Merge pull request #1330 from qiujian16/generate-ns-transformer

Generate updated ns transformer
2026-06-15 02:48:16 +00:00 · 2019-07-10 08:22:28 -07:00 · 2019-07-10 11:07:31 +08:00 · 2019-07-09 14:22:24 -07:00 · 2019-07-09 13:39:19 -07:00 · 2019-07-09 10:08:03 -07:00
11 changed files with 211 additions and 21 deletions
--- a/README.md
+++ b/README.md
@@ -1,5 +1,7 @@
 # kustomize

+_[v3.0.0](https://github.com/kubernetes-sigs/kustomize/releases/tag/v3.0.0) is the latest release._
+
 `kustomize` lets you customize raw, template-free YAML
 files for multiple purposes, leaving the original YAML
 untouched and usable as is.
--- a/docs/plugins/goPluginGuidedExample.md
+++ b/docs/plugins/goPluginGuidedExample.md
@@ -1,10 +1,15 @@
 # Go Plugin Guided Example for Linux

-This is a (no reading allowed!) 60 second copy/paste guided
-example.  Full plugin docs [here](README.md).
-
 [SopsEncodedSecrets repository]: https://github.com/monopole/sopsencodedsecrets
 [Go plugin]: https://golang.org/pkg/plugin
+[Go plugin caveats]: goPluginCaveats.md
+
+This is a (no reading allowed!) 60 second copy/paste guided
+example. 
+
+Full plugin docs [here](README.md).
+Be sure to read the [Go plugin caveats].
+

 This demo uses a Go plugin, `SopsEncodedSecrets`,
 that lives in the [sopsencodedsecrets repository].
@@ -25,15 +30,18 @@ current setup.
 ## Make a place to work

 ```
+# Keeping these separate to avoid cluttering the DEMO dir.
 DEMO=$(mktemp -d)
+tmpGoPath=$(mktemp -d)
 ```

 ## Install kustomize

-Need v3.0.0 for what follows:
+Need v3.0.0 for what follows, and you must _compile_
+it (not download the binary from the release page):

 ```
-GOBIN=$DEMO/bin go get sigs.k8s.io/kustomize/v3/cmd/kustomize@v3.0.0-pre
+GOPATH=$tmpGoPath go install sigs.k8s.io/kustomize/v3/cmd/kustomize
 ```

 ## Make a home for plugins
@@ -147,7 +155,7 @@ Build the object code for use by kustomize:

 ```
 cd $MY_PLUGIN_DIR
-go build -buildmode plugin -o ${kind}.so ${kind}.go
+GOPATH=$tmpGoPath go build -buildmode plugin -o ${kind}.so ${kind}.go
 ```

 This step may succeed, but kustomize might
@@ -199,7 +207,8 @@ cat <<EOF >$MYAPP/secGenerator.yaml
 apiVersion: ${apiVersion}
 kind: ${kind}
 metadata:
-  name: forbiddenValues
+  name: mySecretGenerator
+name: forbiddenValues
 namespace: production
 file: myEncryptedData.yaml
 keys:
@@ -257,7 +266,7 @@ echo $keyLocation
 ### Install `sops`

 ```
-GOBIN=$DEMO/bin go install go.mozilla.org/sops/cmd/sops
+GOPATH=$tmpGoPath go install go.mozilla.org/sops/cmd/sops
 ```

 ### Create data encrypted with your Google Cloud key
@@ -270,13 +279,12 @@ ROCKET: saturn-v
 FRUIT: apple
 CAR: dymaxion
 EOF
-
 ```

 Encrypt the data into file the plugin wants to read:

 ```
-$DEMO/bin/sops --encrypt \
+$tmpGoPath/bin/sops --encrypt \
  --gcp-kms $keyLocation \
  $MYAPP/myClearData.yaml >$MYAPP/myEncryptedData.yaml
 ```
@@ -287,11 +295,32 @@ Review the files
 tree $DEMO
 ```

+This should look something like:
+
+> ```
+> /tmp/tmp.0kIE9VclPt
+> ├── kustomize
+> │   └── plugin
+> │       └── mygenerators
+> │           └── sopsencodedsecrets
+> │               ├── go.mod
+> │               ├── go.sum
+> │               ├── LICENSE
+> │               ├── README.md
+> │               ├── SopsEncodedSecrets.go
+> │               ├── SopsEncodedSecrets.so
+> │               └── SopsEncodedSecrets_test.go
+> └── myapp
+>     ├── kustomization.yaml
+>     ├── myClearData.yaml
+>     ├── myEncryptedData.yaml
+>     └── secGenerator.yaml
+> ```

 ## Build your app, using the plugin:

 ```
-XDG_CONFIG_HOME=$DEMO $DEMO/bin/kustomize build --enable_alpha_plugins $MYAPP
+XDG_CONFIG_HOME=$DEMO $tmpGoPath/bin/kustomize build --enable_alpha_plugins $MYAPP
 ```

 This should emit a kubernetes secret, with
--- a/docs/v3.0.0.md
+++ b/docs/v3.0.0.md
@@ -1,18 +1,15 @@
 # kustomize 3.0.0

 This release is basically [v2.1.0](v2.1.0.md),
-with some post-v2.1.0 bugs fixed and a `v3` in Go
-package paths.
+with many post-v2.1.0 bugs fixed (in about 150
+commits) and a `v3` in Go package paths.

 [plugin]: https://github.com/kubernetes-sigs/kustomize/tree/master/docs/plugins

 The major version increment to `v3` puts a new
 floor on a stable API for [plugin] developers
 (both _Go_ plugin developers and _exec_ plugin
-developers who happen to use Go), to carry them
-through the coming series of minor releases and
-patches.
-
+developers who happen to use Go).

 ### Why so soon after v2.1.0?

--- a/go.sum
+++ b/go.sum
@@ -149,6 +149,7 @@ k8s.io/klog v0.3.3 h1:niceAagH1tzskmaie/icWd7ci1wbG7Bf2c6YGcQv+3c=
 k8s.io/klog v0.3.3/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
 k8s.io/kube-openapi v0.0.0-20190603182131-db7b694dc208 h1:5sW+fEHvlJI3Ngolx30CmubFulwH28DhKjGf70Xmtco=
 k8s.io/kube-openapi v0.0.0-20190603182131-db7b694dc208/go.mod h1:nfDlWeOsu3pUf4yWGL+ERqohP4YsZcBJXWMK+gkzOA4=
+sigs.k8s.io/kustomize v2.0.3+incompatible h1:JUufWFNlI44MdtnjUqVnvh29rR37PQFzPbLXqhyOyX0=
 sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI=
 sigs.k8s.io/yaml v1.1.0 h1:4A07+ZFc2wgJwo8YNlQpr1rVlgUDlxXHhPJciaPY5gs=
 sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
--- a/pkg/ifc/ifc.go
+++ b/pkg/ifc/ifc.go
@@ -57,6 +57,7 @@ type Kunstructured interface {
 	GetKind() string
 	GetName() string
 	SetName(string)
+	SetNamespace(string)
 	GetLabels() map[string]string
 	SetLabels(map[string]string)
 	GetAnnotations() map[string]string
--- a/pkg/resource/resource.go
+++ b/pkg/resource/resource.go
@@ -42,6 +42,7 @@ func (r *Resource) Replace(other *Resource) {
 	r.SetAnnotations(
 		mergeStringMaps(other.GetAnnotations(), r.GetAnnotations()))
 	r.SetName(other.GetName())
+	r.SetNamespace(other.GetNamespace())
 	r.copyOtherFields(other)
 }

--- a/pkg/target/namespacedgenerators_test.go
+++ b/pkg/target/namespacedgenerators_test.go
@@ -87,3 +87,43 @@ metadata:
 type: Opaque
 `)
 }
+
+func TestNamespacedGeneratorWithOverlays(t *testing.T) {
+	th := kusttest_test.NewKustTestHarness(t, "/app/overlay")
+	th.WriteK("/app/base", `
+namespace: base
+
+configMapGenerator:
+- name: testCase
+  literals:
+    - base=true
+`)
+	th.WriteK("/app/overlay", `
+resources:
+  - ../base
+
+namespace: overlay
+
+configMapGenerator:
+  - name: testCase
+    behavior: merge
+    literals:
+      - overlay=true
+`)
+	m, err := th.MakeKustTarget().MakeCustomizedResMap()
+	if err != nil {
+		t.Fatalf("Err: %v", err)
+	}
+	th.AssertActualEqualsExpected(m, `
+apiVersion: v1
+data:
+  base: "true"
+  overlay: "true"
+kind: ConfigMap
+metadata:
+  annotations: {}
+  labels: {}
+  name: testCase-4g75kbk6gm
+  namespace: overlay
+`)
+}
--- a/plugin/builtin/NamespaceTransformer.go
+++ b/plugin/builtin/NamespaceTransformer.go
@@ -52,6 +52,7 @@ func (p *NamespaceTransformerPlugin) Transform(m resmap.ResMap) error {
 		}
 	}
 	p.updateClusterRoleBinding(m)
+	p.updateServiceReference(m)
 	return nil
 }

@@ -125,3 +126,40 @@ func (p *NamespaceTransformerPlugin) updateClusterRoleBinding(m resmap.ResMap) {
 		objMap["subjects"] = subjects
 	}
 }
+
+func (p *NamespaceTransformerPlugin) updateServiceReference(m resmap.ResMap) {
+	svc := gvk.Gvk{Version: "v1", Kind: "Service"}
+	svcMap := map[string]bool{}
+	for _, id := range m.AllIds() {
+		if id.Gvk.Equals(svc) {
+			svcMap[id.Name] = true
+		}
+	}
+
+	for _, res := range m.Resources() {
+		if res.OrgId().Kind != "ValidatingWebhookConfiguration" &&
+			res.OrgId().Kind != "MutatingWebhookConfiguration" {
+			continue
+		}
+		objMap := res.Map()
+		webhooks, ok := objMap["webhooks"].([]interface{})
+		if webhooks == nil || !ok {
+			continue
+		}
+		for i := range webhooks {
+			webhook := webhooks[i].(map[string]interface{})
+			transformers.MutateField(
+				webhook, []string{"clientConfig", "service"},
+				false, func(obj interface{}) (interface{}, error) {
+					svc := obj.(map[string]interface{})
+					svcName, foundN := svc["name"]
+					if foundN && svcMap[svcName.(string)] {
+						svc["namespace"] = p.Namespace
+					}
+					return svc, nil
+				})
+			webhooks[i] = webhook
+		}
+		objMap["webhooks"] = webhooks
+	}
+}
--- a/plugin/builtin/namespacetransformer/NamespaceTransformer.go
+++ b/plugin/builtin/namespacetransformer/NamespaceTransformer.go
@@ -53,6 +53,7 @@ func (p *plugin) Transform(m resmap.ResMap) error {
 		}
 	}
 	p.updateClusterRoleBinding(m)
+	p.updateServiceReference(m)
 	return nil
 }

@@ -126,3 +127,40 @@ func (p *plugin) updateClusterRoleBinding(m resmap.ResMap) {
 		objMap["subjects"] = subjects
 	}
 }
+
+func (p *plugin) updateServiceReference(m resmap.ResMap) {
+	svc := gvk.Gvk{Version: "v1", Kind: "Service"}
+	svcMap := map[string]bool{}
+	for _, id := range m.AllIds() {
+		if id.Gvk.Equals(svc) {
+			svcMap[id.Name] = true
+		}
+	}
+
+	for _, res := range m.Resources() {
+		if res.OrgId().Kind != "ValidatingWebhookConfiguration" &&
+			res.OrgId().Kind != "MutatingWebhookConfiguration" {
+			continue
+		}
+		objMap := res.Map()
+		webhooks, ok := objMap["webhooks"].([]interface{})
+		if webhooks == nil || !ok {
+			continue
+		}
+		for i := range webhooks {
+			webhook := webhooks[i].(map[string]interface{})
+			transformers.MutateField(
+				webhook, []string{"clientConfig", "service"},
+				false, func(obj interface{}) (interface{}, error) {
+					svc := obj.(map[string]interface{})
+					svcName, foundN := svc["name"]
+					if foundN && svcMap[svcName.(string)] {
+						svc["namespace"] = p.Namespace
+					}
+					return svc, nil
+				})
+			webhooks[i] = webhook
+		}
+		objMap["webhooks"] = webhooks
+	}
+}
--- a/plugin/builtin/namespacetransformer/NamespaceTransformer_test.go
+++ b/plugin/builtin/namespacetransformer/NamespaceTransformer_test.go
@@ -41,6 +41,11 @@ metadata:
  namespace: foo
 ---
 apiVersion: v1
+kind: Service
+metadata:
+  name: svc1
+---
+apiVersion: v1
 kind: Namespace
 metadata:
  name: ns1
@@ -72,6 +77,22 @@ subjects:
  name: another
  namespace: random
 ---
+apiVersion: admissionregistration.k8s.io/v1beta1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: example
+webhooks:
+  - name: example1
+    clientConfig:
+      service:
+        name: svc1
+        namespace: system
+  - name: example2
+    clientConfig:
+      service:
+        name: svc2
+        namespace: system
+---
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
@@ -92,6 +113,12 @@ metadata:
  namespace: test
 ---
 apiVersion: v1
+kind: Service
+metadata:
+  name: svc1
+  namespace: test
+---
+apiVersion: v1
 kind: Namespace
 metadata:
  name: ns1
@@ -123,6 +150,22 @@ subjects:
  name: another
  namespace: random
 ---
+apiVersion: admissionregistration.k8s.io/v1beta1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: example
+webhooks:
+- clientConfig:
+    service:
+      name: svc1
+      namespace: test
+  name: example1
+- clientConfig:
+    service:
+      name: svc2
+      namespace: system
+  name: example2
+---
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
--- a/releasing/README.md
+++ b/releasing/README.md
@@ -75,14 +75,14 @@ git tag -a $version -m "Release $version"
 ```

 ### trigger the cloud build
-
-Pushing the tag will trigger a job in [Google Cloud
-Build] to put a new release on the [releases page].
-
+Push the tag:
 ```
 git push upstream $version
 ```

+This triggers a job in [Google Cloud Build] to
+put a new release on the [release page].
+
 ###  Update release notes

 Visit the [release page] and edit the release notes as desired.
Author	SHA1	Message	Date
Kubernetes Prow Robot	9bff2e8883	Merge pull request #1330 from qiujian16/generate-ns-transformer Generate updated ns transformer	2019-07-10 08:22:28 -07:00
Jian Qiu	483188ba89	Generate updated ns transformer	2019-07-10 11:07:31 +08:00
Kubernetes Prow Robot	672bda0c9c	Merge pull request #1328 from Liujingfang1/cmgenerator fix the regression on merging configmap with different namespace	2019-07-09 14:22:24 -07:00
jingfangliu	49b32473ca	fix the regression on merging configmap with different namespace	2019-07-09 13:39:19 -07:00
Kubernetes Prow Robot	08400d77a6	Merge pull request #1321 from qiujian16/webhook-ns-transform Enable ns transformer for webhook	2019-07-09 10:08:03 -07:00
Jian Qiu	c912baeb3a	Enable ns transformer for webhook Add namespace transformer for ValidatingWebhookConfiguration and MutatingWebhookConfiguration	2019-07-09 13:32:33 +08:00
Kubernetes Prow Robot	433733eb0e	Merge pull request #1309 from richardmarshall/go_plugin_guide Fix typo in the go plugin guide	2019-07-08 09:18:35 -07:00
Richard Marshall	f996ac82c7	Fix typo in the go plugin guide	2019-07-03 20:48:07 -07:00
Jeff Regan	efcb7cc5a5	Update README.md	2019-07-03 12:43:17 -07:00
Jeff Regan	bf7b57537b	Merge pull request #1306 from monopole/updateV3Notes Update v3 notes	2019-07-03 12:40:53 -07:00
Jeffrey Regan	6b597f8711	Update v3 notes	2019-07-03 12:40:30 -07:00
Jeff Regan	088739900f	Merge pull request #1305 from monopole/tweakDocs Update goPluginGuidedExample.md	2019-07-03 12:25:21 -07:00
Jeff Regan	3bf13f83d3	Update goPluginGuidedExample.md	2019-07-03 12:24:23 -07:00
Jeff Regan	c64a72f1f9	Update goPluginGuidedExample.md	2019-07-03 11:34:16 -07:00
Jeff Regan	8b60b456ac	Update README.md	2019-07-03 11:22:27 -07:00