🌱 Update release-4.5 with master to do PATCH release 4.5.1 (#4573)

* Make kubebuilder go-installable Closes 4079 (Make kubebuilder go install-able) Signed-off-by: Miguel Elias dos Santos <[email protected]> * 🐛 Fix Kubernetes version in the goreleaser by upgrading it from 1.31.0 to 1.32.0 * fix: webhook testEnv Signed-off-by: Mateus Oliveira <[email protected]> * fix: disallow files containing unwanted extension files when initializing a project * 📖 Bump sigs.k8s.io/kubebuilder/v4 Bumps [sigs.k8s.io/kubebuilder/v4](https://github.com/kubernetes-sigs/kubebuilder) from 4.4.0 to 4.5.0. - [Release notes](https://github.com/kubernetes-sigs/kubebuilder/releases) - [Changelog](https://github.com/kubernetes-sigs/kubebuilder/blob/master/RELEASE.md) - [Commits](v4.4.0...v4.5.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/kubebuilder/v4 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * test: add to commmon.sh the latest k8s release 1.32 * Update yamllint target to handle missing dist/chart * doc: update the Artifacts with the latest changes on the EnvTest Makefile target configurations * ✨ Upgrade controller-runtime from v0.20.0 to v0.20.1 (#4528) Upgrade controller-runtime from v0.20.0 to v0.20.1 * 📖 bump github.com/spf13/pflag Bumps [github.com/spf13/pflag](https://github.com/spf13/pflag) from 1.0.5 to 1.0.6. - [Release notes](https://github.com/spf13/pflag/releases) - [Commits](spf13/pflag@v1.0.5...v1.0.6) --- updated-dependencies: - dependency-name: github.com/spf13/pflag dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * 🌱 bump github.com/spf13/pflag from 1.0.5 to 1.0.6 Bumps [github.com/spf13/pflag](https://github.com/spf13/pflag) from 1.0.5 to 1.0.6. - [Release notes](https://github.com/spf13/pflag/releases) - [Commits](spf13/pflag@v1.0.5...v1.0.6) --- updated-dependencies: - dependency-name: github.com/spf13/pflag dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * fix: correct minor typos in documentation * Removed Prometheus dependency from e2e scaffolds * 🐛(kustomize/v2): fix ServiceMonitor with TLS kustomize scaffolding * 📖 Remove simplistic advice about multiple controllers reconciling same CR (#4537) Remove simplistic advice about multiple controllers reconciling same CR This advice is simplyfing things and making an "It depends" situation look like there was a clear good and a clear bad way that is the same in all situations. Pretty much none of the issues stated will get better if each controller gets its own CR: * Race conditions: Conflict errors can always happen and all controllers need to be able to deal with them. If a full reconciliation is too expensive, they can use something like `retry.OnConflict` * Concurrency issues with different interpretations of state: This example sounds like just buggy software. Copying the state to a new CR doesn't eliminate this problem * Maintenance and support difficulties: This is definitely not going to get any better by adding more CRDs into the mix, if anything, it will get more complicated * Status tracking complications: This is why conditions exist and Kubernetes api guidelines explicitly state that controllers need to ignore unknown conditions: `Objects may report multiple conditions, and new types of conditions may be added in the future or by 3rd party controllers.`, [ref][0] * Performance issues: If multiple controllers do the same thing, that is a bug regardless of all other considerations and can easily lead to correctness and performance issues. The `workqueue` locks items while they are reconciled to avoid exactly that, but obviously it doesn't work cross-controller To illustrate the situation, think about the `Pod` object, in the lifecycle of a pod we usually have at least cluster-autoscaler, scheduler and kubelet. Making cluster-autoscaler act on a `PodScaleRequest` and scheduler on a `PodScheduleRequest` would be a complication, not a simplification. [0]: https://github.com/kubernetes/community/blob/322066e7dba7c5043071392fec427a57f8660734/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties * 🌱 ci: fix testdata - issues caused by some merge conflict with go mod (#4538) ci: fix testdata - issues caused by some merge conflict with go mod * Revert "Merge pull request #4512 from sarthaksarthak9/lint" (#4539) This reverts commit ded393e, reversing changes made to 543b4a1. * add context.Context to EnqueuRequestsFromMapFunc The underlying `TypedMapFunc` requires this argument, reference https://github.com/kubernetes-sigs/controller-runtime/blob/main/pkg/handler/enqueue_mapped.go#L36 * 🌱 bump golang.org/x/text from 0.21.0 to 0.22.0 Bumps [golang.org/x/text](https://github.com/golang/text) from 0.21.0 to 0.22.0. - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.21.0...v0.22.0) --- updated-dependencies: - dependency-name: golang.org/x/text dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * handle missing boilerplate file gracefully * 📖 Fix grammar in lets -> let's. * Update controller-runtime version used in the common.sh tests * Update Roadmap 2025 with latest status * 🌱 Improve samples linting & fix samples lint issues This commit includes: - Fix linter issues - Refactor fetchCronJob in sample controller reconcile func - Fix getting-started tutorial lint issues - Fix multiversion tutorial lint issues - Fix cronjob-tutorial lint issues - Refactor cronjob controller reconcile to reduce cyclomatic complexity * Revert "🐛 (kustomize/v2): fix ServiceMonitor with TLS kustomize scaffolding" * 🌱 Bump golang.org/x/tools from 0.29.0 to 0.30.0 Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.29.0 to 0.30.0. - [Release notes](https://github.com/golang/tools/releases) - [Commits](golang/tools@v0.29.0...v0.30.0) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * ✨ Upgrade controller-gen from v0.17.1 to v0.17.2 (#4553) Upgrade controller-gen from v0.17.1 to v0.17.2 * (go/v4,ksutomize/v2,helm/v1-alpha): Fix prometheus integration with TLS check Co-Author: Abhisek Dwivedi <[email protected]> * Update alpha generate command so that --repo is always included when running kubebuilder init to fix issue when not on GOPATH * 🌱 fix testdata generation (#4569) fix testdata generation * 🌱 Bump github.com/spf13/cobra from 1.8.1 to 1.9.1 Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.8.1 to 1.9.1. - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](spf13/cobra@v1.8.1...v1.9.1) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * ✨ Upgrade controller-runtime from v0.20.1 to v0.20.2 (#4570) Upgrade controller-runtime from v0.20.1 to v0.20.2 and K8s version from v1.32.0 to 1.32.1 * Added e2e tests for alpha generate command for scaffolded data under testdata changes due to running make generate --------- Signed-off-by: Miguel Elias dos Santos <[email protected]> Signed-off-by: Mateus Oliveira <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: Miguel Elias dos Santos <[email protected]> Co-authored-by: Kubernetes Prow Robot <[email protected]> Co-authored-by: Mateus Oliveira <[email protected]> Co-authored-by: Afzal Ansari <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: sarthaksarthak9 <[email protected]> Co-authored-by: sapphire <[email protected]> Co-authored-by: Anshuman <[email protected]> Co-authored-by: Abhisek Dwivedi <[email protected]> Co-authored-by: Alvaro Aleman <[email protected]> Co-authored-by: mwdomino <[email protected]> Co-authored-by: Thomas Guettler <[email protected]> Co-authored-by: Wazery <[email protected]> Co-authored-by: Freddy Esteban Perez <[email protected]> Co-authored-by: Manali Latkar <[email protected]>
kubernetes-sigs · Feb 21, 2025 · f221505 · f221505
1 parent 7153119
commit f221505
Show file tree

Hide file tree

Showing 176 changed files with 2,024 additions and 946 deletions.
diff --git a/.github/workflows/lint-sample.yml b/.github/workflows/lint-sample.yml
@@ -16,7 +16,10 @@ jobs:
         folder: [
           "testdata/project-v4",
           "testdata/project-v4-with-plugins",
-          "testdata/project-v4-multigroup"
+          "testdata/project-v4-multigroup",
+          "docs/book/src/cronjob-tutorial/testdata/project",
+          "docs/book/src/getting-started/testdata/project",
+          "docs/book/src/multiversion-tutorial/testdata/project"
         ]
     if: (github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository)
     steps:

diff --git a/.github/workflows/test-e2e-samples.yml b/.github/workflows/test-e2e-samples.yml
@@ -43,8 +43,8 @@ jobs:
           sed -i '25s/^#//' $KUSTOMIZATION_FILE_PATH
           sed -i '47,49s/^#//' $KUSTOMIZATION_FILE_PATH
           # Uncomment all cert-manager injections
-          sed -i '59,212s/^#//' $KUSTOMIZATION_FILE_PATH
-          sed -i '214,229s/^#//' $KUSTOMIZATION_FILE_PATH
+          sed -i '59,234s/^#//' $KUSTOMIZATION_FILE_PATH
+          sed -i '236,251s/^#//' $KUSTOMIZATION_FILE_PATH
           cd testdata/project-v4/
           go mod tidy
 
@@ -86,10 +86,12 @@ jobs:
           # Uncomment only ValidatingWebhookConfiguration
           # from cert-manager replaces; we are leaving defaulting uncommented
           # since this sample has no defaulting webhooks
-          sed -i '59,164s/^#//' $KUSTOMIZATION_FILE_PATH
+          sed -i '59,77s/^#//' $KUSTOMIZATION_FILE_PATH
+          sed -i '90,107s/^#//' $KUSTOMIZATION_FILE_PATH
+          sed -i '120,186s/^#//' $KUSTOMIZATION_FILE_PATH
           # Uncomment only --conversion webhooks CA injection
-          sed -i '197,212s/^#//' $KUSTOMIZATION_FILE_PATH
-          sed -i '214,229s/^#//' $KUSTOMIZATION_FILE_PATH
+          sed -i '219,234s/^#//' $KUSTOMIZATION_FILE_PATH
+          sed -i '236,251s/^#//' $KUSTOMIZATION_FILE_PATH
           cd testdata/project-v4-with-plugins/
           go mod tidy
 
@@ -129,9 +131,10 @@ jobs:
           KUSTOMIZATION_FILE_PATH="testdata/project-v4-multigroup/config/default/kustomization.yaml"
           sed -i '25s/^#//' $KUSTOMIZATION_FILE_PATH
           # Uncomment all cert-manager injections for webhooks only
-          sed -i '59,59s/^#//' $KUSTOMIZATION_FILE_PATH
-          sed -i '98,212s/^#//' $KUSTOMIZATION_FILE_PATH
-          sed -i '214,229s/^#//' $KUSTOMIZATION_FILE_PATH
+          sed -i '59,77s/^#//' $KUSTOMIZATION_FILE_PATH
+          sed -i '90,107s/^#//' $KUSTOMIZATION_FILE_PATH
+          sed -i '120,234s/^#//' $KUSTOMIZATION_FILE_PATH
+          sed -i '236,251s/^#//' $KUSTOMIZATION_FILE_PATH
           cd testdata/project-v4-multigroup
           go mod tidy
 

diff --git a/Makefile b/Makefile
@@ -46,15 +46,15 @@ help: ## Display this help
 ##@ Build
 
 LD_FLAGS=-ldflags " \
-    -X main.kubeBuilderVersion=$(shell git describe --tags --dirty --broken) \
-    -X main.goos=$(shell go env GOOS) \
-    -X main.goarch=$(shell go env GOARCH) \
-    -X main.gitCommit=$(shell git rev-parse HEAD) \
-    -X main.buildDate=$(shell date -u +'%Y-%m-%dT%H:%M:%SZ') \
+    -X cmd.kubeBuilderVersion=$(shell git describe --tags --dirty --broken) \
+    -X cmd.goos=$(shell go env GOOS) \
+    -X cmd.goarch=$(shell go env GOARCH) \
+    -X cmd.gitCommit=$(shell git rev-parse HEAD) \
+    -X cmd.buildDate=$(shell date -u +'%Y-%m-%dT%H:%M:%SZ') \
     "
 .PHONY: build
 build: ## Build the project locally
-	go build $(LD_FLAGS) -o bin/kubebuilder ./cmd
+	go build $(LD_FLAGS) -o bin/kubebuilder
 
 .PHONY: install
 install: build ## Build and install the binary with the current source code. Use it to test your changes locally.

diff --git a/RELEASE.md b/RELEASE.md
@@ -68,7 +68,7 @@ The releases occur in an account in the Google Cloud (See [here](https://console
 ### To build the Kubebuilder CLI binaries:
 
 A trigger GitHub action [release](.github/workflows/release.yml) is trigged when a new tag is pushed.
-This action will caall the job [./build/.goreleaser.yml](./build/.goreleaser.yml).
+This action will call the job [./build/.goreleaser.yml](./build/.goreleaser.yml).
 
 ###  (Deprecated) - To build the Kubebuilder-tools: (Artifacts required to use ENV TEST)
 
@@ -93,7 +93,7 @@ see: https://github.com/kubernetes-sigs/kubebuilder/discussions/3907
 These images are built from the project [brancz/kube-rbac-proxy](https://github.com/brancz/kube-rbac-proxy).
 The projects built with Kubebuilder creates a side container with `kube-rbac-proxy` to protect the Manager.
 
-These images are can be checked in the consolse, see [here](https://console.cloud.google.com/gcr/images/kubebuilder/GLOBAL/kube-rbac-proxy).
+These images can be checked in the console, see [here](https://console.cloud.google.com/gcr/images/kubebuilder/GLOBAL/kube-rbac-proxy).
 
 The project `kube-rbac-proxy` is in the process to be donated to the k8s org. However, it is going on for a long time and then,
 we have no ETA for that to occur. When that occurs we can automate this process. But until there we need to generate these images

diff --git a/build/.goreleaser.yml b/build/.goreleaser.yml
@@ -29,16 +29,15 @@ before:
 # Build a binary for each target in targets.
 builds:
   - id: kubebuilder
-    main: ./cmd
     binary: kubebuilder
     mod_timestamp: "{{ .CommitTimestamp }}"
     ldflags:
-      - -X main.kubeBuilderVersion={{ .Version }}
-      - -X main.goos={{ .Os }}
-      - -X main.goarch={{ .Arch }}
-      - -X main.gitCommit={{ .Commit }}
-      - -X main.buildDate={{ .Date }}
-      - -X main.kubernetesVendorVersion={{ .Env.KUBERNETES_VERSION }}
+      - -X cmd.kubeBuilderVersion={{ .Version }}
+      - -X cmd.goos={{ .Os }}
+      - -X cmd.goarch={{ .Arch }}
+      - -X cmd.gitCommit={{ .Commit }}
+      - -X cmd.buildDate={{ .Date }}
+      - -X cmd.kubernetesVendorVersion={{ .Env.KUBERNETES_VERSION }}
     targets:
       - linux_amd64
       - linux_arm64
@@ -47,7 +46,7 @@ builds:
       - darwin_amd64
       - darwin_arm64
     env:
-      - KUBERNETES_VERSION=1.31.0
+      - KUBERNETES_VERSION=1.32.1
       - CGO_ENABLED=0
 
 # Only binaries of the form "kubebuilder_${goos}_${goarch}" will be released.

diff --git a/cmd/main.go → cmd/cmd.go b/cmd/main.go → cmd/cmd.go
@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-package main
+package cmd
 
 import (
 	"github.com/sirupsen/logrus"
@@ -36,7 +36,8 @@ func init() {
 	logrus.SetFormatter(&logrus.TextFormatter{DisableTimestamp: true})
 }
 
-func main() {
+// Run bootstraps & runs the CLI
+func Run() {
 	// Bundle plugin which built the golang projects scaffold with base.go/v4 and kustomize/v2 plugins
 	gov4Bundle, _ := plugin.NewBundleWithOptions(plugin.WithName(golang.DefaultNameQualifier),
 		plugin.WithVersion(plugin.Version{Number: 4}),

diff --git a/cmd/version.go b/cmd/version.go
@@ -14,19 +14,22 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-package main
+package cmd
 
 import (
 	"fmt"
+	"runtime/debug"
 )
 
+const unknown = "unknown"
+
 // var needs to be used instead of const as ldflags is used to fill this
 // information in the release process
 var (
-	kubeBuilderVersion      = "unknown"
-	kubernetesVendorVersion = "unknown"
-	goos                    = "unknown"
-	goarch                  = "unknown"
+	kubeBuilderVersion      = unknown
+	kubernetesVendorVersion = unknown
+	goos                    = unknown
+	goarch                  = unknown
 	gitCommit               = "$Format:%H$" // sha1 from git, output of $(git rev-parse HEAD)
 
 	buildDate = "1970-01-01T00:00:00Z" // build date in ISO8601 format, output of $(date -u +'%Y-%m-%dT%H:%M:%SZ')
@@ -44,6 +47,12 @@ type version struct {
 
 // versionString returns the CLI version
 func versionString() string {
+	if kubeBuilderVersion == unknown {
+		if info, ok := debug.ReadBuildInfo(); ok && info.Main.Version != "" {
+			kubeBuilderVersion = info.Main.Version
+		}
+	}
+
 	return fmt.Sprintf("Version: %#v", version{
 		kubeBuilderVersion,
 		kubernetesVendorVersion,

diff --git a/docs/book/install-and-build.sh b/docs/book/install-and-build.sh
@@ -71,7 +71,7 @@ chmod +x /tmp/mdbook
 
 echo "grabbing the latest released controller-gen"
 go version
-go install sigs.k8s.io/controller-tools/cmd/[email protected].0
+go install sigs.k8s.io/controller-tools/cmd/[email protected].2
 
 # make sure we add the go bin directory to our path
 gobin=$(go env GOBIN)

diff --git a/docs/book/src/cronjob-tutorial/testdata/finalizer_example.go b/docs/book/src/cronjob-tutorial/testdata/finalizer_example.go
@@ -64,7 +64,7 @@ func (r *CronJobReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct
 	// examine DeletionTimestamp to determine if object is under deletion
 	if cronJob.ObjectMeta.DeletionTimestamp.IsZero() {
 		// The object is not being deleted, so if it does not have our finalizer,
-		// then lets add the finalizer and update the object. This is equivalent
+		// then let's add the finalizer and update the object. This is equivalent
 		// to registering our finalizer.
 		if !controllerutil.ContainsFinalizer(cronJob, myFinalizerName) {
 			controllerutil.AddFinalizer(cronJob, myFinalizerName)
@@ -75,7 +75,7 @@ func (r *CronJobReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct
 	} else {
 		// The object is being deleted
 		if controllerutil.ContainsFinalizer(cronJob, myFinalizerName) {
-			// our finalizer is present, so lets handle any external dependency
+			// our finalizer is present, so let's handle any external dependency
 			if err := r.deleteExternalResources(cronJob); err != nil {
 				// if fail to delete the external dependency here, return with error
 				// so that it can be retried.

diff --git a/docs/book/src/cronjob-tutorial/testdata/project/Makefile b/docs/book/src/cronjob-tutorial/testdata/project/Makefile
@@ -67,8 +67,7 @@ test: manifests generate fmt vet setup-envtest ## Run tests.
 
 # TODO(user): To use a different vendor for e2e tests, modify the setup under 'tests/e2e'.
 # The default setup assumes Kind is pre-installed and builds/loads the Manager Docker image locally.
-# Prometheus and CertManager are installed by default; skip with:
-# - PROMETHEUS_INSTALL_SKIP=true
+# CertManager is installed by default; skip with:
 # - CERT_MANAGER_INSTALL_SKIP=true
 .PHONY: test-e2e
 test-e2e: manifests generate fmt vet ## Run the e2e tests. Expected an isolated environment using Kind.
@@ -177,7 +176,7 @@ GOLANGCI_LINT = $(LOCALBIN)/golangci-lint
 
 ## Tool Versions
 KUSTOMIZE_VERSION ?= v5.5.0
-CONTROLLER_TOOLS_VERSION ?= v0.17.1
+CONTROLLER_TOOLS_VERSION ?= v0.17.2
 #ENVTEST_VERSION is the version of controller-runtime release branch to fetch the envtest setup script (i.e. release-0.20)
 ENVTEST_VERSION ?= $(shell go list -m -f "{{ .Version }}" sigs.k8s.io/controller-runtime | awk -F'[v.]' '{printf "release-%d.%d", $$2, $$3}')
 #ENVTEST_K8S_VERSION is the version of Kubernetes to use for setting up ENVTEST binaries (i.e. 1.31)

diff --git a/docs/book/src/cronjob-tutorial/testdata/project/cmd/main.go b/docs/book/src/cronjob-tutorial/testdata/project/cmd/main.go
@@ -155,7 +155,7 @@ func main() {
 
 	// Metrics endpoint is enabled in 'config/default/kustomization.yaml'. The Metrics options configure the server.
 	// More info:
-	// - https://pkg.go.dev/sigs.k8s.io/[email protected].0/pkg/metrics/server
+	// - https://pkg.go.dev/sigs.k8s.io/[email protected].2/pkg/metrics/server
 	// - https://book.kubebuilder.io/reference/metrics.html
 	metricsServerOptions := metricsserver.Options{
 		BindAddress:   metricsAddr,
@@ -167,7 +167,7 @@ func main() {
 		// FilterProvider is used to protect the metrics endpoint with authn/authz.
 		// These configurations ensure that only authorized users and service accounts
 		// can access the metrics endpoint. The RBAC are configured in 'config/rbac/kustomization.yaml'. More info:
-		// https://pkg.go.dev/sigs.k8s.io/[email protected].0/pkg/metrics/filters#WithAuthenticationAndAuthorization
+		// https://pkg.go.dev/sigs.k8s.io/[email protected].2/pkg/metrics/filters#WithAuthenticationAndAuthorization
 		metricsServerOptions.FilterProvider = filters.WithAuthenticationAndAuthorization
 	}
 

diff --git a/...ob-tutorial/testdata/project/config/crd/bases/batch.tutorial.kubebuilder.io_cronjobs.yaml b/...ob-tutorial/testdata/project/config/crd/bases/batch.tutorial.kubebuilder.io_cronjobs.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.17.1
+    controller-gen.kubebuilder.io/version: v0.17.2
   name: cronjobs.batch.tutorial.kubebuilder.io
 spec:
   group: batch.tutorial.kubebuilder.io

diff --git a/docs/book/src/cronjob-tutorial/testdata/project/config/default/kustomization.yaml b/docs/book/src/cronjob-tutorial/testdata/project/config/default/kustomization.yaml
@@ -75,6 +75,17 @@ replacements:
          delimiter: '.'
          index: 0
          create: true
+     - select: # Uncomment the following to set the Service name for TLS config in Prometheus ServiceMonitor
+         kind: ServiceMonitor
+         group: monitoring.coreos.com
+         version: v1
+         name: controller-manager-metrics-monitor
+       fieldPaths:
+         - spec.endpoints.0.tlsConfig.serverName
+       options:
+         delimiter: '.'
+         index: 0
+         create: true
 
  - source:
      kind: Service
@@ -94,6 +105,17 @@ replacements:
          delimiter: '.'
          index: 1
          create: true
+     - select: # Uncomment the following to set the Service namespace for TLS in Prometheus ServiceMonitor
+         kind: ServiceMonitor
+         group: monitoring.coreos.com
+         version: v1
+         name: controller-manager-metrics-monitor
+       fieldPaths:
+         - spec.endpoints.0.tlsConfig.serverName
+       options:
+         delimiter: '.'
+         index: 1
+         create: true
 
  - source: # Uncomment the following block if you have any webhook
      kind: Service

diff --git a/docs/book/src/cronjob-tutorial/testdata/project/config/prometheus/monitor_tls_patch.yaml b/docs/book/src/cronjob-tutorial/testdata/project/config/prometheus/monitor_tls_patch.yaml
@@ -1,22 +1,19 @@
 # Patch for Prometheus ServiceMonitor to enable secure TLS configuration
 # using certificates managed by cert-manager
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  name: controller-manager-metrics-monitor
-  namespace: system
-spec:
-  endpoints:
-    - tlsConfig:
-        insecureSkipVerify: false
-        ca:
-          secret:
-            name: metrics-server-cert
-            key: ca.crt
-        cert:
-          secret:
-            name: metrics-server-cert
-            key: tls.crt
-        keySecret:
-          name: metrics-server-cert
-          key: tls.key
+- op: replace
+  path: /spec/endpoints/0/tlsConfig
+  value:
+    # SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize
+    serverName: SERVICE_NAME.SERVICE_NAMESPACE.svc
+    insecureSkipVerify: false
+    ca:
+      secret:
+        name: metrics-server-cert
+        key: ca.crt
+    cert:
+      secret:
+        name: metrics-server-cert
+        key: tls.crt
+    keySecret:
+      name: metrics-server-cert
+      key: tls.key
diff --git a/...ial/testdata/project/dist/chart/templates/crd/batch.tutorial.kubebuilder.io_cronjobs.yaml b/...ial/testdata/project/dist/chart/templates/crd/batch.tutorial.kubebuilder.io_cronjobs.yaml
@@ -9,7 +9,7 @@ metadata:
     {{- if .Values.crd.keep }}
     "helm.sh/resource-policy": keep
     {{- end }}
-    controller-gen.kubebuilder.io/version: v0.17.1
+    controller-gen.kubebuilder.io/version: v0.17.2
   name: cronjobs.batch.tutorial.kubebuilder.io
 spec:
   group: batch.tutorial.kubebuilder.io

diff --git a/docs/book/src/cronjob-tutorial/testdata/project/dist/chart/templates/prometheus/monitor.yaml b/docs/book/src/cronjob-tutorial/testdata/project/dist/chart/templates/prometheus/monitor.yaml
@@ -15,6 +15,7 @@ spec:
       bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
       tlsConfig:
         {{- if .Values.certmanager.enable }}
+        serverName: project-controller-manager-metrics-service.{{ .Release.Namespace }}.svc
         # Apply secure TLS configuration with cert-manager
         insecureSkipVerify: false
         ca:

diff --git a/docs/book/src/cronjob-tutorial/testdata/project/dist/install.yaml b/docs/book/src/cronjob-tutorial/testdata/project/dist/install.yaml
@@ -11,7 +11,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.17.1
+    controller-gen.kubebuilder.io/version: v0.17.2
   name: cronjobs.batch.tutorial.kubebuilder.io
 spec:
   group: batch.tutorial.kubebuilder.io
@@ -4276,7 +4276,11 @@ metadata:
   namespace: project-system
 spec:
   endpoints:
-  - tlsConfig:
+  - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+    path: /metrics
+    port: https
+    scheme: https
+    tlsConfig:
       ca:
         secret:
           key: ca.crt
@@ -4289,6 +4293,7 @@ spec:
       keySecret:
         key: tls.key
         name: metrics-server-cert
+      serverName: project-controller-manager-metrics-service.project-system.svc
   selector:
     matchLabels:
       app.kubernetes.io/name: project