refactor: Drop config/ folder, save templates to charts, and move to examples/#1705
Open
viccuad wants to merge 7 commits intokubewarden:mainfrom
Open
refactor: Drop config/ folder, save templates to charts, and move to examples/#1705viccuad wants to merge 7 commits intokubewarden:mainfrom
config/ folder, save templates to charts, and move to examples/#1705viccuad wants to merge 7 commits intokubewarden:mainfrom
Conversation
The controller testsuite needs a folder that contains *only* yaml or json files. The previous templates/ folder contained the NOTES.txt, so it would fail. Move CRD yaml files into a specific folder, so they can be mass imported. Signed-off-by: Víctor Cuadrado Juan <vcuadradojuan@suse.de>
Signed-off-by: Víctor Cuadrado Juan <vcuadradojuan@suse.de>
Generate webhook manifest directly into `charts/kubewarden-controller/templates/webhooks.yaml` instead of `config/webhook/manifest.yml`, overwriting it. The manifest in the Helm chart is templated, and with the overwrite we lose that templating. Hence, Add a Helm unit test, webhooks_coverage_test.yaml, that checks for the validity of the manifest. Developers are expected to merge by hand (or disregard) the changes performed to `charts/kubewarden-controller/templates/webhooks.yaml` when calling `make generate` or `make manifest`. We expect this file to seldomly change anyways. Signed-off-by: Víctor Cuadrado Juan <vcuadradojuan@suse.de>
Signed-off-by: Víctor Cuadrado Juan <vcuadradojuan@suse.de>
Nothing makes use of it. Signed-off-by: Víctor Cuadrado Juan <vcuadradojuan@suse.de>
Signed-off-by: Víctor Cuadrado Juan <vcuadradojuan@suse.de>
Signed-off-by: Víctor Cuadrado Juan <vcuadradojuan@suse.de>
github-project-automation
Bot
moved this to Pending review
in Kubewarden Admission Controller
viccuad
changed the title
config/ folder, save templates to charts, and move to examples/
github-project-automation
Bot
moved this to Pending review
in Kubewarden Admission Controller
Contributor
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Refactors the project layout to drop most of the legacy config/ kustomize scaffolding, and makes Helm charts the single source of truth for generated CRDs/webhook manifests while adding example policy group manifests.
Changes:
- Point controller envtest to CRDs emitted into the
kubewarden-crdsHelm chart. - Generate CRDs/webhooks into Helm chart template locations and add Helm-unittest coverage for
webhooks.yaml. - Remove kustomize-based manifests under
config/and add newexamples/manifests.
Reviewed changes
Copilot reviewed 52 out of 64 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| internal/controller/suite_test.go | Load envtest CRDs from the Helm chart generated CRD templates path. |
| examples/policies_v1_clusteradmissionpolicygroup.yaml | Add ClusterAdmissionPolicyGroup example manifest. |
| examples/policies_v1_admissionpolicygroup.yaml | Add AdmissionPolicyGroup example manifest. |
| config/webhook/service.yaml | Remove kustomize webhook Service manifest. |
| config/webhook/manifests.yaml | Remove kustomize webhook configuration manifests. |
| config/webhook/kustomizeconfig.yaml | Remove kustomize name/namespace reference config for webhooks. |
| config/webhook/kustomization.yaml | Remove webhook kustomization entrypoint. |
| config/samples/policies_v1_admissionpolicy.yaml | Change sample policy namespace to default. |
| config/rbac/service_account.yaml | Remove kustomize RBAC scaffold (service account). |
| config/rbac/role_binding.yaml | Remove kustomize RBAC scaffold (cluster role binding). |
| config/rbac/role.yaml | Remove kustomize RBAC scaffold (roles). |
| config/rbac/policyserver_viewer_role.yaml | Remove kustomize RBAC scaffold (viewer role). |
| config/rbac/policyserver_editor_role.yaml | Remove kustomize RBAC scaffold (editor role). |
| config/rbac/leader_election_role_binding.yaml | Remove leader-election role binding scaffold. |
| config/rbac/leader_election_role.yaml | Remove leader-election role scaffold. |
| config/rbac/kustomization.yaml | Remove RBAC kustomization entrypoint. |
| config/rbac/clusteradmissionpolicy_viewer_role.yaml | Remove cluster admission policy viewer role scaffold. |
| config/rbac/clusteradmissionpolicy_editor_role.yaml | Remove cluster admission policy editor role scaffold. |
| config/rbac/auth_proxy_service.yaml | Remove kube-rbac-proxy service scaffold. |
| config/rbac/auth_proxy_role_binding.yaml | Remove kube-rbac-proxy role binding scaffold. |
| config/rbac/auth_proxy_role.yaml | Remove kube-rbac-proxy role scaffold. |
| config/rbac/auth_proxy_client_clusterrole.yaml | Remove metrics-reader cluster role scaffold. |
| config/rbac/admissionpolicy_viewer_role.yaml | Remove admission policy viewer role scaffold. |
| config/rbac/admissionpolicy_editor_role.yaml | Remove admission policy editor role scaffold. |
| config/prometheus/monitor.yaml | Remove ServiceMonitor scaffold. |
| config/prometheus/kustomization.yaml | Remove prometheus kustomization entrypoint. |
| config/manager/manager.yaml | Remove manager deployment scaffold. |
| config/manager/kustomization.yaml | Remove manager kustomization entrypoint. |
| config/manager/controller_manager_config.yaml | Remove controller-runtime component config scaffold. |
| config/default/webhookcainjection_patch.yaml | Remove webhook CA injection patch scaffold. |
| config/default/manager_webhook_patch.yaml | Remove manager webhook patch scaffold. |
| config/default/manager_config_patch.yaml | Remove manager config patch scaffold. |
| config/default/manager_auth_proxy_patch.yaml | Remove auth-proxy sidecar patch scaffold. |
| config/default/kustomization.yaml | Remove default aggregate kustomization scaffold. |
| config/crd/patches/webhook_in_policyservers.yaml | Remove CRD conversion webhook patch scaffold. |
| config/crd/patches/webhook_in_clusteradmissionpolicies.yaml | Remove CRD conversion webhook patch scaffold. |
| config/crd/patches/webhook_in_admissionpolicies.yaml | Remove CRD conversion webhook patch scaffold. |
| config/crd/patches/cainjection_in_policyservers.yaml | Remove CRD CA injection patch scaffold. |
| config/crd/patches/cainjection_in_clusteradmissionpolicies.yaml | Remove CRD CA injection patch scaffold. |
| config/crd/patches/cainjection_in_admissionpolicies.yaml | Remove CRD CA injection patch scaffold. |
| config/crd/kustomizeconfig.yaml | Remove CRD kustomize substitution config. |
| config/crd/kustomization.yaml | Remove CRD kustomization entrypoint. |
| config/crd/bases/policies.kubewarden.io_policyservers.yaml | Remove generated CRD YAML from config/ (moved to charts as source of truth). |
| config/crd/bases/policies.kubewarden.io_clusteradmissionpolicygroups.yaml | Remove generated CRD YAML from config/ (moved to charts as source of truth). |
| config/crd/bases/policies.kubewarden.io_clusteradmissionpolicies.yaml | Remove generated CRD YAML from config/ (moved to charts as source of truth). |
| config/crd/bases/policies.kubewarden.io_admissionpolicygroups.yaml | Remove generated CRD YAML from config/ (moved to charts as source of truth). |
| config/crd/bases/policies.kubewarden.io_admissionpolicies.yaml | Remove generated CRD YAML from config/ (moved to charts as source of truth). |
| config/certmanager/kustomizeconfig.yaml | Remove cert-manager kustomize substitution config. |
| config/certmanager/kustomization.yaml | Remove cert-manager kustomization entrypoint. |
| config/certmanager/certificate.yaml | Remove cert-manager self-signed issuer/cert scaffold. |
| charts/kubewarden-crds/tests/crds_test.yaml | Update Helm-unittest references to CRDs now under templates/crds/. |
| charts/kubewarden-controller/tests/webhooks_coverage_test.yaml | Add Helm-unittest suite to validate/guard webhooks.yaml rendering. |
| Makefile | Emit CRDs into templates/crds, emit webhook artifacts, and rename generated webhook manifest to webhooks.yaml. |
Comments suppressed due to low confidence (3)
internal/controller/suite_test.go:1
- Loading envtest CRDs directly from a Helm chart
templates/path tightly couples controller tests to the chart layout and also risks parse failures if Helm templating is introduced in that directory (envtest expects plain YAML CRDs). Consider pointing envtest at a non-templated CRD output location (for example a dedicated raw CRD directory committed for tests, or acharts/.../crds-style directory containing only plain YAML) so tests remain stable even if Helm templating is later added undertemplates/.
examples/policies_v1_admissionpolicygroup.yaml:1 - The example mixes module references with and without the
registry://scheme. Even if the scheme is optional at runtime, examples are typically clearer/less ambiguous when they use a consistent, explicit scheme. Consider updatingverify-image-signaturesto useregistry://...as well (or consistently omit it everywhere if that’s the preferred convention).
examples/policies_v1_admissionpolicygroup.yaml:1 - The example mixes module references with and without the
registry://scheme. Even if the scheme is optional at runtime, examples are typically clearer/less ambiguous when they use a consistent, explicit scheme. Consider updatingverify-image-signaturesto useregistry://...as well (or consistently omit it everywhere if that’s the preferred convention).
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| output:crd:artifacts:config=charts/kubewarden-crds/templates/crds \ | ||
| output:rbac:artifacts:config=charts/kubewarden-controller/templates \ | ||
| output:webhook:artifacts:config=charts/kubewarden-controller/templates | ||
| mv charts/kubewarden-controller/templates/manifests.yaml charts/kubewarden-controller/templates/webhooks.yaml |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Fix #1704
Recommend review per commit.
charts/kubewarden-controller/templates/webhooks.yamlinstead ofconfig/webhook/manifest.yml, overwriting it. Given that we overwrite the Helm templated file, added a helm unittest to ensure that we never merge a brokenwebhooks.yamlmanifest.config/samples/toexamples/and add 2 more.Test
Tested locally with CI. Add a Helm unittest.
Additional Information
Tradeoff
Potential improvement
Checklist