refactor: Remove Redundancy and duplication, check for same naming pattern on Kustomize

[jeremyharisch]

Description

Changes proposed in this pull request:

• Removing the term manager from the kustomize setup, since it is duplicated. I.e. klm-controller-manager-role which reads as kyma-lifecycle-manager-controller-manager-role, or in default profile lifecycle-manager-manager-role. Use only controller instead
• Make sure everything has klm- prefix in control-plane setup
• Align the resources to the following format <prefix>-<resource type>-<details>
  • klm-leader-election-role → klm-controller-role-leader-election
  • klm-manager-controler-role → klm-controller-role
  • ...
• Removing manifest-role and use kubebuilder rbac generator as done for other resoruces - to get rid of roles created by ahdn use use kubebuilder framwork as much as possible
• Adapt E2E Test

Old resources

default

kcp-system
---
kymas.operator.kyma-project.io
---
manifests.operator.kyma-project.io
---
moduletemplates.operator.kyma-project.io
---
watchers.operator.kyma-project.io
---
lifecycle-manager-controller-manager
---
lifecycle-manager-leader-election-role
---
lifecycle-manager-manager-role
---
lifecycle-manager-manager-role-crd
---
lifecycle-manager-manager-role-manifest
---
lifecycle-manager-metrics-reader
---
lifecycle-manager-leader-election-rolebinding
---
lifecycle-manager-manager-rolebinding
---
lifecycle-manager-manager-rolebinding-crd
---
lifecycle-manager-manager-rolebinding-manifest
---
lifecycle-manager-metrics-rolebinding
---
lifecycle-manager-metrics-service
---
lifecycle-manager-webhook-service
---
lifecycle-manager-controller-manager
---
lifecycle-manager-serving-cert
---
lifecycle-manager-selfsigned-issuer
---
lifecycle-manager-validating-webhook-configuration

control-plane profile

kymas.operator.kyma-project.io
---
manifests.operator.kyma-project.io
---
moduletemplates.operator.kyma-project.io
---
watchers.operator.kyma-project.io
---
klm-controller-manager
---
klm-leader-election-role
---
klm-manager-role
---
klm-manager-role-crd
---
klm-manager-role-manifest
---
klm-metrics-reader
---
klm-manager-rolebinding-istio-system
---
klm-leader-election-rolebinding
---
klm-manager-rolebinding-kcp-system
---
klm-manager-rolebinding-manifest
---
klm-manager-rolebinding-kyma-system
---
klm-metrics-rolebinding
---
klm-manager-rolebinding-crd
---
klm-dashboard-mandatory-modules
---
klm-dashboard-overview
---
klm-dashboard-status
---
klm-dashboard-watcher
---
klm-event-service
---
klm-metrics-service
---
klm-webhook-service
---
klm-controller-manager
---
klm-watcher-serving-cert
---
klm-serving-cert
---
klm-watcher-selfsigned-cluster-issuer
---
klm-watcher-selfsigned-issuer
---
klm-selfsigned-issuer
---
klm-controller-manager-metrics-monitor
---
klm-watcher-gateway
---
klm-kyma-watcher
---
klm-controller-manager
---
klm-validating-webhook-configuration

New Resources

default

kcp-system
---
kymas.operator.kyma-project.io
---
manifests.operator.kyma-project.io
---
moduletemplates.operator.kyma-project.io
---
watchers.operator.kyma-project.io
---
lifecycle-manager-controller
---
lifecycle-manager-controller-role-leader-election
---
lifecycle-manager-controller-role
---
lifecycle-manager-controller-role-crd
---
lifecycle-manager-controller-role-metrics
---
lifecycle-manager-controller-rolebinding-leader-election
---
lifecycle-manager-controller-rolebinding-crd
---
lifecycle-manager-controller-rolebinding-metrics
---
lifecycle-manager-manager-rolebinding
---
lifecycle-manager-metrics-service
---
lifecycle-manager-webhook-service
---
lifecycle-manager-controller
---
lifecycle-manager-serving-cert
---
lifecycle-manager-selfsigned-issuer
---
lifecycle-manager-validating-webhook-configuration

control plane

kymas.operator.kyma-project.io
---
manifests.operator.kyma-project.io
---
moduletemplates.operator.kyma-project.io
---
watchers.operator.kyma-project.io
---
klm-controller
---
klm-controller-role-leader-election
---
klm-controller-role
---
klm-controller-role-crd
---
klm-controller-role-metrics
---
klm-controller-rolebinding-istio-system
---
klm-controller-rolebinding-kcp-system
---
klm-controller-rolebinding-leader-election
---
klm-controller-rolebinding-kyma-system
---
klm-controller-rolebinding-metrics
---
klm-controller-rolebinding-crd
---
klm-dashboard-mandatory-modules
---
klm-dashboard-overview
---
klm-dashboard-status
---
klm-dashboard-watcher
---
klm-event-service
---
klm-metrics-service
---
klm-webhook-service
---
klm-controller
---
klm-watcher-serving-cert
---
klm-serving-cert
---
klm-watcher-selfsigned-cluster-issuer
---
klm-watcher-selfsigned-issuer
---
klm-selfsigned-issuer
---
klm-controller-metrics-monitor
---
klm-watcher-gateway
---
klm-kyma-watcher
---
klm-controller
---
klm-validating-webhook-configuration

Related issue(s)

[c-pius]

Questions:

• "controller-manager" term is the default by kubebuilder ("The Manager is an executable that wraps one or more Controllers") and seems to be common within K8s (e.g., kube-controller-manager). Should we keep this as such therefore?
• is there a specific reason why we use "lifecycle-manager" prefix local and "kcp" prefix for control-plane? Why not use the same prefix?
• we still have a inconsistency in that we sometimes include the type, e.g., for bindings, services, certs, ..., but sometimes we also omit it, e.g., for deployment, service account, configmap, ... We also use "role" for both Role and ClusterRole, same with rolebinding for Rolebinding and ClusterRoleBinding. Do we even need to include the type in the name? What is our use case for including it?

[c-pius]

How about trying to get to something like the following:

• all KLM-related components using the klm prefix
• controller-manager is the name of the deployment (the manager wrapping our KLM controllers)
  • everything directly related to the controller-manager deployment includes this in the name
• all KLM components not directly related the controller-manager dpeloyment don't use this infix or rather one of the thing they are related to (e.g., the dashboards have no infix, watcher-related things have watcher infix, ...)
• rolebindings may include namespace suffix for deduplication
• resource type not used as a suffix anymore

---
kymas.operator.kyma-project.io
CustomResourceDefinition
---
manifests.operator.kyma-project.io
CustomResourceDefinition
---
moduletemplates.operator.kyma-project.io
CustomResourceDefinition
---
watchers.operator.kyma-project.io
CustomResourceDefinition
---
# the service account for the controller-manager
klm-controller-manager
ServiceAccount
---
# permissions for the controller-manager to perform leader election
- klm-leader-election-role
+ klm-controller-manager-leader-election
Role
---
# base permissions for controller-manager to perform its tasks
- klm-manager-role
+ klm-controller-manager
ClusterRole
---
# additional permissions for controller-manager to perform tasks on CRDs
- klm-manager-role-crd
+ klm-controller-manager-crds
ClusterRole
---
# additional permissions for controller-manager to read from non-resource nedpoint /metrics
- klm-metrics-reader
+ klm-controller-manager-metrics
ClusterRole
---
# Permissions for KLM to read watcher's cert-manager-related resources
- klm-manager-role-istio-namespace
+ klm-controller-manager-watcher-certmanager
Role
---
# Permissions for KLM to read resources residing in the SKR
- manager-role-remote-namespace
+ klm-controller-manager-skr
Role
---
# binds the watcher's cert-manager-related resources role
- manager-rolebinding-istio-namespace
+ klm-controller-manager-watcher-certmanager
RoleBinding
---
# binds the SKR-realted resources role
- manager-rolebinding-remote-namespace
+ klm-controller-manager-skr
RoleBinding
---
# binds the leader election role to kcp-sytem namespace
- klm-leader-election-rolebinding
+ klm-controller-manager-leader-election
RoleBinding
---
# binds the base permissions for kcp-system namespace
# since kcp-sysem is the expected namespace, no additional suffix?
- klm-manager-rolebinding-kcp-system
+ klm-controller-manager
RoleBinding
---
# binds the metrics permissions for kcp-system namespace
- klm-metrics-rolebinding
+ klm-controller-manager-metrics
RoleBinding
---
# binds the CRD permissions
- klm-manager-rolebinding-crd
+ klm-controller-manager-crds
ClusterRoleBinding
---
# config defining a plutono dashboard
klm-dashboard-mandatory-modules
ConfigMap
---
# config defining a plutono dashboard
klm-dashboard-overview
ConfigMap
---
# config defining a plutono dashboard
klm-dashboard-status
ConfigMap
---
# config defining a plutono dashboard
klm-dashboard-watcher
ConfigMap
---
# service exposing events from the controller-manager
- klm-event-service
+ klm-controller-manager-events
Service
---
# service exposing metrics from the controller-manager
- klm-metrics-service
+ klm-controller-manager-metrics
Service
---
# service exposing the controller-manager's webhook 
- klm-webhook-service
+ ~~klm-controller-manager-webhook~~
+ klm-webhook-service
Service
---
# deployment wrapping the klm controllers
klm-controller-manager
Deployment
---
# serving cert for watcher
- klm-watcher-serving-cert
+ klm-watcher-serving
Certificate
---
# serving cert for controller-manager webhook
- klm-serving-cert
+ klm-controller-manager-webhook-serving
Certificate
---
# self signed cluster issuer for watcher
- klm-watcher-selfsigned-cluster-issuer
+ klm-watcher-selfsigned
ClusterIssuer
---
# self signed issuer for watcher
- klm-watcher-selfsigned-issuer
+ klm-watcher-selfsigned
Issuer
---
# self signed issues for controller-manager
- klm-selfsigned-issuer
+ klm-controller-manager-selfsigned
Issuer
---
# metrics monitor for controller-manager's metrics
- klm-controller-manager-metrics-monitor
+ klm-controller-manager-metrics
ServiceMonitor
---
# gateway for watcher
- klm-watcher-gateway
+ klm-watcher
Gateway
---
# watcher
- klm-kyma-watcher
+ klm-watcher
Watcher
---
klm-controller-manager
AuthorizationPolicy
---
- klm-validating-webhook-configuration
+ ~~klm-controller-manager~~
+ klm-validating-webhook-configuration
ValidatingWebhookConfiguration

TODOs

• check necessary changes as consequence from the renamings
  • e.g., the metrics collection will need to be updated to crawl from the new service name
• check with SRE if cleanup of resources using old name is done automatically by Argo or needs to be taken care of manually.
• kubebuilder doesn't allow to change the name of validating webhook configuration and its related service
  • issue where this was requested: allow customizing generated webhook's name and its service's namespace and name  kubernetes-sigs/controller-tools#865 (has a 3 weeks old draft PR attached, so may be coming soon.)

[c-pius]

Renaming ready now. We are waiting for feedback from SRE before merging.