Clean up resource labels, names, and namespaces

Makefile

@@ -54,8 +54,8 @@ help: ## Display this help.
 
 .PHONY: manifests
 manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
-	cd bootstrap && $(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=./config/crd/bases
-	cd controlplane && $(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=./config/crd/bases
+	cd bootstrap && $(CONTROLLER_GEN) rbac:roleName=capoa-bootstrap-manager-role crd webhook paths="./..." output:crd:artifacts:config=./config/crd/bases
+	cd controlplane && $(CONTROLLER_GEN) rbac:roleName=capoa-controlplane-manager-role crd webhook paths="./..." output:crd:artifacts:config=./config/crd/bases
 
 .PHONY: generate
 generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.

bootstrap-components.yaml

@@ -1,15 +1,7 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  labels:
-    app.kubernetes.io/component: manager
-    app.kubernetes.io/created-by: cluster-api-agent
-    app.kubernetes.io/instance: system
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: namespace
-    app.kubernetes.io/part-of: cluster-api-agent
-    control-plane: controller-manager
-  name: capi-agent-bootstrap-system
+  name: capoa-system
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
@@ -590,24 +582,14 @@ spec:
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  labels:
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: cluster-api-agent
-  name: capi-agent-bootstrapcontroller-manager
-  namespace: capi-agent-bootstrap-system
+  name: capoa-bootstrap-controller-manager
+  namespace: capoa-system
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  labels:
-    app.kubernetes.io/component: rbac
-    app.kubernetes.io/created-by: cluster-api-agent
-    app.kubernetes.io/instance: leader-election-role
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: role
-    app.kubernetes.io/part-of: cluster-api-agent
-  name: capi-agent-bootstrapleader-election-role
-  namespace: capi-agent-bootstrap-system
+  name: capoa-bootstrap-leader-election-role
+  namespace: capoa-system
 rules:
 - apiGroups:
   - ""
@@ -644,7 +626,7 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: capi-agent-bootstrapmanager-role
+  name: capoa-bootstrap-manager-role
 rules:
 - apiGroups:
   - ""
@@ -745,14 +727,7 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  labels:
-    app.kubernetes.io/component: kube-rbac-proxy
-    app.kubernetes.io/created-by: cluster-api-agent
-    app.kubernetes.io/instance: metrics-reader
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: clusterrole
-    app.kubernetes.io/part-of: cluster-api-agent
-  name: capi-agent-bootstrapmetrics-reader
+  name: capoa-bootstrap-metrics-reader
 rules:
 - nonResourceURLs:
   - /metrics
@@ -762,14 +737,7 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  labels:
-    app.kubernetes.io/component: kube-rbac-proxy
-    app.kubernetes.io/created-by: cluster-api-agent
-    app.kubernetes.io/instance: proxy-role
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: clusterrole
-    app.kubernetes.io/part-of: cluster-api-agent
-  name: capi-agent-bootstrapproxy-role
+  name: capoa-bootstrap-proxy-role
 rules:
 - apiGroups:
   - authentication.k8s.io
@@ -787,110 +755,71 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  labels:
-    app.kubernetes.io/component: rbac
-    app.kubernetes.io/created-by: cluster-api-agent
-    app.kubernetes.io/instance: leader-election-rolebinding
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: rolebinding
-    app.kubernetes.io/part-of: cluster-api-agent
-  name: capi-agent-bootstrapleader-election-rolebinding
-  namespace: capi-agent-bootstrap-system
+  name: capoa-bootstrap-leader-election-rolebinding
+  namespace: capoa-system
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: capi-agent-bootstrapleader-election-role
+  name: capoa-bootstrap-leader-election-role
 subjects:
 - kind: ServiceAccount
-  name: capi-agent-bootstrapcontroller-manager
-  namespace: capi-agent-bootstrap-system
+  name: capoa-bootstrap-controller-manager
+  namespace: capoa-system
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  labels:
-    app.kubernetes.io/component: rbac
-    app.kubernetes.io/created-by: cluster-api-agent
-    app.kubernetes.io/instance: manager-rolebinding
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: clusterrolebinding
-    app.kubernetes.io/part-of: cluster-api-agent
-  name: capi-agent-bootstrapmanager-rolebinding
+  name: capoa-bootstrap-manager-rolebinding
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: capi-agent-bootstrapmanager-role
+  name: capoa-bootstrap-manager-role
 subjects:
 - kind: ServiceAccount
-  name: capi-agent-bootstrapcontroller-manager
-  namespace: capi-agent-bootstrap-system
+  name: capoa-bootstrap-controller-manager
+  namespace: capoa-system
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  labels:
-    app.kubernetes.io/component: kube-rbac-proxy
-    app.kubernetes.io/created-by: cluster-api-agent
-    app.kubernetes.io/instance: proxy-rolebinding
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: clusterrolebinding
-    app.kubernetes.io/part-of: cluster-api-agent
-  name: capi-agent-bootstrapproxy-rolebinding
+  name: capoa-bootstrap-proxy-rolebinding
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: capi-agent-bootstrapproxy-role
+  name: capoa-bootstrap-proxy-role
 subjects:
 - kind: ServiceAccount
-  name: capi-agent-bootstrapcontroller-manager
-  namespace: capi-agent-bootstrap-system
+  name: capoa-bootstrap-controller-manager
+  namespace: capoa-system
 ---
 apiVersion: v1
 kind: Service
 metadata:
-  labels:
-    app.kubernetes.io/component: kube-rbac-proxy
-    app.kubernetes.io/created-by: cluster-api-agent
-    app.kubernetes.io/instance: controller-manager-metrics-service
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: service
-    app.kubernetes.io/part-of: cluster-api-agent
-    control-plane: controller-manager
-  name: capi-agent-bootstrapcontroller-manager-metrics-service
-  namespace: capi-agent-bootstrap-system
+  name: capoa-bootstrap-controller-manager-metrics-service
+  namespace: capoa-system
 spec:
   ports:
   - name: https
     port: 8443
     protocol: TCP
     targetPort: https
   selector:
-    control-plane: controller-manager
+    control-plane: capoa-bootstrap-controller-manager
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  labels:
-    app.kubernetes.io/component: manager
-    app.kubernetes.io/created-by: cluster-api-agent
-    app.kubernetes.io/instance: controller-manager
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: deployment
-    app.kubernetes.io/part-of: cluster-api-agent
-    control-plane: controller-manager
-  name: capi-agent-bootstrapcontroller-manager
-  namespace: capi-agent-bootstrap-system
+  name: capoa-bootstrap-controller-manager
+  namespace: capoa-system
 spec:
   replicas: 1
   selector:
     matchLabels:
-      control-plane: controller-manager
+      control-plane: capoa-bootstrap-controller-manager
   template:
     metadata:
-      annotations:
-        kubectl.kubernetes.io/default-container: manager
       labels:
-        control-plane: controller-manager
+        control-plane: capoa-bootstrap-controller-manager
     spec:
       containers:
       - args:
@@ -956,5 +885,5 @@ spec:
             - ALL
       securityContext:
         runAsNonRoot: true
-      serviceAccountName: capi-agent-bootstrapcontroller-manager
+      serviceAccountName: capoa-bootstrap-controller-manager
       terminationGracePeriodSeconds: 10

bootstrap/config/default/kustomization.yaml

@@ -1,19 +1,3 @@
-# Adds namespace to all resources.
-namespace: capi-agent-bootstrap-system
-
-# Value of this field is prepended to the
-# names of all resources, e.g. a deployment named
-# "wordpress" becomes "alices-wordpress".
-# Note that it should also match with the prefix (text before '-') of the namespace
-# field above.
-namePrefix: capi-agent-bootstrap
-
-# Labels to add to all resources and selectors.
-#labels:
-#- includeSelectors: true
-#  pairs:
-#    someName: someValue
-
 resources:
 - ../crd
 - ../rbac

bootstrap/config/default/manager_auth_proxy_patch.yaml

@@ -3,8 +3,8 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: controller-manager
-  namespace: system
+  name: capoa-bootstrap-controller-manager
+  namespace: capoa-system
 spec:
   template:
     spec:

bootstrap/config/manager/manager.yaml

@@ -1,70 +1,25 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  labels:
-    control-plane: controller-manager
-    app.kubernetes.io/name: namespace
-    app.kubernetes.io/instance: system
-    app.kubernetes.io/component: manager
-    app.kubernetes.io/created-by: cluster-api-agent
-    app.kubernetes.io/part-of: cluster-api-agent
-    app.kubernetes.io/managed-by: kustomize
-  name: system
+  name: capoa-system
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: controller-manager
-  namespace: system
-  labels:
-    control-plane: controller-manager
-    app.kubernetes.io/name: deployment
-    app.kubernetes.io/instance: controller-manager
-    app.kubernetes.io/component: manager
-    app.kubernetes.io/created-by: cluster-api-agent
-    app.kubernetes.io/part-of: cluster-api-agent
-    app.kubernetes.io/managed-by: kustomize
+  name: capoa-bootstrap-controller-manager
+  namespace: capoa-system
 spec:
   selector:
     matchLabels:
-      control-plane: controller-manager
+      control-plane: capoa-bootstrap-controller-manager
   replicas: 1
   template:
     metadata:
-      annotations:
-        kubectl.kubernetes.io/default-container: manager
       labels:
-        control-plane: controller-manager
+        control-plane: capoa-bootstrap-controller-manager
     spec:
-      # TODO(user): Uncomment the following code to configure the nodeAffinity expression
-      # according to the platforms which are supported by your solution.
-      # It is considered best practice to support multiple architectures. You can
-      # build your manager image using the makefile target docker-buildx.
-      # affinity:
-      #   nodeAffinity:
-      #     requiredDuringSchedulingIgnoredDuringExecution:
-      #       nodeSelectorTerms:
-      #         - matchExpressions:
-      #           - key: kubernetes.io/arch
-      #             operator: In
-      #             values:
-      #               - amd64
-      #               - arm64
-      #               - ppc64le
-      #               - s390x
-      #           - key: kubernetes.io/os
-      #             operator: In
-      #             values:
-      #               - linux
       securityContext:
         runAsNonRoot: true
-        # TODO(user): For common cases that do not require escalating privileges
-        # it is recommended to ensure that all your Pods/Containers are restrictive.
-        # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
-        # Please uncomment the following code if your project does NOT have to work on old Kubernetes
-        # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ).
-        # seccompProfile:
-        #   type: RuntimeDefault
       containers:
       - command:
         - /manager
@@ -95,14 +50,12 @@ spec:
             port: 8081
           initialDelaySeconds: 5
           periodSeconds: 10
-        # TODO(user): Configure the resources accordingly based on the project requirements.
-        # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
         resources:
           limits:
             cpu: 500m
             memory: 128Mi
           requests:
             cpu: 10m
             memory: 64Mi
-      serviceAccountName: controller-manager
+      serviceAccountName: capoa-bootstrap-controller-manager
       terminationGracePeriodSeconds: 10

bootstrap/config/prometheus/monitor.yaml

@@ -2,16 +2,8 @@
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
-  labels:
-    control-plane: controller-manager
-    app.kubernetes.io/name: servicemonitor
-    app.kubernetes.io/instance: controller-manager-metrics-monitor
-    app.kubernetes.io/component: metrics
-    app.kubernetes.io/created-by: cluster-api-agent
-    app.kubernetes.io/part-of: cluster-api-agent
-    app.kubernetes.io/managed-by: kustomize
-  name: controller-manager-metrics-monitor
-  namespace: system
+  name: capoa-bootstrap-controller-manager-metrics-monitor
+  namespace: capoa-system
 spec:
   endpoints:
     - path: /metrics
@@ -22,4 +14,4 @@ spec:
         insecureSkipVerify: true
   selector:
     matchLabels:
-      control-plane: controller-manager
+      control-plane: capoa-bootstrap-controller-manager