openshift · qJkee · Jun 17, 2025
diff --git a/Makefile b/Makefile
@@ -202,6 +202,8 @@ uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified
 	$(KUSTOMIZE) build config/crd | kubectl delete -f -
 
 deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
+	cd config/default && \
+		$(KUSTOMIZE) edit set namespace $(OPERATOR_NAMESPACE)
 	cd config/manager && \
 		$(KUSTOMIZE) edit set image controller=$(IMG) && \
 		$(KUSTOMIZE) edit set nameprefix $(MANAGER_NAME_PREFIX) && \

diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
@@ -24,11 +24,11 @@ namespace: openshift-storage
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
+- namespace.yaml
 - ../crd
 - ../rbac
 - ../manager
 - ../webhook
 patches:
 - path: manager_metrics_patch.yaml
 - path: manager_webhook_patch.yaml
-- path: webhookcainjection_patch.yaml
diff --git a/config/default/namespace.yaml b/config/default/namespace.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  annotations:
+    workload.openshift.io/allowed: "management"
+  labels:
+    app.kubernetes.io/name: lvms-operator
+    security.openshift.io/scc.podSecurityLabelSync: "false"
+    pod-security.kubernetes.io/enforce: "privileged"
+    pod-security.kubernetes.io/warn: "privileged"
+    pod-security.kubernetes.io/audit: "privileged"
+    openshift.io/cluster-monitoring: "true"
+  name: system
diff --git a/config/default/webhookcainjection_patch.yaml b/config/default/webhookcainjection_patch.yaml
diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
@@ -1,13 +1,15 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namePrefix: lvms-
+namespace: openshift-storage
+
 resources:
 - manager.yaml
 
 generatorOptions:
   disableNameSuffixHash: true
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
+
 images:
 - name: controller
   newName: quay.io/lvms_dev/lvms-operator
   newTag: latest
-namePrefix: lvms-
-namespace: openshift-storage
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -1,17 +1,3 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  annotations:
-    workload.openshift.io/allowed: "management"
-  labels:
-    app.kubernetes.io/name: lvms-operator
-    security.openshift.io/scc.podSecurityLabelSync: "false"
-    pod-security.kubernetes.io/enforce: "privileged"
-    pod-security.kubernetes.io/warn: "privileged"
-    pod-security.kubernetes.io/audit: "privileged"
-    openshift.io/cluster-monitoring: "true"
-  name: system
----
 apiVersion: apps/v1
 kind: Deployment
 metadata:

diff --git a/config/prometheus/kustomization.yaml b/config/prometheus/kustomization.yaml
@@ -1,8 +1,24 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: openshift-storage
+
 resources:
 - monitor.yaml
 - prometheus_rules.yaml
 - metrics_service.yaml
 - vgmanager_metrics_service.yaml
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: openshift-storage
+
+replacements:
+- source:
+    fieldPath: metadata.namespace
+    kind: ServiceMonitor
+  targets:
+  - fieldPaths:
+    - spec.endpoints.0.tlsConfig.serverName
+    - spec.endpoints.1.tlsConfig.serverName
+    options:
+      delimiter: .
+      index: 1
+    select:
+      kind: ServiceMonitor
+      name: lvms-operator-metrics-monitor
diff --git a/config/webhook/kustomization.yaml b/config/webhook/kustomization.yaml
@@ -1,12 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-
+namespace: openshift-storage
 namePrefix: lvms-
 
 resources:
-- manifests.yaml
+- validating_webhook_config.yaml
 - service.yaml
-
-configurations:
-- kustomizeconfig.yaml
-namespace: openshift-storage
diff --git a/config/webhook/kustomizeconfig.yaml b/config/webhook/kustomizeconfig.yaml
diff --git a/config/webhook/service.yaml b/config/webhook/service.yaml
@@ -1,4 +1,3 @@
-
 apiVersion: v1
 kind: Service
 metadata:

diff --git a/config/webhook/validating_webhook_config.yaml b/config/webhook/validating_webhook_config.yaml
@@ -0,0 +1,27 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: validating-webhook-configuration
+  annotations:
+    service.beta.openshift.io/inject-cabundle: "true"
+webhooks:
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: webhook-service
+      namespace: system
+      path: /validate-lvm-topolvm-io-v1alpha1-lvmcluster
+  failurePolicy: Fail
+  name: vlvmcluster.kb.io
+  rules:
+  - apiGroups:
+    - lvm.topolvm.io
+    apiVersions:
+    - v1alpha1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - lvmclusters
+  sideEffects: None