From fe9d16a3c3761789cbf4488bd304ab04e0c8f211 Mon Sep 17 00:00:00 2001
From: Jon Huhn <johuhn@microsoft.com>
Date: Fri, 14 Apr 2023 14:37:08 -0500
Subject: [PATCH] add ASO install

---
 config/aso/credentials.yaml                   | 10 ++++
 config/aso/kustomization.yaml                 | 53 +++++++++++++++++++
 .../aad-pod-identity-deployment.yaml          |  0
 config/{default => capz}/credentials.yaml     |  0
 config/capz/kustomization.yaml                | 53 +++++++++++++++++++
 config/{default => capz}/kustomizeconfig.yaml |  0
 .../manager_credentials_patch.yaml            |  0
 .../manager_image_patch.yaml                  |  0
 .../manager_prometheus_metrics_patch.yaml     |  0
 .../manager_pull_policy.yaml                  |  0
 .../manager_webhook_patch.yaml                |  0
 config/{default => capz}/namespace.yaml       |  0
 .../webhookcainjection_patch.yaml             |  0
 config/default/kustomization.yaml             | 53 +------------------
 14 files changed, 117 insertions(+), 52 deletions(-)
 create mode 100644 config/aso/credentials.yaml
 create mode 100644 config/aso/kustomization.yaml
 rename config/{default => capz}/aad-pod-identity-deployment.yaml (100%)
 rename config/{default => capz}/credentials.yaml (100%)
 create mode 100644 config/capz/kustomization.yaml
 rename config/{default => capz}/kustomizeconfig.yaml (100%)
 rename config/{default => capz}/manager_credentials_patch.yaml (100%)
 rename config/{default => capz}/manager_image_patch.yaml (100%)
 rename config/{default => capz}/manager_prometheus_metrics_patch.yaml (100%)
 rename config/{default => capz}/manager_pull_policy.yaml (100%)
 rename config/{default => capz}/manager_webhook_patch.yaml (100%)
 rename config/{default => capz}/namespace.yaml (100%)
 rename config/{default => capz}/webhookcainjection_patch.yaml (100%)

diff --git a/config/aso/credentials.yaml b/config/aso/credentials.yaml
new file mode 100644
index 000000000000..6476ac11352b
--- /dev/null
+++ b/config/aso/credentials.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: aso-controller-settings
+type: Opaque
+data:
+  AZURE_SUBSCRIPTION_ID: ${AZURE_SUBSCRIPTION_ID_B64:=""}
+  AZURE_TENANT_ID: ${AZURE_TENANT_ID_B64:=""}
+  AZURE_CLIENT_ID: ${AZURE_CLIENT_ID_B64:=""}
+  AZURE_CLIENT_SECRET: ${AZURE_CLIENT_SECRET_B64:=""}
diff --git a/config/aso/kustomization.yaml b/config/aso/kustomization.yaml
new file mode 100644
index 000000000000..ec9a10feb173
--- /dev/null
+++ b/config/aso/kustomization.yaml
@@ -0,0 +1,53 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+namespace: capz-system
+resources:
+- https://github.com/Azure/azure-service-operator/releases/download/v2.0.0/azureserviceoperator_v2.0.0.yaml
+- https://github.com/Azure/azure-service-operator/releases/download/v2.0.0/azureserviceoperator_customresourcedefinitions_v2.0.0.yaml
+- credentials.yaml
+
+patches:
+  - patch: |- # default kustomization includes a namespace already
+      $patch: delete
+      apiVersion: v1
+      kind: Namespace
+      metadata:
+        name: capz-system
+  - patch: |- # CAPZ will manage ASO's CRDs
+      - op: test
+        path: /spec/template/spec/containers/0/args/4
+        value: --crd-pattern=*
+      - op: remove
+        path: /spec/template/spec/containers/0/args/4
+    target:
+      group: apps
+      version: v1
+      kind: Deployment
+      name: azureserviceoperator-controller-manager
+
+replacements:
+  - source:
+      kind: Certificate
+      group: cert-manager.io
+      version: v1
+      name: azureserviceoperator-serving-cert
+      fieldPath: metadata.namespace
+    targets:
+      - select:
+          version: v1
+        fieldPaths:
+          - metadata.annotations.cert-manager\.io/inject-ca-from
+        options:
+          delimiter: /
+          index: 0
+      - select:
+          group: cert-manager.io
+          version: v1
+          kind: Certificate
+          name: azureserviceoperator-serving-cert
+        fieldPaths:
+          - spec.dnsNames.0
+          - spec.dnsNames.1
+        options:
+          delimiter: .
+          index: 1
diff --git a/config/default/aad-pod-identity-deployment.yaml b/config/capz/aad-pod-identity-deployment.yaml
similarity index 100%
rename from config/default/aad-pod-identity-deployment.yaml
rename to config/capz/aad-pod-identity-deployment.yaml
diff --git a/config/default/credentials.yaml b/config/capz/credentials.yaml
similarity index 100%
rename from config/default/credentials.yaml
rename to config/capz/credentials.yaml
diff --git a/config/capz/kustomization.yaml b/config/capz/kustomization.yaml
new file mode 100644
index 000000000000..e73000cc2fcb
--- /dev/null
+++ b/config/capz/kustomization.yaml
@@ -0,0 +1,53 @@
+namespace: capz-system
+
+namePrefix: capz-
+
+resources:
+  - namespace.yaml
+  - credentials.yaml
+  - aad-pod-identity-deployment.yaml  
+
+bases:
+  - ../crd
+  - ../rbac
+  - ../manager
+  - ../webhook
+  - ../certmanager
+
+patchesStrategicMerge:
+  - manager_image_patch.yaml
+  - manager_pull_policy.yaml
+  - manager_credentials_patch.yaml
+  - manager_webhook_patch.yaml
+  - webhookcainjection_patch.yaml
+
+vars:
+  - name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
+    objref:
+      kind: Certificate
+      group: cert-manager.io
+      version: v1
+      name: serving-cert # this name should match the one in certificate.yaml
+    fieldref:
+      fieldpath: metadata.namespace
+  - name: CERTIFICATE_NAME
+    objref:
+      kind: Certificate
+      group: cert-manager.io
+      version: v1
+      name: serving-cert # this name should match the one in certificate.yaml
+  - name: SERVICE_NAMESPACE # namespace of the service
+    objref:
+      kind: Service
+      version: v1
+      name: webhook-service
+    fieldref:
+      fieldpath: metadata.namespace
+  - name: SERVICE_NAME
+    objref:
+      kind: Service
+      version: v1
+      name: webhook-service
+
+configurations:
+  - kustomizeconfig.yaml
diff --git a/config/default/kustomizeconfig.yaml b/config/capz/kustomizeconfig.yaml
similarity index 100%
rename from config/default/kustomizeconfig.yaml
rename to config/capz/kustomizeconfig.yaml
diff --git a/config/default/manager_credentials_patch.yaml b/config/capz/manager_credentials_patch.yaml
similarity index 100%
rename from config/default/manager_credentials_patch.yaml
rename to config/capz/manager_credentials_patch.yaml
diff --git a/config/default/manager_image_patch.yaml b/config/capz/manager_image_patch.yaml
similarity index 100%
rename from config/default/manager_image_patch.yaml
rename to config/capz/manager_image_patch.yaml
diff --git a/config/default/manager_prometheus_metrics_patch.yaml b/config/capz/manager_prometheus_metrics_patch.yaml
similarity index 100%
rename from config/default/manager_prometheus_metrics_patch.yaml
rename to config/capz/manager_prometheus_metrics_patch.yaml
diff --git a/config/default/manager_pull_policy.yaml b/config/capz/manager_pull_policy.yaml
similarity index 100%
rename from config/default/manager_pull_policy.yaml
rename to config/capz/manager_pull_policy.yaml
diff --git a/config/default/manager_webhook_patch.yaml b/config/capz/manager_webhook_patch.yaml
similarity index 100%
rename from config/default/manager_webhook_patch.yaml
rename to config/capz/manager_webhook_patch.yaml
diff --git a/config/default/namespace.yaml b/config/capz/namespace.yaml
similarity index 100%
rename from config/default/namespace.yaml
rename to config/capz/namespace.yaml
diff --git a/config/default/webhookcainjection_patch.yaml b/config/capz/webhookcainjection_patch.yaml
similarity index 100%
rename from config/default/webhookcainjection_patch.yaml
rename to config/capz/webhookcainjection_patch.yaml
diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
index e5e7199c267c..e162d40ca676 100644
--- a/config/default/kustomization.yaml
+++ b/config/default/kustomization.yaml
@@ -1,57 +1,6 @@
-namespace: capz-system
-
-namePrefix: capz-
-
 # Labels to add to all resources and selectors.
 commonLabels:
   cluster.x-k8s.io/provider: "infrastructure-azure"
 
 resources:
-  - namespace.yaml
-  - credentials.yaml
-  - aad-pod-identity-deployment.yaml  
-
-bases:
-  - ../crd
-  - ../rbac
-  - ../manager
-  - ../webhook
-  - ../certmanager
-
-patchesStrategicMerge:
-  - manager_image_patch.yaml
-  - manager_pull_policy.yaml
-  - manager_credentials_patch.yaml
-  - manager_webhook_patch.yaml
-  - webhookcainjection_patch.yaml
-
-vars:
-  - name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
-    objref:
-      kind: Certificate
-      group: cert-manager.io
-      version: v1
-      name: serving-cert # this name should match the one in certificate.yaml
-    fieldref:
-      fieldpath: metadata.namespace
-  - name: CERTIFICATE_NAME
-    objref:
-      kind: Certificate
-      group: cert-manager.io
-      version: v1
-      name: serving-cert # this name should match the one in certificate.yaml
-  - name: SERVICE_NAMESPACE # namespace of the service
-    objref:
-      kind: Service
-      version: v1
-      name: webhook-service
-    fieldref:
-      fieldpath: metadata.namespace
-  - name: SERVICE_NAME
-    objref:
-      kind: Service
-      version: v1
-      name: webhook-service
-
-configurations:
-  - kustomizeconfig.yaml
+  - ../capz