Update Kustomize depricated syntax

Signed-off-by: Peppi-Lotta <peppi-lotta.saari@est.tech>

config/certmanager/certificate.yaml

@@ -14,11 +14,11 @@ metadata:
   name: serving-cert  # this name should match the one appeared in kustomizeconfig.yaml
   namespace: system
 spec:
-  # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize
+  # SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize
   dnsNames:
-  - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc
-  - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local
+  - SERVICE_NAME.SERVICE_NAMESPACE.svc
+  - SERVICE_NAME.SERVICE_NAMESPACE.svc.cluster.local
   issuerRef:
     kind: Issuer
     name: selfsigned-issuer
-  secretName: $(SERVICE_NAME)-cert # this secret will not be prefixed, since it's not managed by kustomize
+  secretName: capm3-webhook-service-cert # this secret will not be prefixed, since it's not managed by kustomize

config/crd/kustomization.yaml

@@ -4,8 +4,10 @@ kind: Kustomization
 # since it depends on service name and namespace that are out of this kustomize package.
 # It should be run by config/default
 
-commonLabels:
-  cluster.x-k8s.io/v1beta1: v1beta1
+labels:
+- includeSelectors: true
+  pairs:
+    cluster.x-k8s.io/v1beta1: v1beta1
 
 resources:
 - bases/infrastructure.cluster.x-k8s.io_metal3clusters.yaml
@@ -18,34 +20,34 @@ resources:
 - bases/infrastructure.cluster.x-k8s.io_metal3remediationtemplates.yaml
 # +kubebuilder:scaffold:crdkustomizeresource
 
-patchesStrategicMerge:
+patches:
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
 # patches here are for enabling the conversion webhook for each CRD
-- patches/webhook_in_metal3machines.yaml
-- patches/webhook_in_metal3clusters.yaml
-- patches/webhook_in_metal3machinetemplates.yaml
-- patches/webhook_in_metal3datatemplates.yaml
-- patches/webhook_in_metal3datas.yaml
-- patches/webhook_in_metal3dataclaims.yaml
-- patches/webhook_in_metal3remediations.yaml
-- patches/webhook_in_metal3remediationtemplates.yaml
+- path: patches/webhook_in_metal3machines.yaml
+- path: patches/webhook_in_metal3clusters.yaml
+- path: patches/webhook_in_metal3machinetemplates.yaml
+- path: patches/webhook_in_metal3datatemplates.yaml
+- path: patches/webhook_in_metal3datas.yaml
+- path: patches/webhook_in_metal3dataclaims.yaml
+- path: patches/webhook_in_metal3remediations.yaml
+- path: patches/webhook_in_metal3remediationtemplates.yaml
 # +kubebuilder:scaffold:crdkustomizewebhookpatch
 
 # [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix.
 # patches here are for enabling the CA injection for each CRD
-- patches/cainjection_in_metal3machines.yaml
-- patches/cainjection_in_metal3clusters.yaml
-- patches/cainjection_in_metal3machinetemplates.yaml
-- patches/cainjection_in_metal3datatemplates.yaml
-- patches/cainjection_in_metal3datas.yaml
-- patches/cainjection_in_metal3dataclaims.yaml
-- patches/cainjection_in_metal3remediations.yaml
-- patches/cainjection_in_metal3remediationtemplates.yaml
+- path: patches/cainjection_in_metal3machines.yaml
+- path: patches/cainjection_in_metal3clusters.yaml
+- path: patches/cainjection_in_metal3machinetemplates.yaml
+- path: patches/cainjection_in_metal3datatemplates.yaml
+- path: patches/cainjection_in_metal3datas.yaml
+- path: patches/cainjection_in_metal3dataclaims.yaml
+- path: patches/cainjection_in_metal3remediations.yaml
+- path: patches/cainjection_in_metal3remediationtemplates.yaml
 # +kubebuilder:scaffold:crdkustomizecainjectionpatch
 
 # [ANNOTATION] To add CRD name check skip, uncomment the section with [ANNOTATION] prefix.
 # patch here is for adding an annotation for specific CRD (Metal3Data)
-- patches/skipcrdnamecheck_in_metal3datas.yaml
+- path: patches/skipcrdnamecheck_in_metal3datas.yaml
 
 # the following config is for teaching kustomize how to do kustomization for CRDs.
 configurations:

config/crd/patches/cainjection_in_metal3clusters.yaml

@@ -4,5 +4,5 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+    cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME
   name: metal3clusters.infrastructure.cluster.x-k8s.io

config/crd/patches/cainjection_in_metal3dataclaims.yaml

@@ -4,5 +4,5 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+    cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME
   name: metal3dataclaims.infrastructure.cluster.x-k8s.io

config/crd/patches/cainjection_in_metal3datas.yaml

@@ -4,5 +4,5 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+    cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE)/CERTIFICATE_NAME
   name: metal3datas.infrastructure.cluster.x-k8s.io

config/crd/patches/cainjection_in_metal3datatemplates.yaml

@@ -4,5 +4,5 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+    cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME
   name: metal3datatemplates.infrastructure.cluster.x-k8s.io

config/crd/patches/cainjection_in_metal3machines.yaml

@@ -4,5 +4,5 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+    cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE)/CERTIFICATE_NAME
   name: metal3machines.infrastructure.cluster.x-k8s.io

config/crd/patches/cainjection_in_metal3machinetemplates.yaml

@@ -4,5 +4,5 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+    cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME
   name: metal3machinetemplates.infrastructure.cluster.x-k8s.io

config/crd/patches/cainjection_in_metal3remediations.yaml

@@ -4,5 +4,5 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+    cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME
   name: metal3remediations.infrastructure.cluster.x-k8s.io

config/crd/patches/cainjection_in_metal3remediationtemplates.yaml

@@ -4,5 +4,5 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+    cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME
   name: metal3remediationtemplates.infrastructure.cluster.x-k8s.io

config/default/capm3/kustomization.yaml

@@ -3,48 +3,120 @@ namespace: capm3-system
 namePrefix: capm3-
 
 resources:
-  - namespace.yaml
+- namespace.yaml
+- ../../crd
+- ../../rbac
+- ../../manager
+- ../../webhook
+- ../../certmanager
 
-bases:
-  - ../../crd
-  - ../../rbac
-  - ../../manager
-  - ../../webhook
-  - ../../certmanager
+patches:
+- path: manager_image_patch.yaml
+- path: manager_pull_policy_patch.yaml
+- path: manager_webhook_patch.yaml
+- path: webhookcainjection_patch.yaml
 
-patchesStrategicMerge:
-  - manager_image_patch.yaml
-  - manager_pull_policy_patch.yaml
-  - manager_webhook_patch.yaml
-  - webhookcainjection_patch.yaml
-
-vars:
-- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
-  objref:
-    kind: Certificate
+replacements:
+- source:
+    fieldPath: .metadata.namespace
     group: cert-manager.io
-    version: v1
-    name: serving-cert # this name should match the one in certificate.yaml
-  fieldref:
-    fieldpath: metadata.namespace
-- name: CERTIFICATE_NAME
-  objref:
     kind: Certificate
+    name: serving-cert
+    version: v1
+  targets:
+  - fieldPaths:
+    - .metadata.annotations.[cert-manager.io/inject-ca-from]
+    options:
+      create: true
+      delimiter: /
+    select:
+      kind: ValidatingWebhookConfiguration
+  - fieldPaths:
+    - .metadata.annotations.[cert-manager.io/inject-ca-from]
+    options:
+      create: true
+      delimiter: /
+    select:
+      kind: MutatingWebhookConfiguration
+  - fieldPaths:
+    - .metadata.annotations.[cert-manager.io/inject-ca-from]
+    options:
+      create: true
+      delimiter: /
+    select:
+      kind: CustomResourceDefinition
+    reject:
+    - name: ipaddressclaims.ipam.cluster.x-k8s.io
+    - name: ipaddresses.ipam.cluster.x-k8s.io
+    - name: extensionconfigs.runtime.cluster.x-k8s.io
+- source:
+    fieldPath: .metadata.name
     group: cert-manager.io
+    kind: Certificate
+    name: serving-cert
     version: v1
-    name: serving-cert # this name should match the one in certificate.yaml
-- name: SERVICE_NAMESPACE # namespace of the service
-  objref:
+  targets:
+  - fieldPaths:
+    - .metadata.annotations.[cert-manager.io/inject-ca-from]
+    options:
+      create: true
+      delimiter: /
+      index: 1
+    select:
+      kind: ValidatingWebhookConfiguration
+  - fieldPaths:
+    - .metadata.annotations.[cert-manager.io/inject-ca-from]
+    options:
+      create: true
+      delimiter: /
+      index: 1
+    select:
+      kind: MutatingWebhookConfiguration
+  - fieldPaths:
+    - .metadata.annotations.[cert-manager.io/inject-ca-from]
+    options:
+      create: true
+      delimiter: /
+      index: 1
+    select:
+      kind: CustomResourceDefinition
+    reject:
+    - name: ipaddressclaims.ipam.cluster.x-k8s.io
+    - name: ipaddresses.ipam.cluster.x-k8s.io
+    - name: extensionconfigs.runtime.cluster.x-k8s.io
+- source:
+    fieldPath: .metadata.name
     kind: Service
-    version: v1
     name: webhook-service
-  fieldref:
-    fieldpath: metadata.namespace
-- name: SERVICE_NAME
-  objref:
-    kind: Service
     version: v1
+  targets:
+  - fieldPaths:
+    - .spec.dnsNames.0
+    - .spec.dnsNames.1
+    options:
+      create: true
+      delimiter: .
+    select:
+      group: cert-manager.io
+      kind: Certificate
+      version: v1
+- source:
+    fieldPath: .metadata.namespace
+    kind: Service
     name: webhook-service
+    version: v1
+  targets:
+  - fieldPaths:
+    - .spec.dnsNames.0
+    - .spec.dnsNames.1
+    options:
+      create: true
+      delimiter: .
+      index: 1
+    select:
+      group: cert-manager.io
+      kind: Certificate
+      version: v1
 
 configurations:
-  - kustomizeconfig.yaml
+- kustomizeconfig.yaml

config/default/capm3/manager_webhook_patch.yaml

@@ -20,4 +20,4 @@ spec:
       - name: cert
         secret:
           defaultMode: 420
-          secretName: $(SERVICE_NAME)-cert
+          secretName: capm3-webhook-service-cert

config/default/capm3/webhookcainjection_patch.yaml

@@ -1,15 +1,15 @@
 # This patch add annotation to admission webhook config and
-# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize.
+# the variables CERTIFICATE_NAMESPACE and CERTIFICATE_NAME will be substituted by kustomize.
 apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
 metadata:
   name: mutating-webhook-configuration
   annotations:
-    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+    cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME
 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
   name: validating-webhook-configuration
   annotations:
-    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+    cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME

config/default/kustomization.yaml

@@ -1,7 +1,8 @@
-
-commonLabels:
-  cluster.x-k8s.io/provider: "infrastructure-metal3"
+labels:
+- includeSelectors: true
+  pairs:
+    cluster.x-k8s.io/provider: infrastructure-metal3
 
 resources:
 - capm3
-- ../ipam
+- ../ipam

config/ipam/kustomization.yaml

@@ -5,6 +5,6 @@ kind: Kustomization
 resources:
 - https://github.com/metal3-io/ip-address-manager/releases/download/v1.7.0-beta.0/ipam-components.yaml
 
-patchesStrategicMerge:
-    - image_patch.yaml
-    - pull_policy_patch.yaml
+patches:
+- path: image_patch.yaml
+- path: pull_policy_patch.yaml

config/manager/kustomization.yaml

@@ -2,12 +2,12 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
 resources:
-  - manager.yaml
+- manager.yaml
 
 configMapGenerator:
-- name: capm3fasttrack-configmap
-  literals:
+- literals:
   - CAPM3_FAST_TRACK=${CAPM3_FAST_TRACK:='false'}
+  name: capm3fasttrack-configmap
 
 generatorOptions:
- disableNameSuffixHash: true
+  disableNameSuffixHash: true

config/webhook/kustomization.yaml

@@ -1,6 +1,6 @@
 resources:
-  - manifests.yaml
-  - service.yaml
+- manifests.yaml
+- service.yaml
 
 configurations:
-  - kustomizeconfig.yaml
+- kustomizeconfig.yaml

examples/provider-components/kustomization.yaml

@@ -5,6 +5,6 @@ resources:
 - bootstrap-components.yaml
 - ctlplane-components.yaml
 - infrastructure-components.yaml
-patchesStrategicMerge:
-- manager_tolerations_patch.yaml
-- image_versions_patch.yaml
+patches:
+- path: manager_tolerations_patch.yaml
+- path: image_versions_patch.yaml

test/e2e/data/infrastructure-metal3/bases/centos-kubeadm-config/kustomization.yaml

@@ -1,4 +1,4 @@
 resources:
 - ../cluster
-patchesStrategicMerge:
-  - centos-kubeadm-config.yaml
+patches:
+- path: centos-kubeadm-config.yaml

test/e2e/data/infrastructure-metal3/bases/ubuntu-kubeadm-config/kustomization.yaml

@@ -1,5 +1,5 @@
 
 resources:
 - ../cluster
-patchesStrategicMerge:
-  - ubuntu-kubeadm-config.yaml
+patches:
+- path: ubuntu-kubeadm-config.yaml