), source, nil
-	case numSeparators == 1 && strings.HasPrefix(source, "="):
-		return "", "", fmt.Errorf("key name for file path %v missing", strings.TrimPrefix(source, "="))
-	case numSeparators == 1 && strings.HasSuffix(source, "="):
-		return "", "", fmt.Errorf("file path for key name %v missing", strings.TrimSuffix(source, "="))
-	case numSeparators > 1:
-		return "", "", errors.New("key names or file paths cannot contain '='")
-	default:
-		components := strings.Split(source, "=")
-		return components[0], components[1], nil
-	}
-}
-
-// parseLiteralSource parses the source key=val pair into its component pieces.
-// This functionality is distinguished from strings.SplitN(source, "=", 2) since
-// it returns an error in the case of empty keys, values, or a missing equals sign.
-func parseLiteralSource(source string) (keyName, value string, err error) {
-	// leading equal is invalid
-	if strings.Index(source, "=") == 0 {
-		return "", "", fmt.Errorf("invalid literal source %v, expected key=value", source)
-	}
-	// split after the first equal (so values can have the = character)
-	items := strings.SplitN(source, "=", 2)
-	if len(items) != 2 {
-		return "", "", fmt.Errorf("invalid literal source %v, expected key=value", source)
-	}
-	return items[0], strings.Trim(items[1], "\"'"), nil
-}
--- a/k8sdeps/configmapandsecret/configmapfactory_test.go
+++ b/k8sdeps/configmapandsecret/configmapfactory_test.go
@@ -57,6 +57,9 @@ func makeFileConfigMap(name string) *corev1.ConfigMap {
 BAR=baz
 `,
 		},
+		BinaryData: map[string][]byte{
+			"app.bin": {0xff, 0xfd},
+		},
 	}
 }

@@ -92,9 +95,11 @@ func TestConstructConfigMap(t *testing.T) {
 		{
 			description: "construct config map from env",
 			input: types.ConfigMapArgs{
-				Name: "envConfigMap",
-				DataSources: types.DataSources{
-					EnvSource: "configmap/app.env",
+				GeneratorArgs: types.GeneratorArgs{
+					Name: "envConfigMap",
+					DataSources: types.DataSources{
+						EnvSource: "configmap/app.env",
+					},
 				},
 			},
 			options:  nil,
@@ -103,9 +108,11 @@ func TestConstructConfigMap(t *testing.T) {
 		{
 			description: "construct config map from file",
 			input: types.ConfigMapArgs{
-				Name: "fileConfigMap",
-				DataSources: types.DataSources{
-					FileSources: []string{"configmap/app-init.ini"},
+				GeneratorArgs: types.GeneratorArgs{
+					Name: "fileConfigMap",
+					DataSources: types.DataSources{
+						FileSources: []string{"configmap/app-init.ini", "configmap/app.bin"},
+					},
 				},
 			},
 			options:  nil,
@@ -114,9 +121,11 @@ func TestConstructConfigMap(t *testing.T) {
 		{
 			description: "construct config map from literal",
 			input: types.ConfigMapArgs{
-				Name: "literalConfigMap",
-				DataSources: types.DataSources{
-					LiteralSources: []string{"a=x", "b=y", "c=\"Hello World\"", "d='true'"},
+				GeneratorArgs: types.GeneratorArgs{
+					Name: "literalConfigMap",
+					DataSources: types.DataSources{
+						LiteralSources: []string{"a=x", "b=y", "c=\"Hello World\"", "d='true'"},
+					},
 				},
 			},
 			options: &types.GeneratorOptions{
@@ -131,7 +140,8 @@ func TestConstructConfigMap(t *testing.T) {
 	fSys := fs.MakeFakeFS()
 	fSys.WriteFile("/configmap/app.env", []byte("DB_USERNAME=admin\nDB_PASSWORD=somepw\n"))
 	fSys.WriteFile("/configmap/app-init.ini", []byte("FOO=bar\nBAR=baz\n"))
-	f := NewConfigMapFactory(fSys, loader.NewFileLoaderAtRoot(fSys))
+	fSys.WriteFile("/configmap/app.bin", []byte{0xff, 0xfd})
+	f := NewConfigMapFactory(loader.NewFileLoaderAtRoot(fSys))
 	for _, tc := range testCases {
 		cm, err := f.MakeConfigMap(&tc.input, tc.options)
 		if err != nil {
--- a/k8sdeps/configmapandsecret/kv.go
+++ b/k8sdeps/configmapandsecret/kv.go
@@ -1,5 +1,5 @@
 /*
-Copyright 2018 The Kubernetes Authors.
+Copyright 2019 The Kubernetes Authors.

 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -17,86 +17,91 @@ limitations under the License.
 package configmapandsecret

 import (
-	"bufio"
-	"bytes"
 	"fmt"
-	"os"
+	"path"
 	"strings"
-	"unicode"
-	"unicode/utf8"

-	"k8s.io/apimachinery/pkg/util/validation"
+	"github.com/pkg/errors"
+	"sigs.k8s.io/kustomize/k8sdeps/kv"
+	"sigs.k8s.io/kustomize/pkg/ifc"
 )

-// kvPair represents a key value pair.
-type kvPair struct {
-	key   string
-	value string
-}
-
-var utf8bom = []byte{0xEF, 0xBB, 0xBF}
-
-// keyValuesFromLines parses given content in to a list of key-value pairs.
-func keyValuesFromLines(content []byte) ([]kvPair, error) {
-	var kvs []kvPair
-
-	scanner := bufio.NewScanner(bytes.NewReader(content))
-	currentLine := 0
-	for scanner.Scan() {
-		// Process the current line, retrieving a key/value pair if
-		// possible.
-		scannedBytes := scanner.Bytes()
-		kv, err := kvFromLine(scannedBytes, currentLine)
+func keyValuesFromLiteralSources(sources []string) ([]kv.Pair, error) {
+	var kvs []kv.Pair
+	for _, s := range sources {
+		k, v, err := parseLiteralSource(s)
 		if err != nil {
 			return nil, err
 		}
-		currentLine++
-
-		if len(kv.key) == 0 {
-			// no key means line was empty or a comment
-			continue
-		}
-
-		kvs = append(kvs, kv)
+		kvs = append(kvs, kv.Pair{Key: k, Value: v})
 	}
 	return kvs, nil
 }

-// kvFromLine returns a kv with blank key if the line is empty or a comment.
-// The value will be retrieved from the environment if necessary.
-func kvFromLine(line []byte, currentLine int) (kvPair, error) {
-	kv := kvPair{}
-
-	if !utf8.Valid(line) {
-		return kv, fmt.Errorf("line %d has invalid utf8 bytes : %v", line, string(line))
+func keyValuesFromFileSources(ldr ifc.Loader, sources []string) ([]kv.Pair, error) {
+	var kvs []kv.Pair
+	for _, s := range sources {
+		k, fPath, err := parseFileSource(s)
+		if err != nil {
+			return nil, err
+		}
+		content, err := ldr.Load(fPath)
+		if err != nil {
+			return nil, err
+		}
+		kvs = append(kvs, kv.Pair{Key: k, Value: string(content)})
 	}
-
-	// We trim UTF8 BOM from the first line of the file but no others
-	if currentLine == 0 {
-		line = bytes.TrimPrefix(line, utf8bom)
-	}
-
-	// trim the line from all leading whitespace first
-	line = bytes.TrimLeftFunc(line, unicode.IsSpace)
-
-	// If the line is empty or a comment, we return a blank key/value pair.
-	if len(line) == 0 || line[0] == '#' {
-		return kv, nil
-	}
-
-	data := strings.SplitN(string(line), "=", 2)
-	key := data[0]
-	if errs := validation.IsEnvVarName(key); len(errs) != 0 {
-		return kv, fmt.Errorf("%q is not a valid key name: %s", key, strings.Join(errs, ";"))
-	}
-
-	if len(data) == 2 {
-		kv.value = data[1]
-	} else {
-		// No value (no `=` in the line) is a signal to obtain the value
-		// from the environment.
-		kv.value = os.Getenv(key)
-	}
-	kv.key = key
-	return kv, nil
+	return kvs, nil
+}
+
+func keyValuesFromEnvFile(l ifc.Loader, path string) ([]kv.Pair, error) {
+	if path == "" {
+		return nil, nil
+	}
+	content, err := l.Load(path)
+	if err != nil {
+		return nil, err
+	}
+	return kv.KeyValuesFromLines(content)
+}
+
+// parseFileSource parses the source given.
+//
+//  Acceptable formats include:
+//   1.  source-path: the basename will become the key name
+//   2.  source-name=source-path: the source-name will become the key name and
+//       source-path is the path to the key file.
+//
+// Key names cannot include '='.
+func parseFileSource(source string) (keyName, filePath string, err error) {
+	numSeparators := strings.Count(source, "=")
+	switch {
+	case numSeparators == 0:
+		return path.Base(source), source, nil
+	case numSeparators == 1 && strings.HasPrefix(source, "="):
+		return "", "", fmt.Errorf("key name for file path %v missing", strings.TrimPrefix(source, "="))
+	case numSeparators == 1 && strings.HasSuffix(source, "="):
+		return "", "", fmt.Errorf("file path for key name %v missing", strings.TrimSuffix(source, "="))
+	case numSeparators > 1:
+		return "", "", errors.New("key names or file paths cannot contain '='")
+	default:
+		components := strings.Split(source, "=")
+		return components[0], components[1], nil
+	}
+}
+
+// parseLiteralSource parses the source key=val pair into its component pieces.
+// This functionality is distinguished from strings.SplitN(source, "=", 2) since
+// it returns an error in the case of empty keys, values, or a missing equals sign.
+func parseLiteralSource(source string) (keyName, value string, err error) {
+	// leading equal is invalid
+	if strings.Index(source, "=") == 0 {
+		return "", "", fmt.Errorf("invalid literal source %v, expected key=value", source)
+	}
+	// split after the first equal (so values can have the = character)
+	items := strings.SplitN(source, "=", 2)
+	if len(items) != 2 {
+		return "", "", fmt.Errorf("invalid literal source %v, expected key=value", source)
+	}
+	return items[0], strings.Trim(items[1], "\"'"), nil
 }
--- a/k8sdeps/configmapandsecret/kv_test.go
+++ b/k8sdeps/configmapandsecret/kv_test.go
@@ -1,5 +1,5 @@
 /*
-Copyright 2018 The Kubernetes Authors.
+Copyright 2019 The Kubernetes Authors.

 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -19,50 +19,39 @@ package configmapandsecret
 import (
 	"reflect"
 	"testing"
+
+	"sigs.k8s.io/kustomize/k8sdeps/kv"
+	"sigs.k8s.io/kustomize/pkg/fs"
+	"sigs.k8s.io/kustomize/pkg/loader"
 )

-func TestKeyValuesFromLines(t *testing.T) {
+func TestKeyValuesFromFileSources(t *testing.T) {
 	tests := []struct {
-		desc          string
-		content       string
-		expectedPairs []kvPair
-		expectedErr   bool
+		description string
+		sources     []string
+		expected    []kv.Pair
 	}{
 		{
-			desc: "valid kv content parse",
-			content: `
-		k1=v1
-		k2=v2
-		`,
-			expectedPairs: []kvPair{
-				{key: "k1", value: "v1"},
-				{key: "k2", value: "v2"},
+			description: "create kvs from file sources",
+			sources:     []string{"files/app-init.ini"},
+			expected: []kv.Pair{
+				{
+					Key:   "app-init.ini",
+					Value: "FOO=bar",
+				},
 			},
-			expectedErr: false,
 		},
-		{
-			desc: "content with comments",
-			content: `
-		k1=v1
-		#k2=v2
-		`,
-			expectedPairs: []kvPair{
-				{key: "k1", value: "v1"},
-			},
-			expectedErr: false,
-		},
-		// TODO: add negative testcases
 	}

-	for _, test := range tests {
-		pairs, err := keyValuesFromLines([]byte(test.content))
-		if test.expectedErr && err == nil {
-			t.Fatalf("%s should not return error", test.desc)
+	fSys := fs.MakeFakeFS()
+	fSys.WriteFile("/files/app-init.ini", []byte("FOO=bar"))
+	for _, tc := range tests {
+		kvs, err := keyValuesFromFileSources(loader.NewFileLoaderAtRoot(fSys), tc.sources)
+		if err != nil {
+			t.Fatalf("unexpected error: %v", err)
 		}
-
-		if !reflect.DeepEqual(pairs, test.expectedPairs) {
-			t.Errorf("%s should succeed, got:%v exptected:%v", test.desc, pairs, test.expectedPairs)
+		if !reflect.DeepEqual(kvs, tc.expected) {
+			t.Fatalf("in testcase: %q updated:\n%#v\ndoesn't match expected:\n%#v\n", tc.description, kvs, tc.expected)
 		}
-
 	}
 }
--- a/k8sdeps/configmapandsecret/secretfactory.go
+++ b/k8sdeps/configmapandsecret/secretfactory.go
@@ -17,34 +17,25 @@ limitations under the License.
 package configmapandsecret

 import (
-	"context"
 	"fmt"
-	"log"
-	"os/exec"
-	"path/filepath"
 	"strings"
-	"time"

 	"github.com/pkg/errors"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/util/validation"
-	"sigs.k8s.io/kustomize/pkg/fs"
+	"sigs.k8s.io/kustomize/k8sdeps/kv"
+	"sigs.k8s.io/kustomize/pkg/ifc"
 	"sigs.k8s.io/kustomize/pkg/types"
 )

-const (
-	defaultCommandTimeout = 5 * time.Second
-)
-
 // SecretFactory makes Secrets.
 type SecretFactory struct {
-	fSys fs.FileSystem
-	wd   string
+	ldr ifc.Loader
 }

 // NewSecretFactory returns a new SecretFactory.
-func NewSecretFactory(fSys fs.FileSystem, wd string) *SecretFactory {
-	return &SecretFactory{fSys: fSys, wd: wd}
+func NewSecretFactory(ldr ifc.Loader) *SecretFactory {
+	return &SecretFactory{ldr: ldr}
 }

 func (f *SecretFactory) makeFreshSecret(args *types.SecretArgs) *corev1.Secret {
@@ -52,6 +43,7 @@ func (f *SecretFactory) makeFreshSecret(args *types.SecretArgs) *corev1.Secret {
 	s.APIVersion = "v1"
 	s.Kind = "Secret"
 	s.Name = args.Name
+	s.Namespace = args.Namespace
 	s.Type = corev1.SecretType(args.Type)
 	if s.Type == "" {
 		s.Type = corev1.SecretTypeOpaque
@@ -62,33 +54,34 @@ func (f *SecretFactory) makeFreshSecret(args *types.SecretArgs) *corev1.Secret {

 // MakeSecret returns a new secret.
 func (f *SecretFactory) MakeSecret(args *types.SecretArgs, options *types.GeneratorOptions) (*corev1.Secret, error) {
-	var all []kvPair
+	var all []kv.Pair
 	var err error
 	s := f.makeFreshSecret(args)

-	timeout := defaultCommandTimeout
-	if args.TimeoutSeconds != nil {
-		log.Println("SecretArgs.TimeoutSeconds will be deprected in next release. Please use GeneratorOptions.TimeoutSeconds instread.")
-		timeout = time.Duration(*args.TimeoutSeconds) * time.Second
-	}
-
-	pairs, err := f.keyValuesFromEnvFileCommand(args.EnvCommand, timeout, options)
+	pairs, err := keyValuesFromEnvFile(f.ldr, args.EnvSource)
 	if err != nil {
 		return nil, errors.Wrap(err, fmt.Sprintf(
 			"env source file: %s",
-			args.EnvCommand))
+			args.EnvSource))
 	}
 	all = append(all, pairs...)

-	pairs, err = f.keyValuesFromCommands(args.Commands, timeout, options)
+	pairs, err = keyValuesFromLiteralSources(args.LiteralSources)
 	if err != nil {
 		return nil, errors.Wrap(err, fmt.Sprintf(
-			"commands %v", args.Commands))
+			"literal sources %v", args.LiteralSources))
 	}
 	all = append(all, pairs...)

-	for _, kv := range all {
-		err = addKvToSecret(s, kv.key, kv.value)
+	pairs, err = keyValuesFromFileSources(f.ldr, args.FileSources)
+	if err != nil {
+		return nil, errors.Wrap(err, fmt.Sprintf(
+			"file sources: %v", args.FileSources))
+	}
+	all = append(all, pairs...)
+
+	for _, p := range all {
+		err = addKvToSecret(s, p.Key, p.Value)
 		if err != nil {
 			return nil, err
 		}
@@ -111,52 +104,3 @@ func addKvToSecret(secret *corev1.Secret, keyName, data string) error {
 	secret.Data[keyName] = []byte(data)
 	return nil
 }
-
-func (f *SecretFactory) keyValuesFromEnvFileCommand(cmd string, timeout time.Duration, options *types.GeneratorOptions) ([]kvPair, error) {
-	content, err := f.createSecretKey(cmd, timeout, options)
-	if err != nil {
-		return nil, err
-	}
-	return keyValuesFromLines(content)
-}
-
-func (f *SecretFactory) keyValuesFromCommands(sources map[string]string, timeout time.Duration, options *types.GeneratorOptions) ([]kvPair, error) {
-	var kvs []kvPair
-	for k, cmd := range sources {
-		content, err := f.createSecretKey(cmd, timeout, options)
-		if err != nil {
-			return nil, err
-		}
-		kvs = append(kvs, kvPair{key: k, value: string(content)})
-	}
-	return kvs, nil
-}
-
-// Run a command, return its output as the secret.
-func (f *SecretFactory) createSecretKey(command string, timeout time.Duration, options *types.GeneratorOptions) ([]byte, error) {
-	if !f.fSys.IsDir(f.wd) {
-		f.wd = filepath.Dir(f.wd)
-		if !f.fSys.IsDir(f.wd) {
-			return nil, errors.New("not a directory: " + f.wd)
-		}
-	}
-
-	if options != nil && options.TimeoutSeconds != nil {
-		t := time.Duration(*options.TimeoutSeconds) * time.Second
-		if t > timeout {
-			timeout = t
-		}
-	}
-
-	var commands []string
-	if options == nil || len(options.Shell) == 0 {
-		commands = []string{"sh", "-c", command}
-	} else {
-		commands = append(options.Shell, command)
-	}
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
-	defer cancel()
-	cmd := exec.CommandContext(ctx, commands[0], commands[1:]...)
-	cmd.Dir = f.wd
-	return cmd.Output()
-}
--- a/k8sdeps/configmapandsecret/secretfactory_test.go
+++ b/k8sdeps/configmapandsecret/secretfactory_test.go
@@ -0,0 +1,151 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package configmapandsecret
+
+import (
+	"reflect"
+	"testing"
+
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"sigs.k8s.io/kustomize/pkg/fs"
+	"sigs.k8s.io/kustomize/pkg/loader"
+	"sigs.k8s.io/kustomize/pkg/types"
+)
+
+func makeEnvSecret(name string) *corev1.Secret {
+	return &corev1.Secret{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: "v1",
+			Kind:       "Secret",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name: name,
+		},
+		Data: map[string][]byte{
+			"DB_PASSWORD": []byte("somepw"),
+			"DB_USERNAME": []byte("admin"),
+		},
+		Type: "Opaque",
+	}
+}
+
+func makeFileSecret(name string) *corev1.Secret {
+	return &corev1.Secret{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: "v1",
+			Kind:       "Secret",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name: name,
+		},
+		Data: map[string][]byte{
+			"app-init.ini": []byte(`FOO=bar
+BAR=baz
+`),
+		},
+		Type: "Opaque",
+	}
+}
+
+func makeLiteralSecret(name string) *corev1.Secret {
+	s := &corev1.Secret{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: "v1",
+			Kind:       "Secret",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name: name,
+		},
+		Data: map[string][]byte{
+			"a": []byte("x"),
+			"b": []byte("y"),
+		},
+		Type: "Opaque",
+	}
+	s.SetLabels(map[string]string{"foo": "bar"})
+	return s
+}
+
+func TestConstructSecret(t *testing.T) {
+	type testCase struct {
+		description string
+		input       types.SecretArgs
+		options     *types.GeneratorOptions
+		expected    *corev1.Secret
+	}
+
+	testCases := []testCase{
+		{
+			description: "construct secret from env",
+			input: types.SecretArgs{
+				GeneratorArgs: types.GeneratorArgs{
+					Name: "envSecret",
+					DataSources: types.DataSources{
+						EnvSource: "secret/app.env",
+					},
+				},
+			},
+			options:  nil,
+			expected: makeEnvSecret("envSecret"),
+		},
+		{
+			description: "construct secret from file",
+			input: types.SecretArgs{
+				GeneratorArgs: types.GeneratorArgs{
+					Name: "fileSecret",
+					DataSources: types.DataSources{
+						FileSources: []string{"secret/app-init.ini"},
+					},
+				},
+			},
+			options:  nil,
+			expected: makeFileSecret("fileSecret"),
+		},
+		{
+			description: "construct secret from literal",
+			input: types.SecretArgs{
+				GeneratorArgs: types.GeneratorArgs{
+					Name: "literalSecret",
+					DataSources: types.DataSources{
+						LiteralSources: []string{"a=x", "b=y"},
+					},
+				},
+			},
+			options: &types.GeneratorOptions{
+				Labels: map[string]string{
+					"foo": "bar",
+				},
+			},
+			expected: makeLiteralSecret("literalSecret"),
+		},
+	}
+
+	fSys := fs.MakeFakeFS()
+	fSys.WriteFile("/secret/app.env", []byte("DB_USERNAME=admin\nDB_PASSWORD=somepw\n"))
+	fSys.WriteFile("/secret/app-init.ini", []byte("FOO=bar\nBAR=baz\n"))
+	f := NewSecretFactory(loader.NewFileLoaderAtRoot(fSys))
+	for _, tc := range testCases {
+		cm, err := f.MakeSecret(&tc.input, tc.options)
+		if err != nil {
+			t.Fatalf("unexpected error: %v", err)
+		}
+		if !reflect.DeepEqual(*cm, *tc.expected) {
+			t.Fatalf("in testcase: %q updated:\n%#v\ndoesn't match expected:\n%#v\n", tc.description, *cm, tc.expected)
+		}
+	}
+}
--- a/k8sdeps/kunstruct/factory.go
+++ b/k8sdeps/kunstruct/factory.go
@@ -25,7 +25,6 @@ import (
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/util/yaml"
 	"sigs.k8s.io/kustomize/k8sdeps/configmapandsecret"
-	"sigs.k8s.io/kustomize/pkg/fs"
 	"sigs.k8s.io/kustomize/pkg/ifc"
 	"sigs.k8s.io/kustomize/pkg/types"
 )
@@ -53,6 +52,9 @@ func (kf *KunstructuredFactoryImpl) SliceFromBytes(
 		var out unstructured.Unstructured
 		err = decoder.Decode(&out)
 		if err == nil {
+			if len(out.Object) == 0 {
+				continue
+			}
 			err = kf.validate(out)
 			if err != nil {
 				return nil, err
@@ -94,19 +96,23 @@ func (kf *KunstructuredFactoryImpl) MakeSecret(args *types.SecretArgs, options *
 	return NewKunstructuredFromObject(sec)
 }

-// Set sets loader, filesystem and workdirectory
-func (kf *KunstructuredFactoryImpl) Set(fs fs.FileSystem, ldr ifc.Loader) {
-	kf.cmFactory = configmapandsecret.NewConfigMapFactory(fs, ldr)
-	kf.secretFactory = configmapandsecret.NewSecretFactory(fs, ldr.Root())
+// Set sets loader
+func (kf *KunstructuredFactoryImpl) Set(ldr ifc.Loader) {
+	kf.cmFactory = configmapandsecret.NewConfigMapFactory(ldr)
+	kf.secretFactory = configmapandsecret.NewSecretFactory(ldr)
 }

 // validate validates that u has kind and name
+// except for kind `List`, which doesn't require a name
 func (kf *KunstructuredFactoryImpl) validate(u unstructured.Unstructured) error {
-	if u.GetName() == "" {
-		return fmt.Errorf("Missing metadata.name in object %v", u)
+	kind := u.GetKind()
+	if kind == "" {
+		return fmt.Errorf("missing kind in object %v", u)
+	} else if strings.HasSuffix(kind, "List") {
+		return nil
 	}
-	if u.GetKind() == "" {
-		return fmt.Errorf("Missing kind in object %v", u)
+	if u.GetName() == "" {
+		return fmt.Errorf("missing metadata.name in object %v", u)
 	}
 	return nil
 }
--- a/k8sdeps/kunstruct/factory_test.go
+++ b/k8sdeps/kunstruct/factory_test.go
@@ -33,6 +33,24 @@ func TestSliceFromBytes(t *testing.T) {
 				"name": "winnie",
 			},
 		})
+	testList := factory.FromMap(
+		map[string]interface{}{
+			"apiVersion": "v1",
+			"kind":       "List",
+			"items": []interface{}{
+				testConfigMap.Map(),
+				testConfigMap.Map(),
+			},
+		})
+	testConfigMapList := factory.FromMap(
+		map[string]interface{}{
+			"apiVersion": "v1",
+			"kind":       "ConfigMapList",
+			"items": []interface{}{
+				testConfigMap.Map(),
+				testConfigMap.Map(),
+			},
+		})

 	tests := []struct {
 		name        string
@@ -100,6 +118,18 @@ WOOOOOOOOOOOOOOOOOOOOOOOOT:  woot
 			expectedOut: []ifc.Kunstructured{},
 			expectedErr: true,
 		},
+		{
+			name: "emptyObjects",
+			input: []byte(`
+---
+#a comment
+
+---
+
+`),
+			expectedOut: []ifc.Kunstructured{},
+			expectedErr: false,
+		},
 		{
 			name: "Missing .metadata.name in object",
 			input: []byte(`
@@ -112,6 +142,42 @@ metadata:
 			expectedOut: nil,
 			expectedErr: true,
 		},
+		{
+			name: "List",
+			input: []byte(`
+apiVersion: v1
+kind: List
+items:
+- apiVersion: v1
+  kind: ConfigMap
+  metadata:
+    name: winnie
+- apiVersion: v1
+  kind: ConfigMap
+  metadata:
+    name: winnie
+`),
+			expectedOut: []ifc.Kunstructured{testList},
+			expectedErr: false,
+		},
+		{
+			name: "ConfigMapList",
+			input: []byte(`
+apiVersion: v1
+kind: ConfigMapList
+items:
+- apiVersion: v1
+  kind: ConfigMap
+  metadata:
+    name: winnie
+- apiVersion: v1
+  kind: ConfigMap
+  metadata:
+    name: winnie
+`),
+			expectedOut: []ifc.Kunstructured{testConfigMapList},
+			expectedErr: false,
+		},
 	}

 	for _, test := range tests {
--- a/k8sdeps/kunstruct/helper.go
+++ b/k8sdeps/kunstruct/helper.go
@@ -55,7 +55,7 @@ func parseFields(path string) ([]string, error) {
 				start = i + 1
 				insideParentheses = false
 			} else {
-				return nil, fmt.Errorf("Invalid field path %s", path)
+				return nil, fmt.Errorf("invalid field path %s", path)
 			}
 		}
 	}
--- a/k8sdeps/kv/kv.go
+++ b/k8sdeps/kv/kv.go
@@ -0,0 +1,101 @@
+/*
+Copyright 2019 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package kv
+
+import (
+	"bufio"
+	"bytes"
+	"fmt"
+	"os"
+	"strings"
+	"unicode"
+	"unicode/utf8"
+
+	"k8s.io/apimachinery/pkg/util/validation"
+)
+
+type Pair struct {
+	Key   string
+	Value string
+}
+
+var utf8bom = []byte{0xEF, 0xBB, 0xBF}
+
+// KeyValuesFromLines parses given content in to a list of key-value pairs.
+func KeyValuesFromLines(content []byte) ([]Pair, error) {
+	var kvs []Pair
+
+	scanner := bufio.NewScanner(bytes.NewReader(content))
+	currentLine := 0
+	for scanner.Scan() {
+		// Process the current line, retrieving a key/value pair if
+		// possible.
+		scannedBytes := scanner.Bytes()
+		kv, err := KeyValuesFromLine(scannedBytes, currentLine)
+		if err != nil {
+			return nil, err
+		}
+		currentLine++
+
+		if len(kv.Key) == 0 {
+			// no key means line was empty or a comment
+			continue
+		}
+
+		kvs = append(kvs, kv)
+	}
+	return kvs, nil
+}
+
+// KeyValuesFromLine returns a kv with blank key if the line is empty or a comment.
+// The value will be retrieved from the environment if necessary.
+func KeyValuesFromLine(line []byte, currentLine int) (Pair, error) {
+	kv := Pair{}
+
+	if !utf8.Valid(line) {
+		return kv, fmt.Errorf("line %d has invalid utf8 bytes : %v", line, string(line))
+	}
+
+	// We trim UTF8 BOM from the first line of the file but no others
+	if currentLine == 0 {
+		line = bytes.TrimPrefix(line, utf8bom)
+	}
+
+	// trim the line from all leading whitespace first
+	line = bytes.TrimLeftFunc(line, unicode.IsSpace)
+
+	// If the line is empty or a comment, we return a blank key/value pair.
+	if len(line) == 0 || line[0] == '#' {
+		return kv, nil
+	}
+
+	data := strings.SplitN(string(line), "=", 2)
+	key := data[0]
+	if errs := validation.IsEnvVarName(key); len(errs) != 0 {
+		return kv, fmt.Errorf("%q is not a valid key name: %s", key, strings.Join(errs, ";"))
+	}
+
+	if len(data) == 2 {
+		kv.Value = data[1]
+	} else {
+		// No value (no `=` in the line) is a signal to obtain the value
+		// from the environment.
+		kv.Value = os.Getenv(key)
+	}
+	kv.Key = key
+	return kv, nil
+}
--- a/k8sdeps/kv/kv_test.go
+++ b/k8sdeps/kv/kv_test.go
@@ -0,0 +1,68 @@
+/*
+Copyright 2019 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package kv
+
+import (
+	"reflect"
+	"testing"
+)
+
+func TestKeyValuesFromLines(t *testing.T) {
+	tests := []struct {
+		desc          string
+		content       string
+		expectedPairs []Pair
+		expectedErr   bool
+	}{
+		{
+			desc: "valid kv content parse",
+			content: `
+		k1=v1
+		k2=v2
+		`,
+			expectedPairs: []Pair{
+				{Key: "k1", Value: "v1"},
+				{Key: "k2", Value: "v2"},
+			},
+			expectedErr: false,
+		},
+		{
+			desc: "content with comments",
+			content: `
+		k1=v1
+		#k2=v2
+		`,
+			expectedPairs: []Pair{
+				{Key: "k1", Value: "v1"},
+			},
+			expectedErr: false,
+		},
+		// TODO: add negative testcases
+	}
+
+	for _, test := range tests {
+		pairs, err := KeyValuesFromLines([]byte(test.content))
+		if test.expectedErr && err == nil {
+			t.Fatalf("%s should not return error", test.desc)
+		}
+
+		if !reflect.DeepEqual(pairs, test.expectedPairs) {
+			t.Errorf("%s should succeed, got:%v exptected:%v", test.desc, pairs, test.expectedPairs)
+		}
+
+	}
+}
--- a/k8sdeps/transformer/hash/namehash.go
+++ b/k8sdeps/transformer/hash/namehash.go
@@ -35,7 +35,7 @@ func NewNameHashTransformer() transformers.Transformer {
 // Transform appends hash to generated resources.
 func (o *nameHashTransformer) Transform(m resmap.ResMap) error {
 	for _, res := range m {
-		if res.IsGenerated() {
+		if res.NeedHashSuffix() {
 			h, err := NewKustHash().Hash(res.Map())
 			if err != nil {
 				return err
--- a/k8sdeps/transformer/hash/namehash_test.go
+++ b/k8sdeps/transformer/hash/namehash_test.go
@@ -21,10 +21,10 @@ import (
 	"testing"

 	"sigs.k8s.io/kustomize/k8sdeps/kunstruct"
-	"sigs.k8s.io/kustomize/pkg/ifc"
 	"sigs.k8s.io/kustomize/pkg/resid"
 	"sigs.k8s.io/kustomize/pkg/resmap"
 	"sigs.k8s.io/kustomize/pkg/resource"
+	"sigs.k8s.io/kustomize/pkg/types"
 )

 func TestNameHashTransformer(t *testing.T) {
@@ -81,14 +81,14 @@ func TestNameHashTransformer(t *testing.T) {
 					},
 				},
 			}),
-		resid.NewResId(secret, "secret1"): rf.FromMap(
+		resid.NewResId(secret, "secret1"): rf.FromMapAndOption(
 			map[string]interface{}{
 				"apiVersion": "v1",
 				"kind":       "Secret",
 				"metadata": map[string]interface{}{
 					"name": "secret1",
 				},
-			}).SetBehavior(ifc.BehaviorCreate),
+			}, &types.GeneratorArgs{Behavior: "create"}, &types.GeneratorOptions{DisableNameSuffixHash: false}),
 	}

 	expected := resmap.ResMap{
@@ -142,14 +142,14 @@ func TestNameHashTransformer(t *testing.T) {
 					},
 				},
 			}),
-		resid.NewResId(secret, "secret1"): rf.FromMap(
+		resid.NewResId(secret, "secret1"): rf.FromMapAndOption(
 			map[string]interface{}{
 				"apiVersion": "v1",
 				"kind":       "Secret",
 				"metadata": map[string]interface{}{
 					"name": "secret1-7kc45hd5f7",
 				},
-			}).SetBehavior(ifc.BehaviorCreate),
+			}, &types.GeneratorArgs{Behavior: "create"}, &types.GeneratorOptions{DisableNameSuffixHash: false}),
 	}

 	tran := NewNameHashTransformer()
--- a/k8sdeps/transformer/patch/patch.go
+++ b/k8sdeps/transformer/patch/patch.go
@@ -60,9 +60,9 @@ func (pt *patchTransformer) Transform(baseResourceMap resmap.ResMap) error {
 	for _, patch := range patches {
 		// Merge patches with base resource.
 		id := patch.Id()
-		matchedIds := baseResourceMap.FindByGVKN(id)
+		matchedIds := baseResourceMap.GetMatchingIds(id.GvknEquals)
 		if len(matchedIds) == 0 {
-			return fmt.Errorf("failed to find an object with %#v to apply the patch", id.Gvk())
+			return fmt.Errorf("failed to find an object with %s to apply the patch", id.GvknString())
 		}
 		if len(matchedIds) > 1 {
 			return fmt.Errorf("found multiple objects %#v targeted by patch %#v (ambiguous)", matchedIds, id)
--- a/pkg/commands/build/build.go
+++ b/pkg/commands/build/build.go
@@ -29,11 +29,20 @@ import (
 	"sigs.k8s.io/kustomize/pkg/target"
 )

-type buildOptions struct {
+// Options contain the options for running a build
+type Options struct {
 	kustomizationPath string
 	outputPath        string
 }

+// NewOptions creates a Options object
+func NewOptions(p, o string) *Options {
+	return &Options{
+		kustomizationPath: p,
+		outputPath:        o,
+	}
+}
+
 var examples = `
 Use the file somedir/kustomization.yaml to generate a set of api resources:
    build somedir
@@ -54,11 +63,11 @@ func NewCmdBuild(
 	out io.Writer, fs fs.FileSystem,
 	rf *resmap.Factory,
 	ptf transformer.Factory) *cobra.Command {
-	var o buildOptions
+	var o Options

 	cmd := &cobra.Command{
 		Use:          "build [path]",
-		Short:        "Print current configuration per contents of " + constants.KustomizationFileName,
+		Short:        "Print current configuration per contents of " + constants.KustomizationFileNames[0],
 		Example:      examples,
 		SilenceUsage: true,
 		RunE: func(cmd *cobra.Command, args []string) error {
@@ -77,9 +86,9 @@ func NewCmdBuild(
 }

 // Validate validates build command.
-func (o *buildOptions) Validate(args []string) error {
+func (o *Options) Validate(args []string) error {
 	if len(args) > 1 {
-		return errors.New("specify one path to " + constants.KustomizationFileName)
+		return errors.New("specify one path to " + constants.KustomizationFileNames[0])
 	}
 	if len(args) == 0 {
 		o.kustomizationPath = "./"
@@ -91,7 +100,7 @@ func (o *buildOptions) Validate(args []string) error {
 }

 // RunBuild runs build command.
-func (o *buildOptions) RunBuild(
+func (o *Options) RunBuild(
 	out io.Writer, fSys fs.FileSystem,
 	rf *resmap.Factory, ptf transformer.Factory) error {
 	ldr, err := loader.NewLoader(o.kustomizationPath, fSys)
@@ -99,7 +108,7 @@ func (o *buildOptions) RunBuild(
 		return err
 	}
 	defer ldr.Cleanup()
-	kt, err := target.NewKustTarget(ldr, fSys, rf, ptf)
+	kt, err := target.NewKustTarget(ldr, rf, ptf)
 	if err != nil {
 		return err
 	}
--- a/pkg/commands/build/build_test.go
+++ b/pkg/commands/build/build_test.go
@@ -17,30 +17,11 @@ limitations under the License.
 package build

 import (
-	"bytes"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"reflect"
-	"strings"
 	"testing"

-	"github.com/ghodss/yaml"
-	"sigs.k8s.io/kustomize/k8sdeps"
-	"sigs.k8s.io/kustomize/pkg/commands/kustfile"
 	"sigs.k8s.io/kustomize/pkg/constants"
-	"sigs.k8s.io/kustomize/pkg/fs"
 )

-type buildTestCase struct {
-	Description string   `yaml:"description"`
-	Args        []string `yaml:"args"`
-	Filename    string   `yaml:"filename"`
-	// path to the file that contains the expected output
-	ExpectedStdout string `yaml:"expectedStdout"`
-	ExpectedError  string `yaml:"expectedError"`
-}
-
 func TestBuildValidate(t *testing.T) {
 	var cases = []struct {
 		name  string
@@ -52,10 +33,10 @@ func TestBuildValidate(t *testing.T) {
 		{"file", []string{"beans"}, "beans", ""},
 		{"path", []string{"a/b/c"}, "a/b/c", ""},
 		{"path", []string{"too", "many"},
-			"", "specify one path to " + constants.KustomizationFileName},
+			"", "specify one path to " + constants.KustomizationFileNames[0]},
 	}
 	for _, mycase := range cases {
-		opts := buildOptions{}
+		opts := Options{}
 		e := opts.Validate(mycase.args)
 		if len(mycase.erMsg) > 0 {
 			if e == nil {
@@ -75,87 +56,3 @@ func TestBuildValidate(t *testing.T) {
 		}
 	}
 }
-
-func TestBuild(t *testing.T) {
-	const updateEnvVar = "UPDATE_KUSTOMIZE_EXPECTED_DATA"
-	updateKustomizeExpected := os.Getenv(updateEnvVar) == "true"
-	fSys := fs.MakeRealFS()
-
-	var testcases []string
-	filepath.Walk("testdata", func(path string, info os.FileInfo, err error) error {
-		if err != nil {
-			return err
-		}
-		if path == "testdata" {
-			return nil
-		}
-		name := filepath.Base(path)
-		if info.IsDir() {
-			if strings.HasPrefix(name, "testcase-") {
-				testcases = append(testcases, strings.TrimPrefix(name, "testcase-"))
-			}
-			return filepath.SkipDir
-		}
-		return nil
-	})
-	// sanity check that we found the right folder
-	if !kustfile.StringInSlice("simple", testcases) {
-		t.Fatalf("Error locating testcases")
-	}
-
-	for _, testcaseName := range testcases {
-		t.Run(testcaseName,
-			func(t *testing.T) {
-				runBuildTestCase(t, testcaseName, updateKustomizeExpected, fSys)
-			})
-	}
-
-}
-
-func runBuildTestCase(t *testing.T, testcaseName string, updateKustomizeExpected bool, fSys fs.FileSystem) {
-	name := testcaseName
-	testcase := buildTestCase{}
-	testcaseDir := filepath.Join("testdata", "testcase-"+name)
-	testcaseData, err := ioutil.ReadFile(filepath.Join(testcaseDir, "test.yaml"))
-	if err != nil {
-		t.Fatalf("%s: %v", name, err)
-	}
-	if err := yaml.Unmarshal(testcaseData, &testcase); err != nil {
-		t.Fatalf("%s: %v", name, err)
-	}
-
-	ops := &buildOptions{
-		kustomizationPath: testcase.Filename,
-	}
-	buf := bytes.NewBuffer([]byte{})
-	f := k8sdeps.NewFactory()
-	err = ops.RunBuild(
-		buf, fSys,
-		f.ResmapF,
-		f.TransformerF)
-	switch {
-	case err != nil && len(testcase.ExpectedError) == 0:
-		t.Errorf("unexpected error: %v", err)
-	case err != nil && len(testcase.ExpectedError) != 0:
-		if !strings.Contains(err.Error(), testcase.ExpectedError) {
-			t.Errorf("expected error to contain %q but got: %v", testcase.ExpectedError, err)
-		}
-		return
-	case err == nil && len(testcase.ExpectedError) != 0:
-		t.Errorf("unexpected no error")
-	}
-
-	actualBytes := buf.Bytes()
-	if !updateKustomizeExpected {
-		expectedBytes, err := ioutil.ReadFile(testcase.ExpectedStdout)
-		if err != nil {
-			t.Errorf("unexpected error: %v", err)
-		}
-		if !reflect.DeepEqual(actualBytes, expectedBytes) {
-			t.Errorf("\n**** Actual:\n\n%s\n\n**** doesn't equal expected:\n\n%s\n\n", actualBytes, expectedBytes)
-		}
-	} else {
-		ioutil.WriteFile(testcase.ExpectedStdout, actualBytes, 0644)
-	}
-
-}
--- a/pkg/commands/build/testdata/testcase-base-only/expected.diff
+++ b/pkg/commands/build/testdata/testcase-base-only/expected.diff
@@ -1,85 +0,0 @@
-diff -u -N /tmp/noop/apps_v1beta2_Deployment_nginx.yaml /tmp/transformed/apps_v1beta2_Deployment_nginx.yaml
--- /tmp/noop/apps_v1beta2_Deployment_nginx.yaml	YYYY-MM-DD HH:MM:SS
-+++ /tmp/transformed/apps_v1beta2_Deployment_nginx.yaml	YYYY-MM-DD HH:MM:SS
-@@ -1,14 +1,27 @@
- apiVersion: apps/v1beta2
- kind: Deployment
- metadata:
-+  annotations:
-+    note: This is a test annotation
-   labels:
-    app: nginx
-  name: nginx
-+    app: mynginx
-+    org: example.com
-+    team: foo
-+  name: team-foo-nginx
- spec:
-+  selector:
-+    matchLabels:
-+      app: mynginx
-+      org: example.com
-+      team: foo
-   template:
-     metadata:
-+      annotations:
-+        note: This is a test annotation
-       labels:
-        app: nginx
-+        app: mynginx
-+        org: example.com
-+        team: foo
-     spec:
-       containers:
-       - image: nginx
-diff -u -N /tmp/noop/networking.k8s.io_v1_NetworkPolicy_nginx.yaml /tmp/transformed/networking.k8s.io_v1_NetworkPolicy_nginx.yaml
--- /tmp/noop/networking.k8s.io_v1_NetworkPolicy_nginx.yaml	YYYY-MM-DD HH:MM:SS
-+++ /tmp/transformed/networking.k8s.io_v1_NetworkPolicy_nginx.yaml	YYYY-MM-DD HH:MM:SS
-@@ -1,13 +1,21 @@
- apiVersion: networking.k8s.io/v1
- kind: NetworkPolicy
- metadata:
-  name: nginx
-+  annotations:
-+    note: This is a test annotation
-+  labels:
-+    app: mynginx
-+    org: example.com
-+    team: foo
-+  name: team-foo-nginx
- spec:
-   ingress:
-   - from:
-     - podSelector:
-         matchLabels:
-          app: nginx
-+          app: mynginx
-+          org: example.com
-+          team: foo
-   podSelector:
-     matchExpressions:
-     - key: app
-diff -u -N /tmp/noop/v1_Service_nginx.yaml /tmp/transformed/v1_Service_nginx.yaml
--- /tmp/noop/v1_Service_nginx.yaml	YYYY-MM-DD HH:MM:SS
-+++ /tmp/transformed/v1_Service_nginx.yaml	YYYY-MM-DD HH:MM:SS
-@@ -1,11 +1,17 @@
- apiVersion: v1
- kind: Service
- metadata:
-+  annotations:
-+    note: This is a test annotation
-   labels:
-    app: nginx
-  name: nginx
-+    app: mynginx
-+    org: example.com
-+    team: foo
-+  name: team-foo-nginx
- spec:
-   ports:
-   - port: 80
-   selector:
-    app: nginx
-+    app: mynginx
-+    org: example.com
-+    team: foo
--- a/pkg/commands/build/testdata/testcase-base-only/expected.yaml
+++ b/pkg/commands/build/testdata/testcase-base-only/expected.yaml
@@ -1,71 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  annotations:
-    note: This is a test annotation
-  labels:
-    app: mynginx
-    org: example.com
-    team: foo
-  name: team-foo-nginx
-spec:
-  ports:
-  - port: 80
-  selector:
-    app: mynginx
-    org: example.com
-    team: foo
---
-apiVersion: apps/v1beta2
-kind: Deployment
-metadata:
-  annotations:
-    note: This is a test annotation
-  labels:
-    app: mynginx
-    org: example.com
-    team: foo
-  name: team-foo-nginx
-spec:
-  selector:
-    matchLabels:
-      app: mynginx
-      org: example.com
-      team: foo
-  template:
-    metadata:
-      annotations:
-        note: This is a test annotation
-      labels:
-        app: mynginx
-        org: example.com
-        team: foo
-    spec:
-      containers:
-      - image: nginx
-        name: nginx
---
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  annotations:
-    note: This is a test annotation
-  labels:
-    app: mynginx
-    org: example.com
-    team: foo
-  name: team-foo-nginx
-spec:
-  ingress:
-  - from:
-    - podSelector:
-        matchLabels:
-          app: mynginx
-          org: example.com
-          team: foo
-  podSelector:
-    matchExpressions:
-    - key: app
-      operator: In
-      values:
-      - test
--- a/pkg/commands/build/testdata/testcase-base-only/in/kustomization.yaml
+++ b/pkg/commands/build/testdata/testcase-base-only/in/kustomization.yaml
@@ -1,11 +0,0 @@
-namePrefix: team-foo-
-commonLabels:
-  app: mynginx
-  org: example.com
-  team: foo
-commonAnnotations:
-  note: This is a test annotation
-resources:
-  - resources/deployment.yaml
-  - resources/networkpolicy.yaml
-  - resources/service.yaml
--- a/pkg/commands/build/testdata/testcase-base-only/in/resources/deployment.yaml
+++ b/pkg/commands/build/testdata/testcase-base-only/in/resources/deployment.yaml
@@ -1,15 +0,0 @@
-apiVersion: apps/v1beta2
-kind: Deployment
-metadata:
-  name: nginx
-  labels:
-    app: nginx
-spec:
-  template:
-    metadata:
-      labels:
-        app: nginx
-    spec:
-      containers:
-      - name: nginx
-        image: nginx
--- a/pkg/commands/build/testdata/testcase-base-only/in/resources/networkpolicy.yaml
+++ b/pkg/commands/build/testdata/testcase-base-only/in/resources/networkpolicy.yaml
@@ -1,13 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: nginx
-spec:
-  podSelector:
-    matchExpressions:
-      - {key: app, operator: In, values: [test]}
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              app: nginx
--- a/pkg/commands/build/testdata/testcase-base-only/in/resources/service.yaml
+++ b/pkg/commands/build/testdata/testcase-base-only/in/resources/service.yaml
@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: nginx
-  labels:
-    app: nginx
-spec:
-  ports:
-    - port: 80
-  selector:
-    app: nginx
--- a/pkg/commands/build/testdata/testcase-base-only/test.yaml
+++ b/pkg/commands/build/testdata/testcase-base-only/test.yaml
@@ -1,5 +0,0 @@
-description: base only
-args: []
-filename: testdata/testcase-base-only/in
-expectedStdout: testdata/testcase-base-only/expected.yaml
-expectedDiff: testdata/testcase-base-only/expected.diff
--- a/pkg/commands/build/testdata/testcase-configmaps/base/myapp/mycomponent/kustomization.yaml
+++ b/pkg/commands/build/testdata/testcase-configmaps/base/myapp/mycomponent/kustomization.yaml
@@ -1,6 +0,0 @@
-namePrefix: p1-
-configMapGenerator:
- name: com1
-  behavior: create
-  literals:
-    - from=base
--- a/pkg/commands/build/testdata/testcase-configmaps/base/myapp/mycomponent2/kustomization.yaml
+++ b/pkg/commands/build/testdata/testcase-configmaps/base/myapp/mycomponent2/kustomization.yaml
@@ -1,6 +0,0 @@
-namePrefix: p2-
-configMapGenerator:
- name: com2
-  behavior: create
-  literals:
-    - from=base
--- a/pkg/commands/build/testdata/testcase-configmaps/expected.diff
+++ b/pkg/commands/build/testdata/testcase-configmaps/expected.diff
@@ -1,16 +0,0 @@
-diff -u -N /tmp/noop/v1_ConfigMap_com1.yaml /tmp/transformed/v1_ConfigMap_com1.yaml
--- /tmp/noop/v1_ConfigMap_com1.yaml	YYYY-MM-DD HH:MM:SS
-+++ /tmp/transformed/v1_ConfigMap_com1.yaml	YYYY-MM-DD HH:MM:SS
-@@ -1,9 +1,11 @@
- apiVersion: v1
- data:
-+  baz: qux
-+  foo: bar
-   from: overlay
- kind: ConfigMap
- metadata:
-   annotations: {}
-   creationTimestamp: null
-   labels: {}
-  name: p1-com1-cmdb776d5b
-+  name: p1-com1-dhbbm922gd
--- a/pkg/commands/build/testdata/testcase-configmaps/expected.yaml
+++ b/pkg/commands/build/testdata/testcase-configmaps/expected.yaml
@@ -1,19 +0,0 @@
-apiVersion: v1
-data:
-  baz: qux
-  foo: bar
-  from: overlay
-kind: ConfigMap
-metadata:
-  annotations: {}
-  labels: {}
-  name: p1-com1-dhbbm922gd
---
-apiVersion: v1
-data:
-  from: overlay
-kind: ConfigMap
-metadata:
-  annotations: {}
-  labels: {}
-  name: p2-com2-c4b8md75k9
--- a/pkg/commands/build/testdata/testcase-configmaps/overlay/dev/kustomization.yaml
+++ b/pkg/commands/build/testdata/testcase-configmaps/overlay/dev/kustomization.yaml
@@ -1,9 +0,0 @@
-bases:
- myapp/mycomponent
- myapp/mycomponent2
-configMapGenerator:
- name: com1
-  behavior: merge
-  literals:
-    - foo=bar
-    - baz=qux
--- a/pkg/commands/build/testdata/testcase-configmaps/overlay/dev/myapp/mycomponent/kustomization.yaml
+++ b/pkg/commands/build/testdata/testcase-configmaps/overlay/dev/myapp/mycomponent/kustomization.yaml
@@ -1,7 +0,0 @@
-bases:
- ../../../../base/myapp/mycomponent
-configMapGenerator:
- name: com1
-  behavior: merge
-  literals:
-    - from=overlay
--- a/pkg/commands/build/testdata/testcase-configmaps/overlay/dev/myapp/mycomponent2/kustomization.yaml
+++ b/pkg/commands/build/testdata/testcase-configmaps/overlay/dev/myapp/mycomponent2/kustomization.yaml
@@ -1,7 +0,0 @@
-bases:
- ../../../../base/myapp/mycomponent2
-configMapGenerator:
- name: com2
-  behavior: merge
-  literals:
-    - from=overlay
--- a/pkg/commands/build/testdata/testcase-configmaps/test.yaml
+++ b/pkg/commands/build/testdata/testcase-configmaps/test.yaml
@@ -1,5 +0,0 @@
-description: configmap generator overlay
-args: []
-filename: testdata/testcase-configmaps/overlay/dev
-expectedStdout: testdata/testcase-configmaps/expected.yaml
-expectedDiff: testdata/testcase-configmaps/expected.diff
--- a/pkg/commands/build/testdata/testcase-crds/crd/bee.yaml
+++ b/pkg/commands/build/testdata/testcase-crds/crd/bee.yaml
@@ -1,6 +0,0 @@
-apiVersion: v1beta1
-kind: Bee
-metadata:
-  name: bee
-spec:
-  action: fly
--- a/pkg/commands/build/testdata/testcase-crds/crd/kustomization.yaml
+++ b/pkg/commands/build/testdata/testcase-crds/crd/kustomization.yaml
@@ -1,9 +0,0 @@
-crds:
- mycrd.json
-
-resources:
- secret.yaml
- mykind.yaml
- bee.yaml
-
-namePrefix: test-
--- a/pkg/commands/build/testdata/testcase-crds/crd/mykind.yaml
+++ b/pkg/commands/build/testdata/testcase-crds/crd/mykind.yaml
@@ -1,9 +0,0 @@
-apiVersion: jingfang.example.com/v1beta1
-kind: MyKind
-metadata:
-  name: mykind
-spec:
-  secretRef:
-    name: crdsecret
-  beeRef:
-    name: bee
--- a/pkg/commands/build/testdata/testcase-crds/crd/secret.yaml
+++ b/pkg/commands/build/testdata/testcase-crds/crd/secret.yaml
@@ -1,6 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: crdsecret
-data:
-  PATH: YmJiYmJiYmIK
--- a/pkg/commands/build/testdata/testcase-crds/expected.diff
+++ b/pkg/commands/build/testdata/testcase-crds/expected.diff
@@ -1,36 +0,0 @@
-diff -u -N /tmp/noop/jingfang.example.com_v1beta1_MyKind_mykind.yaml /tmp/transformed/jingfang.example.com_v1beta1_MyKind_mykind.yaml
--- /tmp/noop/jingfang.example.com_v1beta1_MyKind_mykind.yaml	YYYY-MM-DD HH:MM:SS
-+++ /tmp/transformed/jingfang.example.com_v1beta1_MyKind_mykind.yaml	YYYY-MM-DD HH:MM:SS
-@@ -1,9 +1,9 @@
- apiVersion: jingfang.example.com/v1beta1
- kind: MyKind
- metadata:
-  name: mykind
-+  name: test-mykind
- spec:
-   beeRef:
-    name: bee
-+    name: test-bee
-   secretRef:
-    name: crdsecret
-+    name: test-crdsecret
-diff -u -N /tmp/noop/v1beta1_Bee_bee.yaml /tmp/transformed/v1beta1_Bee_bee.yaml
--- /tmp/noop/v1beta1_Bee_bee.yaml	YYYY-MM-DD HH:MM:SS
-+++ /tmp/transformed/v1beta1_Bee_bee.yaml	YYYY-MM-DD HH:MM:SS
-@@ -1,6 +1,6 @@
- apiVersion: v1beta1
- kind: Bee
- metadata:
-  name: bee
-+  name: test-bee
- spec:
-   action: fly
-diff -u -N /tmp/noop/v1_Secret_crdsecret.yaml /tmp/transformed/v1_Secret_crdsecret.yaml
--- /tmp/noop/v1_Secret_crdsecret.yaml	YYYY-MM-DD HH:MM:SS
-+++ /tmp/transformed/v1_Secret_crdsecret.yaml	YYYY-MM-DD HH:MM:SS
-@@ -3,4 +3,4 @@
-   PATH: YmJiYmJiYmIK
- kind: Secret
- metadata:
-  name: crdsecret
-+  name: test-crdsecret
--- a/pkg/commands/build/testdata/testcase-crds/expected.yaml
+++ b/pkg/commands/build/testdata/testcase-crds/expected.yaml
@@ -1,23 +0,0 @@
-apiVersion: v1
-data:
-  PATH: YmJiYmJiYmIK
-kind: Secret
-metadata:
-  name: test-crdsecret
---
-apiVersion: jingfang.example.com/v1beta1
-kind: MyKind
-metadata:
-  name: test-mykind
-spec:
-  beeRef:
-    name: test-bee
-  secretRef:
-    name: test-crdsecret
---
-apiVersion: v1beta1
-kind: Bee
-metadata:
-  name: test-bee
-spec:
-  action: fly
--- a/pkg/commands/build/testdata/testcase-crds/test.yaml
+++ b/pkg/commands/build/testdata/testcase-crds/test.yaml
@@ -1,5 +0,0 @@
-description: name reference in CRDs
-args: []
-filename: testdata/testcase-crds/crd
-expectedStdout: testdata/testcase-crds/expected.yaml
-expectedDiff: testdata/testcase-crds/expected.diff
--- a/pkg/commands/build/testdata/testcase-multibases-conflict/base/kustomization.yaml
+++ b/pkg/commands/build/testdata/testcase-multibases-conflict/base/kustomization.yaml
@@ -1,5 +0,0 @@
-resources:
- serviceaccount.yaml
- rolebinding.yaml
-namePrefix: base-
-nameSuffix: -suffix
--- a/pkg/commands/build/testdata/testcase-multibases-conflict/base/rolebinding.yaml
+++ b/pkg/commands/build/testdata/testcase-multibases-conflict/base/rolebinding.yaml
@@ -1,11 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: RoleBinding
-metadata:
-  name: rolebinding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: role
-subjects:
- kind: ServiceAccount
-  name: serviceaccount
--- a/pkg/commands/build/testdata/testcase-multibases-conflict/base/serviceaccount.yaml
+++ b/pkg/commands/build/testdata/testcase-multibases-conflict/base/serviceaccount.yaml
@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: serviceaccount
--- a/pkg/commands/build/testdata/testcase-multibases-conflict/combined/kustomization.yaml
+++ b/pkg/commands/build/testdata/testcase-multibases-conflict/combined/kustomization.yaml
@@ -1,3 +0,0 @@
-bases:
- ../overlays/a
- ../overlays/b
--- a/pkg/commands/build/testdata/testcase-multibases-conflict/overlays/a/kustomization.yaml
+++ b/pkg/commands/build/testdata/testcase-multibases-conflict/overlays/a/kustomization.yaml
@@ -1,8 +0,0 @@
-bases:
- ../../base/
-
-namePrefix: a-
-nameSuffix: -suffixA
-
-resources:
- serviceaccount.yaml
--- a/pkg/commands/build/testdata/testcase-multibases-conflict/overlays/a/serviceaccount.yaml
+++ b/pkg/commands/build/testdata/testcase-multibases-conflict/overlays/a/serviceaccount.yaml
@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: serviceaccount
--- a/pkg/commands/build/testdata/testcase-multibases-conflict/overlays/b/kustomization.yaml
+++ b/pkg/commands/build/testdata/testcase-multibases-conflict/overlays/b/kustomization.yaml
@@ -1,5 +0,0 @@
-bases:
- ../../base/
-
-namePrefix: b-
-nameSuffix: -suffixB
--- a/pkg/commands/build/testdata/testcase-multibases-conflict/test.yaml
+++ b/pkg/commands/build/testdata/testcase-multibases-conflict/test.yaml
@@ -1,4 +0,0 @@
-description: multibases with name reference
-args: []
-filename: testdata/testcase-multibases-conflict/combined
-expectedError: Multiple matches for name noGroup_v1_ServiceAccount
--- a/pkg/commands/build/testdata/testcase-multibases-nonconflict/base/kustomization.yaml
+++ b/pkg/commands/build/testdata/testcase-multibases-nonconflict/base/kustomization.yaml
@@ -1,5 +0,0 @@
-resources:
- serviceaccount.yaml
- rolebinding.yaml
-namePrefix: base-
-nameSuffix: -suffix
--- a/pkg/commands/build/testdata/testcase-multibases-nonconflict/base/rolebinding.yaml
+++ b/pkg/commands/build/testdata/testcase-multibases-nonconflict/base/rolebinding.yaml
@@ -1,11 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: RoleBinding
-metadata:
-  name: rolebinding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: role
-subjects:
- kind: ServiceAccount
-  name: serviceaccount
--- a/pkg/commands/build/testdata/testcase-multibases-nonconflict/base/serviceaccount.yaml
+++ b/pkg/commands/build/testdata/testcase-multibases-nonconflict/base/serviceaccount.yaml
@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: serviceaccount
--- a/pkg/commands/build/testdata/testcase-multibases-nonconflict/combined/kustomization.yaml
+++ b/pkg/commands/build/testdata/testcase-multibases-nonconflict/combined/kustomization.yaml
@@ -1,3 +0,0 @@
-bases:
- ../overlays/a
- ../overlays/b
--- a/pkg/commands/build/testdata/testcase-multibases-nonconflict/expected.yaml
+++ b/pkg/commands/build/testdata/testcase-multibases-nonconflict/expected.yaml
@@ -1,33 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: a-base-serviceaccount-suffix-suffixA
---
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: b-base-serviceaccount-suffix-suffixB
---
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: RoleBinding
-metadata:
-  name: a-base-rolebinding-suffix-suffixA
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: role
-subjects:
- kind: ServiceAccount
-  name: a-base-serviceaccount-suffix-suffixA
---
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: RoleBinding
-metadata:
-  name: b-base-rolebinding-suffix-suffixB
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: role
-subjects:
- kind: ServiceAccount
-  name: b-base-serviceaccount-suffix-suffixB
--- a/pkg/commands/build/testdata/testcase-multibases-nonconflict/overlays/a/kustomization.yaml
+++ b/pkg/commands/build/testdata/testcase-multibases-nonconflict/overlays/a/kustomization.yaml
@@ -1,5 +0,0 @@
-bases:
- ../../base/
-
-namePrefix: a-
-nameSuffix: -suffixA
--- a/pkg/commands/build/testdata/testcase-multibases-nonconflict/overlays/b/kustomization.yaml
+++ b/pkg/commands/build/testdata/testcase-multibases-nonconflict/overlays/b/kustomization.yaml
@@ -1,5 +0,0 @@
-bases:
- ../../base/
-
-namePrefix: b-
-nameSuffix: -suffixB
--- a/pkg/commands/build/testdata/testcase-multibases-nonconflict/test.yaml
+++ b/pkg/commands/build/testdata/testcase-multibases-nonconflict/test.yaml
@@ -1,4 +0,0 @@
-description: multibases with name reference
-args: []
-filename: testdata/testcase-multibases-nonconflict/combined
-expectedStdout: testdata/testcase-multibases-nonconflict/expected.yaml
--- a/pkg/commands/build/testdata/testcase-multiple-patches-conflict/in/overlay/deployment-patch1.yaml
+++ b/pkg/commands/build/testdata/testcase-multiple-patches-conflict/in/overlay/deployment-patch1.yaml
@@ -1,20 +0,0 @@
-apiVersion: apps/v1beta2
-kind: Deployment
-metadata:
-  name: nginx
-spec:
-  template:
-    spec:
-      containers:
-      - name: nginx
-        env:
-        - name: ENABLE_FEATURE_FOO
-          value: TRUE
-      volumes:
-      - name: nginx-persistent-storage
-        emptyDir: null
-        gcePersistentDisk:
-          pdName: nginx-persistent-storage
-      - configMap:
-          name: configmap-in-overlay
-        name: configmap-in-overlay
--- a/pkg/commands/build/testdata/testcase-multiple-patches-conflict/in/overlay/deployment-patch2.yaml
+++ b/pkg/commands/build/testdata/testcase-multiple-patches-conflict/in/overlay/deployment-patch2.yaml
@@ -1,12 +0,0 @@
-apiVersion: apps/v1beta2
-kind: Deployment
-metadata:
-  name: nginx
-spec:
-  template:
-    spec:
-      containers:
-      - name: nginx
-        env:
-        - name: ENABLE_FEATURE_FOO
-          value: FALSE
--- a/pkg/commands/build/testdata/testcase-multiple-patches-conflict/in/overlay/kustomization.yaml
+++ b/pkg/commands/build/testdata/testcase-multiple-patches-conflict/in/overlay/kustomization.yaml
@@ -1,12 +0,0 @@
-namePrefix: staging-
-commonLabels:
-  env: staging
-patchesStrategicMerge:
-  - deployment-patch2.yaml
-  - deployment-patch1.yaml
-bases:
-  - ../package/
-configMapGenerator:
-  - name: configmap-in-overlay
-    literals:
-      - hello=world
--- a/pkg/commands/build/testdata/testcase-multiple-patches-conflict/in/package/deployment.yaml
+++ b/pkg/commands/build/testdata/testcase-multiple-patches-conflict/in/package/deployment.yaml
@@ -1,24 +0,0 @@
-apiVersion: apps/v1beta2
-kind: Deployment
-metadata:
-  name: nginx
-  labels:
-    app: nginx
-spec:
-  template:
-    metadata:
-      labels:
-        app: nginx
-    spec:
-      containers:
-      - name: nginx
-        image: nginx
-        volumeMounts:
-        - name: nginx-persistent-storage
-          mountPath: /tmp/ps
-      volumes:
-      - name: nginx-persistent-storage
-        emptyDir: {}
-      - configMap:
-          name: configmap-in-base
-        name: configmap-in-base
--- a/pkg/commands/build/testdata/testcase-multiple-patches-conflict/in/package/kustomization.yaml
+++ b/pkg/commands/build/testdata/testcase-multiple-patches-conflict/in/package/kustomization.yaml
@@ -1,14 +0,0 @@
-namePrefix: team-foo-
-commonLabels:
-  app: mynginx
-  org: example.com
-  team: foo
-commonAnnotations:
-  note: This is a test annotation
-resources:
-  - deployment.yaml
-  - service.yaml
-configMapGenerator:
-  - name: configmap-in-base
-    literals:
-      - foo=bar
--- a/pkg/commands/build/testdata/testcase-multiple-patches-conflict/in/package/service.yaml
+++ b/pkg/commands/build/testdata/testcase-multiple-patches-conflict/in/package/service.yaml
@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: nginx
-  labels:
-    app: nginx
-spec:
-  ports:
-    - port: 80
-  selector:
-    app: nginx
--- a/pkg/commands/build/testdata/testcase-multiple-patches-conflict/test.yaml
+++ b/pkg/commands/build/testdata/testcase-multiple-patches-conflict/test.yaml
@@ -1,4 +0,0 @@
-description: conflict between multiple patches
-args: []
-filename: testdata/testcase-multiple-patches-conflict/in/overlay/
-expectedError: conflict
--- a/pkg/commands/build/testdata/testcase-multiple-patches-noconflict/expected.diff
+++ b/pkg/commands/build/testdata/testcase-multiple-patches-noconflict/expected.diff
@@ -1,99 +0,0 @@
-diff -u -N /tmp/noop/apps_v1beta2_Deployment_nginx.yaml /tmp/transformed/apps_v1beta2_Deployment_nginx.yaml
--- /tmp/noop/apps_v1beta2_Deployment_nginx.yaml	YYYY-MM-DD HH:MM:SS
-+++ /tmp/transformed/apps_v1beta2_Deployment_nginx.yaml	YYYY-MM-DD HH:MM:SS
-@@ -5,13 +5,15 @@
-     note: This is a test annotation
-   labels:
-     app: mynginx
-+    env: staging
-     org: example.com
-     team: foo
-  name: team-foo-nginx
-+  name: staging-team-foo-nginx
- spec:
-   selector:
-     matchLabels:
-       app: mynginx
-+      env: staging
-       org: example.com
-       team: foo
-   template:
-@@ -20,18 +22,30 @@
-         note: This is a test annotation
-       labels:
-         app: mynginx
-+        env: staging
-         org: example.com
-         team: foo
-     spec:
-       containers:
-      - image: nginx
-+      - env:
-+        - name: ANOTHERENV
-+          value: FOO
-+        - name: ENVKEY
-+          value: ENVVALUE
-+        image: nginx:latest
-         name: nginx
-         volumeMounts:
-         - mountPath: /tmp/ps
-           name: nginx-persistent-storage
-+      - image: sidecar
-+        name: sidecar
-       volumes:
-      - emptyDir: {}
-+      - gcePersistentDisk:
-+          pdName: nginx-persistent-storage
-         name: nginx-persistent-storage
-       - configMap:
-          name: team-foo-configmap-in-base-bbdmdh7m8t
-+          name: staging-configmap-in-overlay-k7cbc75tg8
-+        name: configmap-in-overlay
-+      - configMap:
-+          name: staging-team-foo-configmap-in-base-g7k6gt2889
-         name: configmap-in-base
-diff -u -N /tmp/noop/v1_ConfigMap_configmap-in-base.yaml /tmp/transformed/v1_ConfigMap_configmap-in-base.yaml
--- /tmp/noop/v1_ConfigMap_configmap-in-base.yaml	YYYY-MM-DD HH:MM:SS
-+++ /tmp/transformed/v1_ConfigMap_configmap-in-base.yaml	YYYY-MM-DD HH:MM:SS
-@@ -8,6 +8,7 @@
-   creationTimestamp: null
-   labels:
-     app: mynginx
-+    env: staging
-     org: example.com
-     team: foo
-  name: team-foo-configmap-in-base-bbdmdh7m8t
-+  name: staging-team-foo-configmap-in-base-g7k6gt2889
-diff -u -N /tmp/noop/v1_ConfigMap_configmap-in-overlay.yaml /tmp/transformed/v1_ConfigMap_configmap-in-overlay.yaml
--- /tmp/noop/v1_ConfigMap_configmap-in-overlay.yaml	YYYY-MM-DD HH:MM:SS
-+++ /tmp/transformed/v1_ConfigMap_configmap-in-overlay.yaml	YYYY-MM-DD HH:MM:SS
-@@ -0,0 +1,9 @@
-+apiVersion: v1
-+data:
-+  hello: world
-+kind: ConfigMap
-+metadata:
-+  creationTimestamp: null
-+  labels:
-+    env: staging
-+  name: staging-configmap-in-overlay-k7cbc75tg8
-diff -u -N /tmp/noop/v1_Service_nginx.yaml /tmp/transformed/v1_Service_nginx.yaml
--- /tmp/noop/v1_Service_nginx.yaml	YYYY-MM-DD HH:MM:SS
-+++ /tmp/transformed/v1_Service_nginx.yaml	YYYY-MM-DD HH:MM:SS
-@@ -5,13 +5,15 @@
-     note: This is a test annotation
-   labels:
-     app: mynginx
-+    env: staging
-     org: example.com
-     team: foo
-  name: team-foo-nginx
-+  name: staging-team-foo-nginx
- spec:
-   ports:
-   - port: 80
-   selector:
-     app: mynginx
-+    env: staging
-     org: example.com
-     team: foo
--- a/pkg/commands/build/testdata/testcase-multiple-patches-noconflict/expected.yaml
+++ b/pkg/commands/build/testdata/testcase-multiple-patches-noconflict/expected.yaml
@@ -1,94 +0,0 @@
-apiVersion: v1
-data:
-  foo: bar
-kind: ConfigMap
-metadata:
-  annotations:
-    note: This is a test annotation
-  labels:
-    app: mynginx
-    env: staging
-    org: example.com
-    team: foo
-  name: staging-team-foo-configmap-in-base-g7k6gt2889
---
-apiVersion: v1
-data:
-  hello: world
-kind: ConfigMap
-metadata:
-  labels:
-    env: staging
-  name: staging-configmap-in-overlay-k7cbc75tg8
---
-apiVersion: v1
-kind: Service
-metadata:
-  annotations:
-    note: This is a test annotation
-  labels:
-    app: mynginx
-    env: staging
-    org: example.com
-    team: foo
-  name: staging-team-foo-nginx
-spec:
-  ports:
-  - port: 80
-  selector:
-    app: mynginx
-    env: staging
-    org: example.com
-    team: foo
---
-apiVersion: apps/v1beta2
-kind: Deployment
-metadata:
-  annotations:
-    note: This is a test annotation
-  labels:
-    app: mynginx
-    env: staging
-    org: example.com
-    team: foo
-  name: staging-team-foo-nginx
-spec:
-  selector:
-    matchLabels:
-      app: mynginx
-      env: staging
-      org: example.com
-      team: foo
-  template:
-    metadata:
-      annotations:
-        note: This is a test annotation
-      labels:
-        app: mynginx
-        env: staging
-        org: example.com
-        team: foo
-    spec:
-      containers:
-      - env:
-        - name: ANOTHERENV
-          value: FOO
-        - name: ENVKEY
-          value: ENVVALUE
-        image: nginx:latest
-        name: nginx
-        volumeMounts:
-        - mountPath: /tmp/ps
-          name: nginx-persistent-storage
-      - image: sidecar
-        name: sidecar
-      volumes:
-      - gcePersistentDisk:
-          pdName: nginx-persistent-storage
-        name: nginx-persistent-storage
-      - configMap:
-          name: staging-configmap-in-overlay-k7cbc75tg8
-        name: configmap-in-overlay
-      - configMap:
-          name: staging-team-foo-configmap-in-base-g7k6gt2889
-        name: configmap-in-base
--- a/pkg/commands/build/testdata/testcase-multiple-patches-noconflict/in/overlay/kustomization.yaml
+++ b/pkg/commands/build/testdata/testcase-multiple-patches-noconflict/in/overlay/kustomization.yaml
@@ -1,12 +0,0 @@
-namePrefix: staging-
-commonLabels:
-  env: staging
-patchesStrategicMerge:
-  - patches/deployment-patch1.yaml
-  - patches/deployment-patch2.yaml
-bases:
-  - ../package/
-configMapGenerator:
-  - name: configmap-in-overlay
-    literals:
-      - hello=world
--- a/pkg/commands/build/testdata/testcase-multiple-patches-noconflict/in/overlay/patches/deployment-patch1.yaml
+++ b/pkg/commands/build/testdata/testcase-multiple-patches-noconflict/in/overlay/patches/deployment-patch1.yaml
@@ -1,21 +0,0 @@
-apiVersion: apps/v1beta2
-kind: Deployment
-metadata:
-  name: nginx
-spec:
-  template:
-    spec:
-      containers:
-      - name: nginx
-        image: nginx:latest
-        env:
-        - name: ENVKEY
-          value: ENVVALUE
-      volumes:
-      - name: nginx-persistent-storage
-        emptyDir: null
-        gcePersistentDisk:
-          pdName: nginx-persistent-storage
-      - configMap:
-          name: configmap-in-overlay
-        name: configmap-in-overlay
--- a/pkg/commands/build/testdata/testcase-multiple-patches-noconflict/in/overlay/patches/deployment-patch2.yaml
+++ b/pkg/commands/build/testdata/testcase-multiple-patches-noconflict/in/overlay/patches/deployment-patch2.yaml
@@ -1,16 +0,0 @@
-apiVersion: apps/v1beta2
-kind: Deployment
-metadata:
-  name: nginx
-spec:
-  template:
-    spec:
-      containers:
-      - name: nginx
-        env:
-        - name: ANOTHERENV
-          value: FOO
-      - name: sidecar
-        image: sidecar
-      volumes:
-      - name: nginx-persistent-storage
--- a/pkg/commands/build/testdata/testcase-multiple-patches-noconflict/in/package/deployment.yaml
+++ b/pkg/commands/build/testdata/testcase-multiple-patches-noconflict/in/package/deployment.yaml
@@ -1,24 +0,0 @@
-apiVersion: apps/v1beta2
-kind: Deployment
-metadata:
-  name: nginx
-  labels:
-    app: nginx
-spec:
-  template:
-    metadata:
-      labels:
-        app: nginx
-    spec:
-      containers:
-      - name: nginx
-        image: nginx
-        volumeMounts:
-        - name: nginx-persistent-storage
-          mountPath: /tmp/ps
-      volumes:
-      - name: nginx-persistent-storage
-        emptyDir: {}
-      - configMap:
-          name: configmap-in-base
-        name: configmap-in-base
--- a/pkg/commands/build/testdata/testcase-multiple-patches-noconflict/in/package/kustomization.yaml
+++ b/pkg/commands/build/testdata/testcase-multiple-patches-noconflict/in/package/kustomization.yaml
@@ -1,14 +0,0 @@
-namePrefix: team-foo-
-commonLabels:
-  app: mynginx
-  org: example.com
-  team: foo
-commonAnnotations:
-  note: This is a test annotation
-resources:
-  - deployment.yaml
-  - service.yaml
-configMapGenerator:
-  - name: configmap-in-base
-    literals:
-      - foo=bar
--- a/pkg/commands/build/testdata/testcase-multiple-patches-noconflict/in/package/service.yaml
+++ b/pkg/commands/build/testdata/testcase-multiple-patches-noconflict/in/package/service.yaml
@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: nginx
-  labels:
-    app: nginx
-spec:
-  ports:
-    - port: 80
-  selector:
-    app: nginx
--- a/pkg/commands/build/testdata/testcase-multiple-patches-noconflict/test.yaml
+++ b/pkg/commands/build/testdata/testcase-multiple-patches-noconflict/test.yaml
@@ -1,5 +0,0 @@
-description: multiple patches no conflict
-args: []
-filename: testdata/testcase-multiple-patches-noconflict/in/overlay/
-expectedStdout: testdata/testcase-multiple-patches-noconflict/expected.yaml
-expectedDiff: testdata/testcase-multiple-patches-noconflict/expected.diff
--- a/pkg/commands/build/testdata/testcase-simple/expected.diff
+++ b/pkg/commands/build/testdata/testcase-simple/expected.diff
@@ -1,154 +0,0 @@
-diff -u -N /tmp/noop/extensions_v1beta1_Deployment_mungebot.yaml /tmp/transformed/extensions_v1beta1_Deployment_mungebot.yaml
--- /tmp/noop/extensions_v1beta1_Deployment_mungebot.yaml	YYYY-MM-DD HH:MM:SS
-+++ /tmp/transformed/extensions_v1beta1_Deployment_mungebot.yaml	YYYY-MM-DD HH:MM:SS
-@@ -3,28 +3,68 @@
- metadata:
-   annotations:
-     baseAnno: This is an base annotation
-+    note: This is a test annotation
-   labels:
-     app: mungebot
-     foo: bar
-  name: baseprefix-mungebot
-+    org: kubernetes
-+    repo: test-infra
-+  name: test-infra-baseprefix-mungebot
- spec:
-  replicas: 1
-+  replicas: 2
-   selector:
-     matchLabels:
-+      app: mungebot
-       foo: bar
-+      org: kubernetes
-+      repo: test-infra
-   template:
-     metadata:
-       annotations:
-         baseAnno: This is an base annotation
-+        note: This is a test annotation
-       labels:
-         app: mungebot
-         foo: bar
-+        org: kubernetes
-+        repo: test-infra
-     spec:
-       containers:
-       - env:
-+        - name: FOO
-+          valueFrom:
-+            configMapKeyRef:
-+              key: somekey
-+              name: test-infra-app-env-bh449c299k
-+        - name: BAR
-+          valueFrom:
-+            secretKeyRef:
-+              key: somekey
-+              name: test-infra-app-tls-6hkmhf2224
-         - name: foo
-           value: bar
-        image: nginx
-+        image: nginx:1.8.0
-         name: nginx
-         ports:
-         - containerPort: 80
-+      - envFrom:
-+        - configMapRef:
-+            name: someConfigMap
-+        - configMapRef:
-+            name: test-infra-app-env-bh449c299k
-+        - secretRef:
-+            name: test-infra-app-tls-6hkmhf2224
-+        image: busybox
-+        name: busybox
-+        volumeMounts:
-+        - mountPath: /tmp/env
-+          name: app-env
-+        - mountPath: /tmp/tls
-+          name: app-tls
-+      volumes:
-+      - configMap:
-+          name: test-infra-app-env-bh449c299k
-+        name: app-env
-+      - name: app-tls
-+        secret:
-+          secretName: test-infra-app-tls-6hkmhf2224
-diff -u -N /tmp/noop/v1_ConfigMap_app-config.yaml /tmp/transformed/v1_ConfigMap_app-config.yaml
--- /tmp/noop/v1_ConfigMap_app-config.yaml	YYYY-MM-DD HH:MM:SS
-+++ /tmp/transformed/v1_ConfigMap_app-config.yaml	YYYY-MM-DD HH:MM:SS
-@@ -0,0 +1,15 @@
-+apiVersion: v1
-+data:
-+  app-init.ini: |
-+    FOO=bar
-+    BAR=baz
-+kind: ConfigMap
-+metadata:
-+  annotations:
-+    note: This is a test annotation
-+  creationTimestamp: null
-+  labels:
-+    app: mungebot
-+    org: kubernetes
-+    repo: test-infra
-+  name: test-infra-app-config-hf5424hg8g
-diff -u -N /tmp/noop/v1_ConfigMap_app-env.yaml /tmp/transformed/v1_ConfigMap_app-env.yaml
--- /tmp/noop/v1_ConfigMap_app-env.yaml	YYYY-MM-DD HH:MM:SS
-+++ /tmp/transformed/v1_ConfigMap_app-env.yaml	YYYY-MM-DD HH:MM:SS
-@@ -0,0 +1,14 @@
-+apiVersion: v1
-+data:
-+  DB_PASSWORD: somepw
-+  DB_USERNAME: admin
-+kind: ConfigMap
-+metadata:
-+  annotations:
-+    note: This is a test annotation
-+  creationTimestamp: null
-+  labels:
-+    app: mungebot
-+    org: kubernetes
-+    repo: test-infra
-+  name: test-infra-app-env-bh449c299k
-diff -u -N /tmp/noop/v1_Secret_app-tls.yaml /tmp/transformed/v1_Secret_app-tls.yaml
--- /tmp/noop/v1_Secret_app-tls.yaml	YYYY-MM-DD HH:MM:SS
-+++ /tmp/transformed/v1_Secret_app-tls.yaml	YYYY-MM-DD HH:MM:SS
-@@ -0,0 +1,15 @@
-+apiVersion: v1
-+data:
-+  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUIwekNDQVgyZ0F3SUJBZ0lKQUkvTTdCWWp3Qit1TUEwR0NTcUdTSWIzRFFFQkJRVUFNRVV4Q3pBSkJnTlYKQkFZVEFrRlZNUk13RVFZRFZRUUlEQXBUYjIxbExWTjBZWFJsTVNFd0h3WURWUVFLREJoSmJuUmxjbTVsZENCWAphV1JuYVhSeklGQjBlU0JNZEdRd0hoY05NVEl3T1RFeU1qRTFNakF5V2hjTk1UVXdPVEV5TWpFMU1qQXlXakJGCk1Rc3dDUVlEVlFRR0V3SkJWVEVUTUJFR0ExVUVDQXdLVTI5dFpTMVRkR0YwWlRFaE1COEdBMVVFQ2d3WVNXNTAKWlhKdVpYUWdWMmxrWjJsMGN5QlFkSGtnVEhSa01Gd3dEUVlKS29aSWh2Y05BUUVCQlFBRFN3QXdTQUpCQU5MSgpoUEhoSVRxUWJQa2xHM2liQ1Z4d0dNUmZwL3Y0WHFoZmRRSGRjVmZIYXA2TlE1V29rLzR4SUErdWkzNS9NbU5hCnJ0TnVDK0JkWjF0TXVWQ1BGWmNDQXdFQUFhTlFNRTR3SFFZRFZSME9CQllFRkp2S3M4UmZKYVhUSDA4VytTR3YKelF5S24wSDhNQjhHQTFVZEl3UVlNQmFBRkp2S3M4UmZKYVhUSDA4VytTR3Z6UXlLbjBIOE1Bd0dBMVVkRXdRRgpNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUZCUUFEUVFCSmxmZkpIeWJqREd4Uk1xYVJtRGhYMCs2djAyVFVLWnNXCnI1UXVWYnBRaEg2dSswVWdjVzBqcDlRd3B4b1BUTFRXR1hFV0JCQnVyeEZ3aUNCaGtRK1YKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
-+  tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlCT3dJQkFBSkJBTkxKaFBIaElUcVFiUGtsRzNpYkNWeHdHTVJmcC92NFhxaGZkUUhkY1ZmSGFwNk5RNVdvCmsvNHhJQSt1aTM1L01tTmFydE51QytCZFoxdE11VkNQRlpjQ0F3RUFBUUpBRUoyTit6c1IwWG44L1E2dHdhNEcKNk9CMU0xV08rayt6dG5YLzFTdk5lV3U4RDZHSW10dXBMVFlnalpjSHVmeWtqMDlqaUhtakh4OHU4WlpCL28xTgpNUUloQVBXK2V5Wm83YXkzbE16MVYwMVdWak5LSzlRU24xTUpsYjA2aC9MdVl2OUZBaUVBMjVXUGVkS2dWeUNXClNtVXdiUHc4Zm5UY3BxRFdFM3lUTzN2S2NlYnFNU3NDSUJGM1VtVnVlOFlVM2p5YkMzTnh1WHEzd05tMzRSOFQKeFZMSHdEWGgvNk5KQWlFQWwyb0hHR0x6NjRCdUFmaktycXd6N3FNWXI5SENMSWUvWXNvV3Evb2x6U2NDSVFEaQpEMmxXdXNvZTIvbkVxZkRWVldHV2x5Sjd5T21xYVZtL2lOVU45QjJOMmc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
-+kind: Secret
-+metadata:
-+  annotations:
-+    note: This is a test annotation
-+  creationTimestamp: null
-+  labels:
-+    app: mungebot
-+    org: kubernetes
-+    repo: test-infra
-+  name: test-infra-app-tls-6hkmhf2224
-+type: kubernetes.io/tls
-diff -u -N /tmp/noop/v1_Service_mungebot-service.yaml /tmp/transformed/v1_Service_mungebot-service.yaml
--- /tmp/noop/v1_Service_mungebot-service.yaml	YYYY-MM-DD HH:MM:SS
-+++ /tmp/transformed/v1_Service_mungebot-service.yaml	YYYY-MM-DD HH:MM:SS
-@@ -3,13 +3,18 @@
- metadata:
-   annotations:
-     baseAnno: This is an base annotation
-+    note: This is a test annotation
-   labels:
-     app: mungebot
-     foo: bar
-  name: baseprefix-mungebot-service
-+    org: kubernetes
-+    repo: test-infra
-+  name: test-infra-baseprefix-mungebot-service
- spec:
-   ports:
-   - port: 7002
-   selector:
-     app: mungebot
-     foo: bar
-+    org: kubernetes
-+    repo: test-infra
--- a/pkg/commands/build/testdata/testcase-simple/expected.yaml
+++ b/pkg/commands/build/testdata/testcase-simple/expected.yaml
@@ -1,135 +0,0 @@
-apiVersion: v1
-data:
-  app-init.ini: |
-    FOO=bar
-    BAR=baz
-kind: ConfigMap
-metadata:
-  annotations:
-    note: This is a test annotation
-  labels:
-    app: mungebot
-    org: kubernetes
-    repo: test-infra
-  name: test-infra-app-config-hf5424hg8g
---
-apiVersion: v1
-data:
-  DB_PASSWORD: somepw
-  DB_USERNAME: admin
-kind: ConfigMap
-metadata:
-  annotations:
-    note: This is a test annotation
-  labels:
-    app: mungebot
-    org: kubernetes
-    repo: test-infra
-  name: test-infra-app-env-bh449c299k
---
-apiVersion: v1
-data:
-  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUIwekNDQVgyZ0F3SUJBZ0lKQUkvTTdCWWp3Qit1TUEwR0NTcUdTSWIzRFFFQkJRVUFNRVV4Q3pBSkJnTlYKQkFZVEFrRlZNUk13RVFZRFZRUUlEQXBUYjIxbExWTjBZWFJsTVNFd0h3WURWUVFLREJoSmJuUmxjbTVsZENCWAphV1JuYVhSeklGQjBlU0JNZEdRd0hoY05NVEl3T1RFeU1qRTFNakF5V2hjTk1UVXdPVEV5TWpFMU1qQXlXakJGCk1Rc3dDUVlEVlFRR0V3SkJWVEVUTUJFR0ExVUVDQXdLVTI5dFpTMVRkR0YwWlRFaE1COEdBMVVFQ2d3WVNXNTAKWlhKdVpYUWdWMmxrWjJsMGN5QlFkSGtnVEhSa01Gd3dEUVlKS29aSWh2Y05BUUVCQlFBRFN3QXdTQUpCQU5MSgpoUEhoSVRxUWJQa2xHM2liQ1Z4d0dNUmZwL3Y0WHFoZmRRSGRjVmZIYXA2TlE1V29rLzR4SUErdWkzNS9NbU5hCnJ0TnVDK0JkWjF0TXVWQ1BGWmNDQXdFQUFhTlFNRTR3SFFZRFZSME9CQllFRkp2S3M4UmZKYVhUSDA4VytTR3YKelF5S24wSDhNQjhHQTFVZEl3UVlNQmFBRkp2S3M4UmZKYVhUSDA4VytTR3Z6UXlLbjBIOE1Bd0dBMVVkRXdRRgpNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUZCUUFEUVFCSmxmZkpIeWJqREd4Uk1xYVJtRGhYMCs2djAyVFVLWnNXCnI1UXVWYnBRaEg2dSswVWdjVzBqcDlRd3B4b1BUTFRXR1hFV0JCQnVyeEZ3aUNCaGtRK1YKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
-  tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlCT3dJQkFBSkJBTkxKaFBIaElUcVFiUGtsRzNpYkNWeHdHTVJmcC92NFhxaGZkUUhkY1ZmSGFwNk5RNVdvCmsvNHhJQSt1aTM1L01tTmFydE51QytCZFoxdE11VkNQRlpjQ0F3RUFBUUpBRUoyTit6c1IwWG44L1E2dHdhNEcKNk9CMU0xV08rayt6dG5YLzFTdk5lV3U4RDZHSW10dXBMVFlnalpjSHVmeWtqMDlqaUhtakh4OHU4WlpCL28xTgpNUUloQVBXK2V5Wm83YXkzbE16MVYwMVdWak5LSzlRU24xTUpsYjA2aC9MdVl2OUZBaUVBMjVXUGVkS2dWeUNXClNtVXdiUHc4Zm5UY3BxRFdFM3lUTzN2S2NlYnFNU3NDSUJGM1VtVnVlOFlVM2p5YkMzTnh1WHEzd05tMzRSOFQKeFZMSHdEWGgvNk5KQWlFQWwyb0hHR0x6NjRCdUFmaktycXd6N3FNWXI5SENMSWUvWXNvV3Evb2x6U2NDSVFEaQpEMmxXdXNvZTIvbkVxZkRWVldHV2x5Sjd5T21xYVZtL2lOVU45QjJOMmc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
-kind: Secret
-metadata:
-  annotations:
-    note: This is a test annotation
-  labels:
-    app: mungebot
-    org: kubernetes
-    repo: test-infra
-  name: test-infra-app-tls-6hkmhf2224
-type: kubernetes.io/tls
---
-apiVersion: v1
-kind: Service
-metadata:
-  annotations:
-    baseAnno: This is an base annotation
-    note: This is a test annotation
-  labels:
-    app: mungebot
-    foo: bar
-    org: kubernetes
-    repo: test-infra
-  name: test-infra-baseprefix-mungebot-service
-spec:
-  ports:
-  - port: 7002
-  selector:
-    app: mungebot
-    foo: bar
-    org: kubernetes
-    repo: test-infra
---
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
-  annotations:
-    baseAnno: This is an base annotation
-    note: This is a test annotation
-  labels:
-    app: mungebot
-    foo: bar
-    org: kubernetes
-    repo: test-infra
-  name: test-infra-baseprefix-mungebot
-spec:
-  replicas: 2
-  selector:
-    matchLabels:
-      app: mungebot
-      foo: bar
-      org: kubernetes
-      repo: test-infra
-  template:
-    metadata:
-      annotations:
-        baseAnno: This is an base annotation
-        note: This is a test annotation
-      labels:
-        app: mungebot
-        foo: bar
-        org: kubernetes
-        repo: test-infra
-    spec:
-      containers:
-      - env:
-        - name: FOO
-          valueFrom:
-            configMapKeyRef:
-              key: somekey
-              name: test-infra-app-env-bh449c299k
-        - name: BAR
-          valueFrom:
-            secretKeyRef:
-              key: somekey
-              name: test-infra-app-tls-6hkmhf2224
-        - name: foo
-          value: bar
-        image: nginx:1.8.0
-        name: nginx
-        ports:
-        - containerPort: 80
-      - envFrom:
-        - configMapRef:
-            name: someConfigMap
-        - configMapRef:
-            name: test-infra-app-env-bh449c299k
-        - secretRef:
-            name: test-infra-app-tls-6hkmhf2224
-        image: busybox
-        name: busybox
-        volumeMounts:
-        - mountPath: /tmp/env
-          name: app-env
-        - mountPath: /tmp/tls
-          name: app-tls
-      volumes:
-      - configMap:
-          name: test-infra-app-env-bh449c299k
-        name: app-env
-      - name: app-tls
-        secret:
-          secretName: test-infra-app-tls-6hkmhf2224
--- a/pkg/commands/build/testdata/testcase-simple/test.yaml
+++ b/pkg/commands/build/testdata/testcase-simple/test.yaml
@@ -1,5 +0,0 @@
-description: simple
-args: []
-filename: ../../examplelayout/simple/instances/exampleinstance/
-expectedStdout: testdata/testcase-simple/expected.yaml
-expectedDiff: testdata/testcase-simple/expected.diff
--- a/pkg/commands/build/testdata/testcase-single-overlay/expected.diff
+++ b/pkg/commands/build/testdata/testcase-single-overlay/expected.diff
@@ -1,128 +0,0 @@
-diff -u -N /tmp/noop/apps_v1beta2_Deployment_nginx.yaml /tmp/transformed/apps_v1beta2_Deployment_nginx.yaml
--- /tmp/noop/apps_v1beta2_Deployment_nginx.yaml	YYYY-MM-DD HH:MM:SS
-+++ /tmp/transformed/apps_v1beta2_Deployment_nginx.yaml	YYYY-MM-DD HH:MM:SS
-@@ -5,23 +5,26 @@
-     note: This is a test annotation
-   labels:
-     app: mynginx
-+    env: staging
-     org: example.com
-    team: foo
-  name: team-foo-nginx
-+    team: override-foo
-+  name: staging-team-foo-nginx
- spec:
-   selector:
-     matchLabels:
-       app: mynginx
-+      env: staging
-       org: example.com
-      team: foo
-+      team: override-foo
-   template:
-     metadata:
-       annotations:
-         note: This is a test annotation
-       labels:
-         app: mynginx
-+        env: staging
-         org: example.com
-        team: foo
-+        team: override-foo
-     spec:
-       containers:
-       - image: nginx
-@@ -30,8 +33,12 @@
-         - mountPath: /tmp/ps
-           name: nginx-persistent-storage
-       volumes:
-      - emptyDir: {}
-+      - gcePersistentDisk:
-+          pdName: nginx-persistent-storage
-         name: nginx-persistent-storage
-       - configMap:
-          name: team-foo-configmap-in-base-bbdmdh7m8t
-+          name: staging-configmap-in-overlay-k7cbc75tg8
-+        name: configmap-in-overlay
-+      - configMap:
-+          name: staging-team-foo-configmap-in-base-gh9d7t85gb
-         name: configmap-in-base
-diff -u -N /tmp/noop/v1_ConfigMap_configmap-in-base.yaml /tmp/transformed/v1_ConfigMap_configmap-in-base.yaml
--- /tmp/noop/v1_ConfigMap_configmap-in-base.yaml	YYYY-MM-DD HH:MM:SS
-+++ /tmp/transformed/v1_ConfigMap_configmap-in-base.yaml	YYYY-MM-DD HH:MM:SS
-@@ -1,6 +1,6 @@
- apiVersion: v1
- data:
-  foo: bar
-+  foo: override-bar
- kind: ConfigMap
- metadata:
-   annotations:
-@@ -8,6 +8,7 @@
-   creationTimestamp: null
-   labels:
-     app: mynginx
-+    env: staging
-     org: example.com
-    team: foo
-  name: team-foo-configmap-in-base-bbdmdh7m8t
-+    team: override-foo
-+  name: staging-team-foo-configmap-in-base-gh9d7t85gb
-diff -u -N /tmp/noop/v1_ConfigMap_configmap-in-overlay.yaml /tmp/transformed/v1_ConfigMap_configmap-in-overlay.yaml
--- /tmp/noop/v1_ConfigMap_configmap-in-overlay.yaml	YYYY-MM-DD HH:MM:SS
-+++ /tmp/transformed/v1_ConfigMap_configmap-in-overlay.yaml	YYYY-MM-DD HH:MM:SS
-@@ -0,0 +1,10 @@
-+apiVersion: v1
-+data:
-+  hello: world
-+kind: ConfigMap
-+metadata:
-+  creationTimestamp: null
-+  labels:
-+    env: staging
-+    team: override-foo
-+  name: staging-configmap-in-overlay-k7cbc75tg8
-diff -u -N /tmp/noop/v1_Secret_secret-in-base.yaml /tmp/transformed/v1_Secret_secret-in-base.yaml
--- /tmp/noop/v1_Secret_secret-in-base.yaml	YYYY-MM-DD HH:MM:SS
-+++ /tmp/transformed/v1_Secret_secret-in-base.yaml	YYYY-MM-DD HH:MM:SS
-@@ -1,6 +1,7 @@
- apiVersion: v1
- data:
-   password: c29tZXB3
-+  proxy: aGFwcm94eQ==
-   username: YWRtaW4=
- kind: Secret
- metadata:
-@@ -9,7 +10,8 @@
-   creationTimestamp: null
-   labels:
-     app: mynginx
-+    env: staging
-     org: example.com
-    team: foo
-  name: team-foo-secret-in-base-tkm7hhtf8d
-+    team: override-foo
-+  name: staging-team-foo-secret-in-base-c8db7gk2m2
- type: Opaque
-diff -u -N /tmp/noop/v1_Service_nginx.yaml /tmp/transformed/v1_Service_nginx.yaml
--- /tmp/noop/v1_Service_nginx.yaml	YYYY-MM-DD HH:MM:SS
-+++ /tmp/transformed/v1_Service_nginx.yaml	YYYY-MM-DD HH:MM:SS
-@@ -5,13 +5,15 @@
-     note: This is a test annotation
-   labels:
-     app: mynginx
-+    env: staging
-     org: example.com
-    team: foo
-  name: team-foo-nginx
-+    team: override-foo
-+  name: staging-team-foo-nginx
- spec:
-   ports:
-   - port: 80
-   selector:
-     app: mynginx
-+    env: staging
-     org: example.com
-    team: foo
-+    team: override-foo
--- a/pkg/commands/build/testdata/testcase-single-overlay/expected.yaml
+++ b/pkg/commands/build/testdata/testcase-single-overlay/expected.yaml
@@ -1,105 +0,0 @@
-apiVersion: v1
-data:
-  foo: override-bar
-kind: ConfigMap
-metadata:
-  annotations:
-    note: This is a test annotation
-  labels:
-    app: mynginx
-    env: staging
-    org: example.com
-    team: override-foo
-  name: staging-team-foo-configmap-in-base-gh9d7t85gb
---
-apiVersion: v1
-data:
-  hello: world
-kind: ConfigMap
-metadata:
-  labels:
-    env: staging
-    team: override-foo
-  name: staging-configmap-in-overlay-k7cbc75tg8
---
-apiVersion: v1
-data:
-  password: c29tZXB3
-  proxy: aGFwcm94eQ==
-  username: YWRtaW4=
-kind: Secret
-metadata:
-  annotations:
-    note: This is a test annotation
-  labels:
-    app: mynginx
-    env: staging
-    org: example.com
-    team: override-foo
-  name: staging-team-foo-secret-in-base-c8db7gk2m2
-type: Opaque
---
-apiVersion: v1
-kind: Service
-metadata:
-  annotations:
-    note: This is a test annotation
-  labels:
-    app: mynginx
-    env: staging
-    org: example.com
-    team: override-foo
-  name: staging-team-foo-nginx
-spec:
-  ports:
-  - port: 80
-  selector:
-    app: mynginx
-    env: staging
-    org: example.com
-    team: override-foo
---
-apiVersion: apps/v1beta2
-kind: Deployment
-metadata:
-  annotations:
-    note: This is a test annotation
-  labels:
-    app: mynginx
-    env: staging
-    org: example.com
-    team: override-foo
-  name: staging-team-foo-nginx
-spec:
-  selector:
-    matchLabels:
-      app: mynginx
-      env: staging
-      org: example.com
-      team: override-foo
-  template:
-    metadata:
-      annotations:
-        note: This is a test annotation
-      labels:
-        app: mynginx
-        env: staging
-        org: example.com
-        team: override-foo
-    spec:
-      containers:
-      - image: nginx
-        name: nginx
-        volumeMounts:
-        - mountPath: /tmp/ps
-          name: nginx-persistent-storage
-      volumes:
-      - gcePersistentDisk:
-          pdName: nginx-persistent-storage
-        name: nginx-persistent-storage
-      - configMap:
-          name: staging-configmap-in-overlay-k7cbc75tg8
-        name: configmap-in-overlay
-      - configMap:
-          name: staging-team-foo-configmap-in-base-gh9d7t85gb
-        name: configmap-in-base
--- a/pkg/commands/build/testdata/testcase-single-overlay/in/overlay/deployment.yaml
+++ b/pkg/commands/build/testdata/testcase-single-overlay/in/overlay/deployment.yaml
@@ -1,15 +0,0 @@
-apiVersion: apps/v1beta2
-kind: Deployment
-metadata:
-  name: nginx
-spec:
-  template:
-    spec:
-      volumes:
-      - name: nginx-persistent-storage
-        emptyDir: null
-        gcePersistentDisk:
-          pdName: nginx-persistent-storage
-      - configMap:
-          name: configmap-in-overlay
-        name: configmap-in-overlay
--- a/pkg/commands/build/testdata/testcase-single-overlay/in/overlay/kustomization.yaml
+++ b/pkg/commands/build/testdata/testcase-single-overlay/in/overlay/kustomization.yaml
@@ -1,21 +0,0 @@
-namePrefix: staging-
-commonLabels:
-  env: staging
-  team: override-foo
-patchesStrategicMerge:
-  - deployment.yaml
-bases:
-  - ../package/
-configMapGenerator:
-  - name: configmap-in-overlay
-    literals:
-      - hello=world
-  - name: configmap-in-base
-    behavior: replace
-    literals:
-      - foo=override-bar
-secretGenerator:
- name: secret-in-base
-  behavior: merge
-  commands:
-    proxy: "printf haproxy"
--- a/pkg/commands/build/testdata/testcase-single-overlay/in/package/deployment.yaml
+++ b/pkg/commands/build/testdata/testcase-single-overlay/in/package/deployment.yaml
@@ -1,24 +0,0 @@
-apiVersion: apps/v1beta2
-kind: Deployment
-metadata:
-  name: nginx
-  labels:
-    app: nginx
-spec:
-  template:
-    metadata:
-      labels:
-        app: nginx
-    spec:
-      containers:
-      - name: nginx
-        image: nginx
-        volumeMounts:
-        - name: nginx-persistent-storage
-          mountPath: /tmp/ps
-      volumes:
-      - name: nginx-persistent-storage
-        emptyDir: {}
-      - configMap:
-          name: configmap-in-base
-        name: configmap-in-base
--- a/pkg/commands/build/testdata/testcase-single-overlay/in/package/kustomization.yaml
+++ b/pkg/commands/build/testdata/testcase-single-overlay/in/package/kustomization.yaml
@@ -1,19 +0,0 @@
-namePrefix: team-foo-
-commonLabels:
-  app: mynginx
-  org: example.com
-  team: foo
-commonAnnotations:
-  note: This is a test annotation
-resources:
-  - deployment.yaml
-  - service.yaml
-configMapGenerator:
-  - name: configmap-in-base
-    literals:
-      - foo=bar
-secretGenerator:
- name: secret-in-base
-  commands:
-    username: "printf admin"
-    password: "printf somepw"
--- a/pkg/commands/build/testdata/testcase-single-overlay/in/package/service.yaml
+++ b/pkg/commands/build/testdata/testcase-single-overlay/in/package/service.yaml
@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: nginx
-  labels:
-    app: nginx
-spec:
-  ports:
-    - port: 80
-  selector:
-    app: nginx
--- a/pkg/commands/build/testdata/testcase-single-overlay/test.yaml
+++ b/pkg/commands/build/testdata/testcase-single-overlay/test.yaml
@@ -1,5 +0,0 @@
-description: single overlay
-args: []
-filename: testdata/testcase-single-overlay/in/overlay/
-expectedStdout: testdata/testcase-single-overlay/expected.yaml
-expectedDiff: testdata/testcase-single-overlay/expected.diff
--- a/pkg/commands/build/testdata/testcase-variable-ref/expected.diff
+++ b/pkg/commands/build/testdata/testcase-variable-ref/expected.diff
@@ -1,186 +0,0 @@
-diff -u -N /tmp/noop/apps_v1beta1_StatefulSet_cockroachdb.yaml /tmp/transformed/apps_v1beta1_StatefulSet_cockroachdb.yaml
--- /tmp/noop/apps_v1beta1_StatefulSet_cockroachdb.yaml	YYYY-MM-DD HH:MM:SS
-+++ /tmp/transformed/apps_v1beta1_StatefulSet_cockroachdb.yaml	YYYY-MM-DD HH:MM:SS
-@@ -1,10 +1,10 @@
- apiVersion: apps/v1beta1
- kind: StatefulSet
- metadata:
-  name: base-cockroachdb
-+  name: dev-base-cockroachdb
- spec:
-   replicas: 3
-  serviceName: base-cockroachdb
-+  serviceName: dev-base-cockroachdb
-   template:
-     metadata:
-       labels:
-@@ -27,7 +27,7 @@
-         - /bin/bash
-         - -ecx
-         - exec /cockroach/cockroach start --logtostderr --certs-dir /cockroach/cockroach-certs
-          --host $(hostname -f) --http-host 0.0.0.0 --join base-cockroachdb-0.base-cockroachdb,base-cockroachdb-1.base-cockroachdb,base-cockroachdb-2.base-cockroachdb
-+          --host $(hostname -f) --http-host 0.0.0.0 --join dev-base-cockroachdb-0.dev-base-cockroachdb,dev-base-cockroachdb-1.dev-base-cockroachdb,dev-base-cockroachdb-2.dev-base-cockroachdb
-           --cache 25% --max-sql-memory 25%
-         image: cockroachdb/cockroach:v1.1.5
-         imagePullPolicy: IfNotPresent
-@@ -48,7 +48,7 @@
-         - -ecx
-         - /request-cert -namespace=${POD_NAMESPACE} -certs-dir=/cockroach-certs -type=node
-           -addresses=localhost,127.0.0.1,${POD_IP},$(hostname -f),$(hostname -f|cut
-          -f 1-2 -d '.'),base-cockroachdb-public -symlink-ca-from=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-+          -f 1-2 -d '.'),dev-base-cockroachdb-public -symlink-ca-from=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-         env:
-         - name: POD_IP
-           valueFrom:
-@@ -64,7 +64,7 @@
-         volumeMounts:
-         - mountPath: /cockroach-certs
-           name: certs
-      serviceAccountName: base-cockroachdb
-+      serviceAccountName: dev-base-cockroachdb
-       terminationGracePeriodSeconds: 60
-       volumes:
-       - name: datadir
-diff -u -N /tmp/noop/batch_v1beta1_CronJob_cronjob-example.yaml /tmp/transformed/batch_v1beta1_CronJob_cronjob-example.yaml
--- /tmp/noop/batch_v1beta1_CronJob_cronjob-example.yaml	YYYY-MM-DD HH:MM:SS
-+++ /tmp/transformed/batch_v1beta1_CronJob_cronjob-example.yaml	YYYY-MM-DD HH:MM:SS
-@@ -1,7 +1,7 @@
- apiVersion: batch/v1beta1
- kind: CronJob
- metadata:
-  name: base-cronjob-example
-+  name: dev-base-cronjob-example
- spec:
-   concurrencyPolicy: Forbid
-   jobTemplate:
-@@ -11,11 +11,11 @@
-           containers:
-           - command:
-             - echo
-            - base-cockroachdb
-            - base-test-config-map-259876d7fg
-+            - dev-base-cockroachdb
-+            - dev-base-test-config-map-b2g2dmd64b
-             env:
-             - name: CDB_PUBLIC_SVC
-              value: base-cockroachdb-public
-+              value: dev-base-cockroachdb-public
-             image: cockroachdb/cockroach:v1.1.5
-             name: cronjob-example
-   schedule: '*/1 * * * *'
-diff -u -N /tmp/noop/policy_v1beta1_PodDisruptionBudget_cockroachdb-budget.yaml /tmp/transformed/policy_v1beta1_PodDisruptionBudget_cockroachdb-budget.yaml
--- /tmp/noop/policy_v1beta1_PodDisruptionBudget_cockroachdb-budget.yaml	YYYY-MM-DD HH:MM:SS
-+++ /tmp/transformed/policy_v1beta1_PodDisruptionBudget_cockroachdb-budget.yaml	YYYY-MM-DD HH:MM:SS
-@@ -3,7 +3,7 @@
- metadata:
-   labels:
-     app: cockroachdb
-  name: base-cockroachdb-budget
-+  name: dev-base-cockroachdb-budget
- spec:
-   maxUnavailable: 1
-   selector:
-diff -u -N /tmp/noop/rbac.authorization.k8s.io_v1beta1_ClusterRoleBinding_cockroachdb.yaml /tmp/transformed/rbac.authorization.k8s.io_v1beta1_ClusterRoleBinding_cockroachdb.yaml
--- /tmp/noop/rbac.authorization.k8s.io_v1beta1_ClusterRoleBinding_cockroachdb.yaml	YYYY-MM-DD HH:MM:SS
-+++ /tmp/transformed/rbac.authorization.k8s.io_v1beta1_ClusterRoleBinding_cockroachdb.yaml	YYYY-MM-DD HH:MM:SS
-@@ -3,12 +3,12 @@
- metadata:
-   labels:
-     app: cockroachdb
-  name: base-cockroachdb
-+  name: dev-base-cockroachdb
- roleRef:
-   apiGroup: rbac.authorization.k8s.io
-   kind: ClusterRole
-  name: base-cockroachdb
-+  name: dev-base-cockroachdb
- subjects:
- - kind: ServiceAccount
-  name: base-cockroachdb
-+  name: dev-base-cockroachdb
-   namespace: default
-diff -u -N /tmp/noop/rbac.authorization.k8s.io_v1beta1_ClusterRole_cockroachdb.yaml /tmp/transformed/rbac.authorization.k8s.io_v1beta1_ClusterRole_cockroachdb.yaml
--- /tmp/noop/rbac.authorization.k8s.io_v1beta1_ClusterRole_cockroachdb.yaml	YYYY-MM-DD HH:MM:SS
-+++ /tmp/transformed/rbac.authorization.k8s.io_v1beta1_ClusterRole_cockroachdb.yaml	YYYY-MM-DD HH:MM:SS
-@@ -3,7 +3,7 @@
- metadata:
-   labels:
-     app: cockroachdb
-  name: base-cockroachdb
-+  name: dev-base-cockroachdb
- rules:
- - apiGroups:
-   - certificates.k8s.io
-diff -u -N /tmp/noop/rbac.authorization.k8s.io_v1beta1_RoleBinding_cockroachdb.yaml /tmp/transformed/rbac.authorization.k8s.io_v1beta1_RoleBinding_cockroachdb.yaml
--- /tmp/noop/rbac.authorization.k8s.io_v1beta1_RoleBinding_cockroachdb.yaml	YYYY-MM-DD HH:MM:SS
-+++ /tmp/transformed/rbac.authorization.k8s.io_v1beta1_RoleBinding_cockroachdb.yaml	YYYY-MM-DD HH:MM:SS
-@@ -3,12 +3,12 @@
- metadata:
-   labels:
-     app: cockroachdb
-  name: base-cockroachdb
-+  name: dev-base-cockroachdb
- roleRef:
-   apiGroup: rbac.authorization.k8s.io
-   kind: Role
-  name: base-cockroachdb
-+  name: dev-base-cockroachdb
- subjects:
- - kind: ServiceAccount
-  name: base-cockroachdb
-+  name: dev-base-cockroachdb
-   namespace: default
-diff -u -N /tmp/noop/rbac.authorization.k8s.io_v1beta1_Role_cockroachdb.yaml /tmp/transformed/rbac.authorization.k8s.io_v1beta1_Role_cockroachdb.yaml
--- /tmp/noop/rbac.authorization.k8s.io_v1beta1_Role_cockroachdb.yaml	YYYY-MM-DD HH:MM:SS
-+++ /tmp/transformed/rbac.authorization.k8s.io_v1beta1_Role_cockroachdb.yaml	YYYY-MM-DD HH:MM:SS
-@@ -3,7 +3,7 @@
- metadata:
-   labels:
-     app: cockroachdb
-  name: base-cockroachdb
-+  name: dev-base-cockroachdb
- rules:
- - apiGroups:
-   - ""
-diff -u -N /tmp/noop/v1_ConfigMap_test-config-map.yaml /tmp/transformed/v1_ConfigMap_test-config-map.yaml
--- /tmp/noop/v1_ConfigMap_test-config-map.yaml	YYYY-MM-DD HH:MM:SS
-+++ /tmp/transformed/v1_ConfigMap_test-config-map.yaml	YYYY-MM-DD HH:MM:SS
-@@ -5,4 +5,4 @@
- kind: ConfigMap
- metadata:
-   creationTimestamp: null
-  name: base-test-config-map-259876d7fg
-+  name: dev-base-test-config-map-b2g2dmd64b
-diff -u -N /tmp/noop/v1_ServiceAccount_cockroachdb.yaml /tmp/transformed/v1_ServiceAccount_cockroachdb.yaml
--- /tmp/noop/v1_ServiceAccount_cockroachdb.yaml	YYYY-MM-DD HH:MM:SS
-+++ /tmp/transformed/v1_ServiceAccount_cockroachdb.yaml	YYYY-MM-DD HH:MM:SS
-@@ -3,4 +3,4 @@
- metadata:
-   labels:
-     app: cockroachdb
-  name: base-cockroachdb
-+  name: dev-base-cockroachdb
-diff -u -N /tmp/noop/v1_Service_cockroachdb-public.yaml /tmp/transformed/v1_Service_cockroachdb-public.yaml
--- /tmp/noop/v1_Service_cockroachdb-public.yaml	YYYY-MM-DD HH:MM:SS
-+++ /tmp/transformed/v1_Service_cockroachdb-public.yaml	YYYY-MM-DD HH:MM:SS
-@@ -3,7 +3,7 @@
- metadata:
-   labels:
-     app: cockroachdb
-  name: base-cockroachdb-public
-+  name: dev-base-cockroachdb-public
- spec:
-   ports:
-   - name: grpc
-diff -u -N /tmp/noop/v1_Service_cockroachdb.yaml /tmp/transformed/v1_Service_cockroachdb.yaml
--- /tmp/noop/v1_Service_cockroachdb.yaml	YYYY-MM-DD HH:MM:SS
-+++ /tmp/transformed/v1_Service_cockroachdb.yaml	YYYY-MM-DD HH:MM:SS
-@@ -8,7 +8,7 @@
-     service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
-   labels:
-     app: cockroachdb
-  name: base-cockroachdb
-+  name: dev-base-cockroachdb
- spec:
-   clusterIP: None
-   ports:
--- a/pkg/commands/build/testdata/testcase-variable-ref/expected.yaml
+++ b/pkg/commands/build/testdata/testcase-variable-ref/expected.yaml
@@ -1,235 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app: cockroachdb
-  name: dev-base-cockroachdb
---
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: Role
-metadata:
-  labels:
-    app: cockroachdb
-  name: dev-base-cockroachdb
-rules:
- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - create
-  - get
---
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
-  labels:
-    app: cockroachdb
-  name: dev-base-cockroachdb
-rules:
- apiGroups:
-  - certificates.k8s.io
-  resources:
-  - certificatesigningrequests
-  verbs:
-  - create
-  - get
-  - watch
---
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: RoleBinding
-metadata:
-  labels:
-    app: cockroachdb
-  name: dev-base-cockroachdb
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: dev-base-cockroachdb
-subjects:
- kind: ServiceAccount
-  name: dev-base-cockroachdb
-  namespace: default
---
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    app: cockroachdb
-  name: dev-base-cockroachdb
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: dev-base-cockroachdb
-subjects:
- kind: ServiceAccount
-  name: dev-base-cockroachdb
-  namespace: default
---
-apiVersion: v1
-data:
-  baz: qux
-  foo: bar
-kind: ConfigMap
-metadata:
-  name: dev-base-test-config-map-b2g2dmd64b
---
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: cockroachdb
-  name: dev-base-cockroachdb-public
-spec:
-  ports:
-  - name: grpc
-    port: 26257
-    targetPort: 26257
-  - name: http
-    port: 8080
-    targetPort: 8080
-  selector:
-    app: cockroachdb
---
-apiVersion: v1
-kind: Service
-metadata:
-  annotations:
-    prometheus.io/path: _status/vars
-    prometheus.io/port: "8080"
-    prometheus.io/scrape: "true"
-    service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
-  labels:
-    app: cockroachdb
-  name: dev-base-cockroachdb
-spec:
-  clusterIP: None
-  ports:
-  - name: grpc
-    port: 26257
-    targetPort: 26257
-  - name: http
-    port: 8080
-    targetPort: 8080
-  selector:
-    app: cockroachdb
---
-apiVersion: apps/v1beta1
-kind: StatefulSet
-metadata:
-  name: dev-base-cockroachdb
-spec:
-  replicas: 3
-  serviceName: dev-base-cockroachdb
-  template:
-    metadata:
-      labels:
-        app: cockroachdb
-    spec:
-      affinity:
-        podAntiAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-          - podAffinityTerm:
-              labelSelector:
-                matchExpressions:
-                - key: app
-                  operator: In
-                  values:
-                  - cockroachdb
-              topologyKey: kubernetes.io/hostname
-            weight: 100
-      containers:
-      - command:
-        - /bin/bash
-        - -ecx
-        - exec /cockroach/cockroach start --logtostderr --certs-dir /cockroach/cockroach-certs
-          --host $(hostname -f) --http-host 0.0.0.0 --join dev-base-cockroachdb-0.dev-base-cockroachdb,dev-base-cockroachdb-1.dev-base-cockroachdb,dev-base-cockroachdb-2.dev-base-cockroachdb
-          --cache 25% --max-sql-memory 25%
-        image: cockroachdb/cockroach:v1.1.5
-        imagePullPolicy: IfNotPresent
-        name: cockroachdb
-        ports:
-        - containerPort: 26257
-          name: grpc
-        - containerPort: 8080
-          name: http
-        volumeMounts:
-        - mountPath: /cockroach/cockroach-data
-          name: datadir
-        - mountPath: /cockroach/cockroach-certs
-          name: certs
-      initContainers:
-      - command:
-        - /bin/ash
-        - -ecx
-        - /request-cert -namespace=${POD_NAMESPACE} -certs-dir=/cockroach-certs -type=node
-          -addresses=localhost,127.0.0.1,${POD_IP},$(hostname -f),$(hostname -f|cut
-          -f 1-2 -d '.'),dev-base-cockroachdb-public -symlink-ca-from=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-        env:
-        - name: POD_IP
-          valueFrom:
-            fieldRef:
-              fieldPath: status.podIP
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        image: cockroachdb/cockroach-k8s-request-cert:0.2
-        imagePullPolicy: IfNotPresent
-        name: init-certs
-        volumeMounts:
-        - mountPath: /cockroach-certs
-          name: certs
-      serviceAccountName: dev-base-cockroachdb
-      terminationGracePeriodSeconds: 60
-      volumes:
-      - name: datadir
-        persistentVolumeClaim:
-          claimName: datadir
-      - emptyDir: {}
-        name: certs
-  updateStrategy:
-    type: RollingUpdate
-  volumeClaimTemplates:
-  - metadata:
-      name: datadir
-    spec:
-      accessModes:
-      - ReadWriteOnce
-      resources:
-        requests:
-          storage: 1Gi
---
-apiVersion: batch/v1beta1
-kind: CronJob
-metadata:
-  name: dev-base-cronjob-example
-spec:
-  concurrencyPolicy: Forbid
-  jobTemplate:
-    spec:
-      template:
-        spec:
-          containers:
-          - command:
-            - echo
-            - dev-base-cockroachdb
-            - dev-base-test-config-map-b2g2dmd64b
-            env:
-            - name: CDB_PUBLIC_SVC
-              value: dev-base-cockroachdb-public
-            image: cockroachdb/cockroach:v1.1.5
-            name: cronjob-example
-  schedule: '*/1 * * * *'
---
-apiVersion: policy/v1beta1
-kind: PodDisruptionBudget
-metadata:
-  labels:
-    app: cockroachdb
-  name: dev-base-cockroachdb-budget
-spec:
-  maxUnavailable: 1
-  selector:
-    matchLabels:
-      app: cockroachdb
--- a/pkg/commands/build/testdata/testcase-variable-ref/in/overlay/kustomization.yaml
+++ b/pkg/commands/build/testdata/testcase-variable-ref/in/overlay/kustomization.yaml
@@ -1,4 +0,0 @@
-namePrefix: dev-
-bases:
- ../package
-
--- a/pkg/commands/build/testdata/testcase-variable-ref/in/package/cockroachdb-statefulset-secure.yaml
+++ b/pkg/commands/build/testdata/testcase-variable-ref/in/package/cockroachdb-statefulset-secure.yaml
@@ -1,235 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: cockroachdb
-  labels:
-    app: cockroachdb
---
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: Role
-metadata:
-  name: cockroachdb
-  labels:
-    app: cockroachdb
-rules:
- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - create
-  - get
---
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
-  name: cockroachdb
-  labels:
-    app: cockroachdb
-rules:
- apiGroups:
-  - certificates.k8s.io
-  resources:
-  - certificatesigningrequests
-  verbs:
-  - create
-  - get
-  - watch
---
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: RoleBinding
-metadata:
-  name: cockroachdb
-  labels:
-    app: cockroachdb
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: cockroachdb
-subjects:
- kind: ServiceAccount
-  name: cockroachdb
-  namespace: default
---
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRoleBinding
-metadata:
-  name: cockroachdb
-  labels:
-    app: cockroachdb
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: cockroachdb
-subjects:
- kind: ServiceAccount
-  name: cockroachdb
-  namespace: default
---
-apiVersion: v1
-kind: Service
-metadata:
-  # This service is meant to be used by clients of the database. It exposes a ClusterIP that will
-  # automatically load balance connections to the different database pods.
-  name: cockroachdb-public
-  labels:
-    app: cockroachdb
-spec:
-  ports:
-  # The main port, served by gRPC, serves Postgres-flavor SQL, internode
-  # traffic and the cli.
-  - port: 26257
-    targetPort: 26257
-    name: grpc
-  # The secondary port serves the UI as well as health and debug endpoints.
-  - port: 8080
-    targetPort: 8080
-    name: http
-  selector:
-    app: cockroachdb
---
-apiVersion: v1
-kind: Service
-metadata:
-  # This service only exists to create DNS entries for each pod in the stateful
-  # set such that they can resolve each other's IP addresses. It does not
-  # create a load-balanced ClusterIP and should not be used directly by clients
-  # in most circumstances.
-  name: cockroachdb
-  labels:
-    app: cockroachdb
-  annotations:
-    # This is needed to make the peer-finder work properly and to help avoid
-    # edge cases where instance 0 comes up after losing its data and needs to
-    # decide whether it should create a new cluster or try to join an existing
-    # one. If it creates a new cluster when it should have joined an existing
-    # one, we'd end up with two separate clusters listening at the same service
-    # endpoint, which would be very bad.
-    service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
-    # Enable automatic monitoring of all instances when Prometheus is running in the cluster.
-    prometheus.io/scrape: "true"
-    prometheus.io/path: "_status/vars"
-    prometheus.io/port: "8080"
-spec:
-  ports:
-  - port: 26257
-    targetPort: 26257
-    name: grpc
-  - port: 8080
-    targetPort: 8080
-    name: http
-  clusterIP: None
-  selector:
-    app: cockroachdb
---
-apiVersion: policy/v1beta1
-kind: PodDisruptionBudget
-metadata:
-  name: cockroachdb-budget
-  labels:
-    app: cockroachdb
-spec:
-  selector:
-    matchLabels:
-      app: cockroachdb
-  maxUnavailable: 1
---
-apiVersion: apps/v1beta1
-kind: StatefulSet
-metadata:
-  name: cockroachdb
-spec:
-  serviceName: "cockroachdb"
-  replicas: 3
-  template:
-    metadata:
-      labels:
-        app: cockroachdb
-    spec:
-      serviceAccountName: cockroachdb
-      # Init containers are run only once in the lifetime of a pod, before
-      # it's started up for the first time. It has to exit successfully
-      # before the pod's main containers are allowed to start.
-      initContainers:
-      # The init-certs container sends a certificate signing request to the
-      # kubernetes cluster.
-      # You can see pending requests using: kubectl get csr
-      # CSRs can be approved using:         kubectl certificate approve <csr name>
-      #
-      # All addresses used to contact a node must be specified in the --addresses arg.
-      #
-      # In addition to the node certificate and key, the init-certs entrypoint will symlink
-      # the cluster CA to the certs directory.
-      - name: init-certs
-        image: cockroachdb/cockroach-k8s-request-cert:0.2
-        imagePullPolicy: IfNotPresent
-        command:
-        - "/bin/ash"
-        - "-ecx"
-        - "/request-cert -namespace=${POD_NAMESPACE} -certs-dir=/cockroach-certs -type=node -addresses=localhost,127.0.0.1,${POD_IP},$(hostname -f),$(hostname -f|cut -f 1-2 -d '.'),$(CDB_PUBLIC_SVC) -symlink-ca-from=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
-        env:
-        - name: POD_IP
-          valueFrom:
-            fieldRef:
-              fieldPath: status.podIP
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        volumeMounts:
-        - name: certs
-          mountPath: /cockroach-certs
-
-      affinity:
-        podAntiAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-          - weight: 100
-            podAffinityTerm:
-              labelSelector:
-                matchExpressions:
-                - key: app
-                  operator: In
-                  values:
-                  - cockroachdb
-              topologyKey: kubernetes.io/hostname
-      containers:
-      - name: cockroachdb
-        image: cockroachdb/cockroach:v1.1.5
-        imagePullPolicy: IfNotPresent
-        ports:
-        - containerPort: 26257
-          name: grpc
-        - containerPort: 8080
-          name: http
-        volumeMounts:
-        - name: datadir
-          mountPath: /cockroach/cockroach-data
-        - name: certs
-          mountPath: /cockroach/cockroach-certs
-        command:
-          - "/bin/bash"
-          - "-ecx"
-          # The use of qualified `hostname -f` is crucial:
-          # Other nodes aren't able to look up the unqualified hostname.
-          # Once 2.0 is out, we should be able to switch from --host to --advertise-host to make port-forwarding work to the main port.
-          - "exec /cockroach/cockroach start --logtostderr --certs-dir /cockroach/cockroach-certs --host $(hostname -f) --http-host 0.0.0.0 --join $(CDB_STATEFULSET_NAME)-0.$(CDB_STATEFULSET_SVC),$(CDB_STATEFULSET_NAME)-1.$(CDB_STATEFULSET_SVC),$(CDB_STATEFULSET_NAME)-2.$(CDB_STATEFULSET_SVC) --cache 25% --max-sql-memory 25%"
-      # No pre-stop hook is required, a SIGTERM plus some time is all that's
-      # needed for graceful shutdown of a node.
-      terminationGracePeriodSeconds: 60
-      volumes:
-      - name: datadir
-        persistentVolumeClaim:
-          claimName: datadir
-      - name: certs
-        emptyDir: {}
-  updateStrategy:
-    type: RollingUpdate
-  volumeClaimTemplates:
-  - metadata:
-      name: datadir
-    spec:
-      accessModes:
-        - "ReadWriteOnce"
-      resources:
-        requests:
-          storage: 1Gi
--- a/pkg/commands/build/testdata/testcase-variable-ref/in/package/cronjob.yaml
+++ b/pkg/commands/build/testdata/testcase-variable-ref/in/package/cronjob.yaml
@@ -1,21 +0,0 @@
-apiVersion: batch/v1beta1
-kind: CronJob
-metadata:
-  name: cronjob-example
-spec:
-  schedule: "*/1 * * * *"
-  concurrencyPolicy: Forbid
-  jobTemplate:
-    spec:
-      template:
-        spec:
-          containers:
-          - name: cronjob-example
-            image: cockroachdb/cockroach:v1.1.5
-            command:
-            - echo
-            - "$(CDB_STATEFULSET_NAME)"
-            - "$(TEST_CONFIG_MAP)"
-            env:
-              - name: CDB_PUBLIC_SVC
-                value: "$(CDB_PUBLIC_SVC)"
--- a/Show More
+++ b/Show More