Merge pull request #175 from Liujingfang1/crd

skip adding namespace to CustomResourceDefinitions

docs/kustomization.yaml

@@ -136,3 +136,51 @@ patches:
 crds:
 - crds/typeA.yaml
 - crds/typeB.yaml
+
+# Vars are used to insert values from resources that cannot be referenced
+# otherwise. For example if you need to pass a Service's name to the arguments
+# or environment variables of a program but without hard coding the actual name
+# of the Service you'd insert `$(MY_SERVICE_NAME)` into the value field of the
+# env var or into the command or args of the container as shown here:
+# ```
+#   containers:
+#     - image: myimage
+#       command: ["start", "--host", "$(MY_SERVICE_NAME)"]
+#       env:
+#         - name: SECRET_TOKEN
+#           value: $(SOME_SECRET_NAME)
+# ```
+#
+# Then you'll add an entry to `vars:` like shown below with the same name
+# and a reference to the resource from which to pull the field's value.
+# The actual field's path is optional and by default it will use
+# `metadata.name`. Currently only string type fields are supported, no integers
+# or booleans, etc. Also array access is currently not possible. For example getting
+# the image field of container number 2 inside of a pod can currently not be done.
+#
+# Not every location of a variable is supported. To see a complete list of locations
+# see the file [refvars.go](https://github.com/kubernetes-sigs/kustomize/blob/master/pkg/transformers/refvars.go#L20).
+#
+# An example of a situation where you'd not use vars is when you'd like to set a
+# pod's `serviceAccountName`. In that case you would just reference the ServiceAccount
+# by name and Kustomize will resolve it to the eventual name while building the manifests.
+vars:
+  - name: SOME_SECRET_NAME
+    objref:
+      kind: Secret
+      name: my-secret
+      apiVersion: v1
+  - name: MY_SERVICE_NAME
+    objref:
+      kind: Service
+      name: my-service
+      apiVersion: v1
+    fieldref:
+      fieldpath: metadata.name
+  - name: ANOTHER_DEPLOYMENTS_POD_RESTART_POLICY
+    objref:
+      kind: Deployment
+      name: my-deployment
+      apiVersion: apps/v1
+    fieldref:
+      fieldpath: spec.template.spec.restartPolicy

examples/helloWorld/kustomization.yaml

@@ -5,5 +5,10 @@ commonLabels:
 
 resources:
 - deployment.yaml
-- configMap.yaml
 - service.yaml
+
+configMapGenerator:
+- name: the-map
+  literals:
+    - altGreeting="Good Morning!"
+    - enableRisky="false"

pkg/app/application.go

@@ -98,8 +98,12 @@ func (a *Application) MakeUncustomizedResMap() (resmap.ResMap, error) {
 
 // resolveRefsToGeneratedResources fixes all name references.
 func (a *Application) resolveRefsToGeneratedResources(m resmap.ResMap) (resmap.ResMap, error) {
-	r := []transformers.Transformer{transformers.NewNameHashTransformer()}
+	err := transformers.NewNameHashTransformer().Transform(m)
+	if err != nil {
+		return nil, err
+	}
 
+	r := []transformers.Transformer{}
 	t, err := transformers.NewDefaultingNameReferenceTransformer()
 	if err != nil {
 		return nil, err

pkg/commands/testdata/testcase-multiple-patches-noconflict/in/overlay/kustomization.yaml

@@ -2,7 +2,8 @@ namePrefix: staging-
 commonLabels:
   env: staging
 patches:
-  - patches/deployment-patch*.yaml
+  - patches/deployment-patch1.yaml
+  - patches/deployment-patch2.yaml
 bases:
   - ../package/
 configMapGenerator:

pkg/commands/testdata/testcase-variable-ref/expected.diff

@@ -53,12 +53,14 @@ diff -u -N /tmp/noop/batch_v1beta1_CronJob_cronjob-example.yaml /tmp/transformed
  spec:
    concurrencyPolicy: Forbid
    jobTemplate:
-@@ -11,10 +11,10 @@
+@@ -11,11 +11,11 @@
            containers:
            - command:
              - echo
 -            - base-cockroachdb
+-            - base-test-config-map-259876d7fg
 +            - dev-base-cockroachdb
++            - dev-base-test-config-map-b2g2dmd64b
              env:
              - name: CDB_PUBLIC_SVC
 -              value: base-cockroachdb-public
@@ -140,6 +142,15 @@ diff -u -N /tmp/noop/rbac.authorization.k8s.io_v1beta1_Role_cockroachdb.yaml /tm
  rules:
  - apiGroups:
    - ""
+diff -u -N /tmp/noop/v1_ConfigMap_test-config-map.yaml /tmp/transformed/v1_ConfigMap_test-config-map.yaml
+--- /tmp/noop/v1_ConfigMap_test-config-map.yaml	YYYY-MM-DD HH:MM:SS
++++ /tmp/transformed/v1_ConfigMap_test-config-map.yaml	YYYY-MM-DD HH:MM:SS
+@@ -5,4 +5,4 @@
+ kind: ConfigMap
+ metadata:
+   creationTimestamp: null
+-  name: base-test-config-map-259876d7fg
++  name: dev-base-test-config-map-b2g2dmd64b
 diff -u -N /tmp/noop/v1_ServiceAccount_cockroachdb.yaml /tmp/transformed/v1_ServiceAccount_cockroachdb.yaml
 --- /tmp/noop/v1_ServiceAccount_cockroachdb.yaml	YYYY-MM-DD HH:MM:SS
 +++ /tmp/transformed/v1_ServiceAccount_cockroachdb.yaml	YYYY-MM-DD HH:MM:SS

pkg/commands/testdata/testcase-variable-ref/expected.yaml

@@ -67,6 +67,15 @@ subjects:
   namespace: default
 ---
 apiVersion: v1
+data:
+  baz: qux
+  foo: bar
+kind: ConfigMap
+metadata:
+  creationTimestamp: null
+  name: dev-base-test-config-map-b2g2dmd64b
+---
+apiVersion: v1
 kind: Service
 metadata:
   annotations:
@@ -206,6 +215,7 @@ spec:
           - command:
             - echo
             - dev-base-cockroachdb
+            - dev-base-test-config-map-b2g2dmd64b
             env:
             - name: CDB_PUBLIC_SVC
               value: dev-base-cockroachdb-public

pkg/commands/testdata/testcase-variable-ref/in/package/cronjob.yaml

@@ -15,6 +15,7 @@ spec:
             command:
             - echo
             - "$(CDB_STATEFULSET_NAME)"
+            - "$(TEST_CONFIG_MAP)"
             env:
               - name: CDB_PUBLIC_SVC
                 value: "$(CDB_PUBLIC_SVC)"

pkg/commands/testdata/testcase-variable-ref/in/package/kustomization.yaml

@@ -2,6 +2,11 @@ namePrefix: base-
 resources:
  - cockroachdb-statefulset-secure.yaml
  - cronjob.yaml
+configMapGenerator:
+- name: test-config-map
+  literals:
+    - foo=bar
+    - baz=qux
 vars:
  - name: CDB_PUBLIC_SVC
    objref:
@@ -25,3 +30,10 @@ vars:
    fieldref:
         fieldpath: metadata.name
 
+ - name: TEST_CONFIG_MAP
+   objref:
+        kind: ConfigMap
+        name: test-config-map
+        apiVersion: v1
+   fieldref:
+        fieldpath: metadata.name

pkg/transformers/labelsandannotations_test.go

@@ -30,10 +30,14 @@ var secret = schema.GroupVersionKind{Version: "v1", Kind: "Secret"}
 var cmap = schema.GroupVersionKind{Version: "v1", Kind: "ConfigMap"}
 var ns = schema.GroupVersionKind{Version: "v1", Kind: "Namespace"}
 var deploy = schema.GroupVersionKind{Group: "apps", Version: "v1", Kind: "Deployment"}
+var statefulset = schema.GroupVersionKind{Group: "apps", Version: "v1", Kind: "StatefulSet"}
 var foo = schema.GroupVersionKind{Group: "example.com", Version: "v1", Kind: "Foo"}
 var crd = schema.GroupVersionKind{Group: "apiwctensions.k8s.io", Version: "v1beta1", Kind: "CustomResourceDefinition"}
 var job = schema.GroupVersionKind{Group: "batch", Version: "v1", Kind: "Job"}
 var cronjob = schema.GroupVersionKind{Group: "batch", Version: "v1beta1", Kind: "CronJob"}
+var pvc = schema.GroupVersionKind{Version: "v1", Kind: "PersistentVolumeClaim"}
+var crb = schema.GroupVersionKind{Group: "rbac.authorization.k8s.io", Version: "v1", Kind: "ClusterRoleBinding"}
+var sa = schema.GroupVersionKind{Version: "v1", Kind: "ServiceAccount"}
 
 func TestLabelsRun(t *testing.T) {
 	m := resmap.ResMap{

pkg/transformers/labelsandannotationsconfig.go

@@ -52,6 +52,32 @@ var defaultLabelsPathConfigs = []PathConfig{
 		Path:               []string{"spec", "template", "metadata", "labels"},
 		CreateIfNotPresent: true,
 	},
+	{
+		GroupVersionKind: &schema.GroupVersionKind{Group: "apps", Kind: "Deployment"},
+		Path: []string{"spec", "template", "spec", "affinity", "podAffinity",
+			"preferredDuringSchedulingIgnoredDuringExecution",
+			"podAffinityTerm", "labelSelector", "matchLabels"},
+		CreateIfNotPresent: false,
+	},
+	{
+		GroupVersionKind: &schema.GroupVersionKind{Group: "apps", Kind: "Deployment"},
+		Path: []string{"spec", "template", "spec", "affinity", "podAffinity",
+			"requiredDuringSchedulingIgnoredDuringExecution", "labelSelector", "matchLabels"},
+		CreateIfNotPresent: false,
+	},
+	{
+		GroupVersionKind: &schema.GroupVersionKind{Group: "apps", Kind: "Deployment"},
+		Path: []string{"spec", "template", "spec", "affinity", "podAntiAffinity",
+			"preferredDuringSchedulingIgnoredDuringExecution",
+			"podAffinityTerm", "labelSelector", "matchLabels"},
+		CreateIfNotPresent: false,
+	},
+	{
+		GroupVersionKind: &schema.GroupVersionKind{Group: "apps", Kind: "Deployment"},
+		Path: []string{"spec", "template", "spec", "affinity", "podAntiAffinity",
+			"requiredDuringSchedulingIgnoredDuringExecution", "labelSelector", "matchLabels"},
+		CreateIfNotPresent: false,
+	},
 	{
 		GroupVersionKind:   &schema.GroupVersionKind{Kind: "ReplicaSet"},
 		Path:               []string{"spec", "selector", "matchLabels"},
@@ -82,6 +108,32 @@ var defaultLabelsPathConfigs = []PathConfig{
 		Path:               []string{"spec", "template", "metadata", "labels"},
 		CreateIfNotPresent: true,
 	},
+	{
+		GroupVersionKind: &schema.GroupVersionKind{Group: "apps", Kind: "StatefulSet"},
+		Path: []string{"spec", "template", "spec", "affinity", "podAffinity",
+			"preferredDuringSchedulingIgnoredDuringExecution",
+			"podAffinityTerm", "labelSelector", "matchLabels"},
+		CreateIfNotPresent: false,
+	},
+	{
+		GroupVersionKind: &schema.GroupVersionKind{Group: "apps", Kind: "StatefulSet"},
+		Path: []string{"spec", "template", "spec", "affinity", "podAffinity",
+			"requiredDuringSchedulingIgnoredDuringExecution", "labelSelector", "matchLabels"},
+		CreateIfNotPresent: false,
+	},
+	{
+		GroupVersionKind: &schema.GroupVersionKind{Group: "apps", Kind: "StatefulSet"},
+		Path: []string{"spec", "template", "spec", "affinity", "podAntiAffinity",
+			"preferredDuringSchedulingIgnoredDuringExecution",
+			"podAffinityTerm", "labelSelector", "matchLabels"},
+		CreateIfNotPresent: false,
+	},
+	{
+		GroupVersionKind: &schema.GroupVersionKind{Group: "apps", Kind: "StatefulSet"},
+		Path: []string{"spec", "template", "spec", "affinity", "podAntiAffinity",
+			"requiredDuringSchedulingIgnoredDuringExecution", "labelSelector", "matchLabels"},
+		CreateIfNotPresent: false,
+	},
 	{
 		GroupVersionKind:   &schema.GroupVersionKind{Group: "batch", Kind: "Job"},
 		Path:               []string{"spec", "selector", "matchLabels"},
@@ -107,6 +159,21 @@ var defaultLabelsPathConfigs = []PathConfig{
 		Path:               []string{"spec", "selector", "matchLabels"},
 		CreateIfNotPresent: true,
 	},
+	{
+		GroupVersionKind:   &schema.GroupVersionKind{Group: "networking.k8s.io", Kind: "NetworkPolicy"},
+		Path:               []string{"spec", "podSelector", "matchLabels"},
+		CreateIfNotPresent: true,
+	},
+	{
+		GroupVersionKind:   &schema.GroupVersionKind{Group: "networking.k8s.io", Kind: "NetworkPolicy"},
+		Path:               []string{"spec", "ingress", "from", "podSelector", "matchLabels"},
+		CreateIfNotPresent: false,
+	},
+	{
+		GroupVersionKind:   &schema.GroupVersionKind{Group: "networking.k8s.io", Kind: "NetworkPolicy"},
+		Path:               []string{"spec", "egress", "to", "podSelector", "matchLabels"},
+		CreateIfNotPresent: false,
+	},
 }
 
 // defaultLabelsPathConfigs is the default configuration for mutating annotations

pkg/transformers/namereference_test.go

@@ -35,6 +35,14 @@ func TestNameReferenceRun(t *testing.T) {
 					"name": "someprefix-cm1-somehash",
 				},
 			}),
+		resource.NewResId(cmap, "cm2"): resource.NewResourceFromMap(
+			map[string]interface{}{
+				"apiVersion": "v1",
+				"kind":       "ConfigMap",
+				"metadata": map[string]interface{}{
+					"name": "someprefix-cm2-somehash",
+				},
+			}),
 		resource.NewResId(secret, "secret1"): resource.NewResourceFromMap(
 			map[string]interface{}{
 				"apiVersion": "v1",
@@ -43,6 +51,14 @@ func TestNameReferenceRun(t *testing.T) {
 					"name": "someprefix-secret1-somehash",
 				},
 			}),
+		resource.NewResId(pvc, "claim1"): resource.NewResourceFromMap(
+			map[string]interface{}{
+				"apiVersion": "v1",
+				"kind":       "PersistentVolumeClaim",
+				"metadata": map[string]interface{}{
+					"name": "someprefix-claim1",
+				},
+			}),
 		resource.NewResId(deploy, "deploy1"): resource.NewResourceFromMap(
 			map[string]interface{}{
 				"group":      "apps",
@@ -103,40 +119,31 @@ func TestNameReferenceRun(t *testing.T) {
 								"configMap": map[string]interface{}{
 									"name": "cm1",
 								},
+								"projected": map[string]interface{}{
+									"sources": map[string]interface{}{
+										"configMap": map[string]interface{}{
+											"name": "cm2",
+										},
+									},
+								},
 								"secret": map[string]interface{}{
 									"secretName": "secret1",
 								},
+								"persistentVolumeClaim": map[string]interface{}{
+									"claimName": "claim1",
+								},
 							},
 						},
 					},
 				},
 			}),
-	}
-
-	expected := resmap.ResMap{
-		resource.NewResId(cmap, "cm1"): resource.NewResourceFromMap(
-			map[string]interface{}{
-				"apiVersion": "v1",
-				"kind":       "ConfigMap",
-				"metadata": map[string]interface{}{
-					"name": "someprefix-cm1-somehash",
-				},
-			}),
-		resource.NewResId(secret, "secret1"): resource.NewResourceFromMap(
-			map[string]interface{}{
-				"apiVersion": "v1",
-				"kind":       "Secret",
-				"metadata": map[string]interface{}{
-					"name": "someprefix-secret1-somehash",
-				},
-			}),
-		resource.NewResId(deploy, "deploy1"): resource.NewResourceFromMap(
+		resource.NewResId(statefulset, "statefulset1"): resource.NewResourceFromMap(
 			map[string]interface{}{
 				"group":      "apps",
 				"apiVersion": "v1",
-				"kind":       "Deployment",
+				"kind":       "StatefulSet",
 				"metadata": map[string]interface{}{
-					"name": "deploy1",
+					"name": "statefulset1",
 				},
 				"spec": map[string]interface{}{
 					"template": map[string]interface{}{
@@ -145,53 +152,15 @@ func TestNameReferenceRun(t *testing.T) {
 								map[string]interface{}{
 									"name":  "nginx",
 									"image": "nginx:1.7.9",
-									"env": []interface{}{
-										map[string]interface{}{
-											"name": "CM_FOO",
-											"valueFrom": map[string]interface{}{
-												"configMapKeyRef": map[string]interface{}{
-													"name": "someprefix-cm1-somehash",
-													"key":  "somekey",
-												},
-											},
-										},
-										map[string]interface{}{
-											"name": "SECRET_FOO",
-											"valueFrom": map[string]interface{}{
-												"secretKeyRef": map[string]interface{}{
-													"name": "someprefix-secret1-somehash",
-													"key":  "somekey",
-												},
-											},
-										},
-									},
-									"envFrom": []interface{}{
-										map[string]interface{}{
-											"configMapRef": map[string]interface{}{
-												"name": "someprefix-cm1-somehash",
-												"key":  "somekey",
-											},
-										},
-										map[string]interface{}{
-											"secretRef": map[string]interface{}{
-												"name": "someprefix-secret1-somehash",
-												"key":  "somekey",
-											},
-										},
-									},
-								},
-							},
-							"imagePullSecrets": []interface{}{
-								map[string]interface{}{
-									"name": "someprefix-secret1-somehash",
 								},
 							},
 							"volumes": map[string]interface{}{
-								"configMap": map[string]interface{}{
-									"name": "someprefix-cm1-somehash",
-								},
-								"secret": map[string]interface{}{
-									"secretName": "someprefix-secret1-somehash",
+								"projected": map[string]interface{}{
+									"sources": map[string]interface{}{
+										"configMap": map[string]interface{}{
+											"name": "cm2",
+										},
+									},
 								},
 							},
 						},
@@ -200,6 +169,120 @@ func TestNameReferenceRun(t *testing.T) {
 			}),
 	}
 
+	expected := resmap.ResMap{}
+	for k, v := range m {
+		expected[k] = v
+	}
+
+	expected[resource.NewResId(deploy, "deploy1")] = resource.NewResourceFromMap(
+		map[string]interface{}{
+			"group":      "apps",
+			"apiVersion": "v1",
+			"kind":       "Deployment",
+			"metadata": map[string]interface{}{
+				"name": "deploy1",
+			},
+			"spec": map[string]interface{}{
+				"template": map[string]interface{}{
+					"spec": map[string]interface{}{
+						"containers": []interface{}{
+							map[string]interface{}{
+								"name":  "nginx",
+								"image": "nginx:1.7.9",
+								"env": []interface{}{
+									map[string]interface{}{
+										"name": "CM_FOO",
+										"valueFrom": map[string]interface{}{
+											"configMapKeyRef": map[string]interface{}{
+												"name": "someprefix-cm1-somehash",
+												"key":  "somekey",
+											},
+										},
+									},
+									map[string]interface{}{
+										"name": "SECRET_FOO",
+										"valueFrom": map[string]interface{}{
+											"secretKeyRef": map[string]interface{}{
+												"name": "someprefix-secret1-somehash",
+												"key":  "somekey",
+											},
+										},
+									},
+								},
+								"envFrom": []interface{}{
+									map[string]interface{}{
+										"configMapRef": map[string]interface{}{
+											"name": "someprefix-cm1-somehash",
+											"key":  "somekey",
+										},
+									},
+									map[string]interface{}{
+										"secretRef": map[string]interface{}{
+											"name": "someprefix-secret1-somehash",
+											"key":  "somekey",
+										},
+									},
+								},
+							},
+						},
+						"imagePullSecrets": []interface{}{
+							map[string]interface{}{
+								"name": "someprefix-secret1-somehash",
+							},
+						},
+						"volumes": map[string]interface{}{
+							"configMap": map[string]interface{}{
+								"name": "someprefix-cm1-somehash",
+							},
+							"projected": map[string]interface{}{
+								"sources": map[string]interface{}{
+									"configMap": map[string]interface{}{
+										"name": "someprefix-cm2-somehash",
+									},
+								},
+							},
+							"secret": map[string]interface{}{
+								"secretName": "someprefix-secret1-somehash",
+							},
+							"persistentVolumeClaim": map[string]interface{}{
+								"claimName": "someprefix-claim1",
+							},
+						},
+					},
+				},
+			},
+		})
+	expected[resource.NewResId(statefulset, "statefulset1")] = resource.NewResourceFromMap(
+		map[string]interface{}{
+			"group":      "apps",
+			"apiVersion": "v1",
+			"kind":       "StatefulSet",
+			"metadata": map[string]interface{}{
+				"name": "statefulset1",
+			},
+			"spec": map[string]interface{}{
+				"template": map[string]interface{}{
+					"spec": map[string]interface{}{
+						"containers": []interface{}{
+							map[string]interface{}{
+								"name":  "nginx",
+								"image": "nginx:1.7.9",
+							},
+						},
+						"volumes": map[string]interface{}{
+							"projected": map[string]interface{}{
+								"sources": map[string]interface{}{
+									"configMap": map[string]interface{}{
+										"name": "someprefix-cm2-somehash",
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+		})
+
 	nrt, err := NewDefaultingNameReferenceTransformer()
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)

pkg/transformers/namereferenceconfig.go

@@ -146,6 +146,13 @@ var defaultNameReferencePathConfigs = []ReferencePathConfig{
 				Path:               []string{"spec", "template", "spec", "initContainers", "envFrom", "configMapRef", "name"},
 				CreateIfNotPresent: false,
 			},
+			{
+				GroupVersionKind: &schema.GroupVersionKind{
+					Kind: "Deployment",
+				},
+				Path:               []string{"spec", "template", "spec", "volumes", "projected", "sources", "configMap", "name"},
+				CreateIfNotPresent: false,
+			},
 			{
 				GroupVersionKind: &schema.GroupVersionKind{
 					Kind: "ReplicaSet",
@@ -251,6 +258,13 @@ var defaultNameReferencePathConfigs = []ReferencePathConfig{
 				Path:               []string{"spec", "template", "spec", "initContainers", "envFrom", "configMapRef", "name"},
 				CreateIfNotPresent: false,
 			},
+			{
+				GroupVersionKind: &schema.GroupVersionKind{
+					Kind: "StatefulSet",
+				},
+				Path:               []string{"spec", "template", "spec", "volumes", "projected", "sources", "configMap", "name"},
+				CreateIfNotPresent: false,
+			},
 			{
 				GroupVersionKind: &schema.GroupVersionKind{
 					Kind: "Job",
@@ -789,6 +803,63 @@ var defaultNameReferencePathConfigs = []ReferencePathConfig{
 			},
 		},
 	},
+	{
+		referencedGVK: schema.GroupVersionKind{
+			Version: "v1",
+			Kind:    "PersistentVolumeClaim",
+		},
+		pathConfigs: []PathConfig{
+			{
+				GroupVersionKind: &schema.GroupVersionKind{
+					Kind: "Pod",
+				},
+				Path:               []string{"spec", "volumes", "persistentVolumeClaim", "claimName"},
+				CreateIfNotPresent: false,
+			},
+			{
+				GroupVersionKind: &schema.GroupVersionKind{
+					Kind: "StatefulSet",
+				},
+				Path:               []string{"spec", "template", "spec", "volumes", "persistentVolumeClaim", "claimName"},
+				CreateIfNotPresent: false,
+			},
+			{
+				GroupVersionKind: &schema.GroupVersionKind{
+					Kind: "Deployment",
+				},
+				Path:               []string{"spec", "template", "spec", "volumes", "persistentVolumeClaim", "claimName"},
+				CreateIfNotPresent: false,
+			},
+			{
+				GroupVersionKind: &schema.GroupVersionKind{
+					Kind: "ReplicationController",
+				},
+				Path:               []string{"spec", "template", "spec", "volumes", "persistentVolumeClaim", "claimName"},
+				CreateIfNotPresent: false,
+			},
+			{
+				GroupVersionKind: &schema.GroupVersionKind{
+					Kind: "CronJob",
+				},
+				Path:               []string{"spec", "jobTemplate", "spec", "template", "spec", "volumes", "persistentVolumeClaim", "claimName"},
+				CreateIfNotPresent: false,
+			},
+			{
+				GroupVersionKind: &schema.GroupVersionKind{
+					Kind: "Job",
+				},
+				Path:               []string{"spec", "template", "spec", "volumes", "persistentVolumeClaim", "claimName"},
+				CreateIfNotPresent: false,
+			},
+			{
+				GroupVersionKind: &schema.GroupVersionKind{
+					Kind: "DaemonSet",
+				},
+				Path:               []string{"spec", "template", "spec", "volumes", "persistentVolumeClaim", "claimName"},
+				CreateIfNotPresent: false,
+			},
+		},
+	},
 }
 
 // AddNameReferencePathConfigs adds extra reference path configs to the default one

pkg/transformers/namespace.go

@@ -50,6 +50,11 @@ var skipNamespacePathConfigs = []PathConfig{
 			Kind: "ClusterRole",
 		},
 	},
+	{
+		GroupVersionKind: &schema.GroupVersionKind{
+			Kind: "CustomResourceDefinition",
+		},
+	},
 }
 
 var _ Transformer = &namespaceTransformer{}
@@ -97,5 +102,41 @@ func (o *namespaceTransformer) Transform(m resmap.ResMap) error {
 		}
 
 	}
+	o.updateClusterRoleBinding(m)
 	return nil
 }
+
+func (o *namespaceTransformer) updateClusterRoleBinding(m resmap.ResMap) {
+	saMap := map[string]bool{}
+	saGVK := schema.GroupVersionKind{Version: "v1", Kind: "ServiceAccount"}
+	for id := range m {
+		if id.Gvk().String() == saGVK.String() {
+			saMap[id.Name()] = true
+		}
+	}
+
+	for id := range m {
+		if id.Gvk().Kind != "ClusterRoleBinding" && id.Gvk().Kind != "RoleBinding" {
+			continue
+		}
+		objMap := m[id].UnstructuredContent()
+		subjects := objMap["subjects"].([]interface{})
+		for i := range subjects {
+			subject := subjects[i].(map[string]interface{})
+			kind, foundk := subject["kind"]
+			name, foundn := subject["name"]
+			if !foundk || !foundn || kind.(string) != "ServiceAccount" {
+				continue
+			}
+			// a ServiceAccount named “default” exists in every active namespace
+			if name.(string) == "default" || saMap[name.(string)] {
+				subject := subjects[i].(map[string]interface{})
+				mutateField(subject, []string{"namespace"}, true, func(_ interface{}) (interface{}, error) {
+					return o.namespace, nil
+				})
+				subjects[i] = subject
+			}
+		}
+		objMap["subjects"] = subjects
+	}
+}

pkg/transformers/namespace_test.go

@@ -51,6 +51,57 @@ func TestNamespaceRun(t *testing.T) {
 					"name": "ns1",
 				},
 			}),
+		resource.NewResId(sa, "default"): resource.NewResourceFromMap(
+			map[string]interface{}{
+				"apiVersion": "v1",
+				"kind":       "ServiceAccount",
+				"metadata": map[string]interface{}{
+					"name":      "default",
+					"namespace": "system",
+				},
+			}),
+		resource.NewResId(sa, "service-account"): resource.NewResourceFromMap(
+			map[string]interface{}{
+				"apiVersion": "v1",
+				"kind":       "ServiceAccount",
+				"metadata": map[string]interface{}{
+					"name":      "service-account",
+					"namespace": "system",
+				},
+			}),
+		resource.NewResId(crb, "crb"): resource.NewResourceFromMap(
+			map[string]interface{}{
+				"apiVersion": "rbac.authorization.k8s.io/v1",
+				"kind":       "ClusterRoleBinding",
+				"metadata": map[string]interface{}{
+					"name": "manager-rolebinding",
+				},
+				"subjects": []interface{}{
+					map[string]interface{}{
+						"kind":      "ServiceAccount",
+						"name":      "default",
+						"namespace": "system",
+					},
+					map[string]interface{}{
+						"kind":      "ServiceAccount",
+						"name":      "service-account",
+						"namespace": "system",
+					},
+					map[string]interface{}{
+						"kind":      "ServiceAccount",
+						"name":      "another",
+						"namespace": "random",
+					},
+				},
+			}),
+		resource.NewResId(crd, "crd"): resource.NewResourceFromMap(
+			map[string]interface{}{
+				"apiVersion": "apiextensions.k8s.io/v1beta1",
+				"kind":       "CustomResourceDefinition",
+				"metadata": map[string]interface{}{
+					"name": "crd",
+				},
+			}),
 	}
 	expected := resmap.ResMap{
 		resource.NewResId(ns, "ns1"): resource.NewResourceFromMap(
@@ -79,6 +130,57 @@ func TestNamespaceRun(t *testing.T) {
 					"namespace": "test",
 				},
 			}),
+		resource.NewResId(sa, "default"): resource.NewResourceFromMap(
+			map[string]interface{}{
+				"apiVersion": "v1",
+				"kind":       "ServiceAccount",
+				"metadata": map[string]interface{}{
+					"name":      "default",
+					"namespace": "test",
+				},
+			}),
+		resource.NewResId(sa, "service-account"): resource.NewResourceFromMap(
+			map[string]interface{}{
+				"apiVersion": "v1",
+				"kind":       "ServiceAccount",
+				"metadata": map[string]interface{}{
+					"name":      "service-account",
+					"namespace": "test",
+				},
+			}),
+		resource.NewResId(crb, "crb"): resource.NewResourceFromMap(
+			map[string]interface{}{
+				"apiVersion": "rbac.authorization.k8s.io/v1",
+				"kind":       "ClusterRoleBinding",
+				"metadata": map[string]interface{}{
+					"name": "manager-rolebinding",
+				},
+				"subjects": []interface{}{
+					map[string]interface{}{
+						"kind":      "ServiceAccount",
+						"name":      "default",
+						"namespace": "test",
+					},
+					map[string]interface{}{
+						"kind":      "ServiceAccount",
+						"name":      "service-account",
+						"namespace": "test",
+					},
+					map[string]interface{}{
+						"kind":      "ServiceAccount",
+						"name":      "another",
+						"namespace": "random",
+					},
+				},
+			}),
+		resource.NewResId(crd, "crd"): resource.NewResourceFromMap(
+			map[string]interface{}{
+				"apiVersion": "apiextensions.k8s.io/v1beta1",
+				"kind":       "CustomResourceDefinition",
+				"metadata": map[string]interface{}{
+					"name": "crd",
+				},
+			}),
 	}
 
 	nst := NewNamespaceTransformer("test")