public_git
/
ckotzbauer_helm-charts
mirror of https://github.com/ckotzbauer/helm-charts.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

updated access-manager to 0.3.0 (#17) 

Signed-off-by: Christian Kotzbauer <christian.kotzbauer@gmail.com>
This commit is contained in:
Christian Kotzbauer 2020-08-30 17:20:40 +02:00 committed by GitHub
parent 5c20089278
commit 1ec23dc5cd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 161 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
charts/access-manager/Chart.yaml
View File

@ -1,8 +1,8 @@
apiVersion: v1
description: Kubernetes-Operator to simplify RBAC configurations
name: access-manager
version: 0.2.0
appVersion: 0.2.0
version: 0.3.0
appVersion: 0.3.0
home: https://github.com/ckotzbauer/access-manager
sources:
- https://github.com/ckotzbauer/access-manager

5
charts/access-manager/README.md
View File

@ -12,7 +12,8 @@ $ helm install ckotzbauer/access-manager
## Prerequisites
- Kubernetes 1.9+
- Kubernetes 1.9+ (Helm chart)
- Kubernetes 1.16+ (Operator)
## Installing the Chart
@ -40,7 +41,7 @@ The following table lists the configurable parameters of the Access-Manager char
| Parameter | Description | Default |
| -------------------------------------- | ------------------------------------------------- | ----------------------------- |
| `image.repository` | container image repository | `ckotzbauer/access-manager` |
| `image.tag` | container image tag | `0.2.0` |
| `image.tag` | container image tag | `0.3.0` |
| `image.pullPolicy` | container image pull policy | `IfNotPresent` |
| `nodeSelector` | node labels for pod assignment | `{}` |
| `tolerations` | node tolerations for pod assignment | `[]` |

205
charts/access-manager/crds/rbacdefinitions.yaml
View File

@ -1,6 +1,11 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.0
creationTimestamp: null
name: rbacdefinitions.access-manager.io
spec:
group: access-manager.io
@ -30,77 +35,167 @@ spec:
type: object
spec:
description: RbacDefinitionSpec defines the desired state of RbacDefinition
type: object
properties:
paused:
type: boolean
namespaced:
description: Defines the desired state of RoleBindings
type: array
cluster:
items:
type: object
properties:
namespace:
type: object
properties:
name:
type: string
namespaceSelector:
type: object
properties:
matchLabels:
type: object
x-kubernetes-preserve-unknown-fields: true
matchExpressions:
type: array
items:
type: object
x-kubernetes-preserve-unknown-fields: true
bindings:
type: array
clusterRoleName:
type: string
name:
type: string
subjects:
items:
type: object
description: Subject contains a reference to the object or
user identities a role binding applies to. This can either
hold a direct API object reference, or a value for non-objects
such as user and group names.
properties:
apiGroup:
description: APIGroup holds the API group of the referenced
subject. Defaults to "" for ServiceAccount subjects.
Defaults to "rbac.authorization.k8s.io" for User and
Group subjects.
type: string
kind:
description: Kind of object being referenced. Values defined
by this API group are "User", "Group", and "ServiceAccount".
If the Authorizer does not recognized the kind value,
the Authorizer should report an error.
type: string
name:
description: Name of the object being referenced.
type: string
namespace:
description: Namespace of the referenced object. If the
object kind is non-namespace, such as "User" or "Group",
and this value is not empty the Authorizer should report
an error.
type: string
required:
- kind
- name
type: object
type: array
required:
- clusterRoleName
- name
- subjects
type: object
type: array
namespaced:
items:
properties:
bindings:
items:
properties:
kind:
type: string
name:
type: string
roleName:
type: string
kind:
type: string
subjects:
type: array
items:
type: object
description: Subject contains a reference to the object
or user identities a role binding applies to. This
can either hold a direct API object reference, or
a value for non-objects such as user and group names.
properties:
name:
apiGroup:
description: APIGroup holds the API group of the
referenced subject. Defaults to "" for ServiceAccount
subjects. Defaults to "rbac.authorization.k8s.io"
for User and Group subjects.
type: string
kind:
description: Kind of object being referenced. Values
defined by this API group are "User", "Group",
and "ServiceAccount". If the Authorizer does not
recognized the kind value, the Authorizer should
report an error.
type: string
name:
description: Name of the object being referenced.
type: string
namespace:
description: Namespace of the referenced object. If
the object kind is non-namespace, such as "User"
or "Group", and this value is not empty the Authorizer
should report an error.
type: string
cluster:
description: Defines the desired state of ClusterRoleBindings
type: array
items:
type: object
properties:
name:
type: string
clusterRoleName:
type: string
subjects:
type: array
items:
required:
- kind
- name
type: object
type: array
required:
- kind
- name
- roleName
- subjects
type: object
properties:
name:
type: array
namespace:
properties:
name:
type: string
required:
- name
type: object
namespaceSelector:
description: A label selector is a label query over a set of
resources. The result of matchLabels and matchExpressions
are ANDed. An empty label selector matches all objects. A
null label selector matches no objects.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or
DoesNotExist, the values array must be empty. This
array is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
kind:
type: string
namespace:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is
"key", the operator is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
required:
- bindings
type: object
type: array
paused:
type: boolean
type: object
status:
description: RbacDefinitionStatus defines the observed state of RbacDefinition
type: object
@ -109,3 +204,9 @@ spec:
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

15
charts/access-manager/templates/deployment.yaml
View File

@ -28,19 +28,8 @@ spec:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- access-manager
env:
- name: WATCH_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: "access-manager"
args:
- --enable-leader-election
securityContext:
{{ toYaml .Values.securityContext | indent 12 }}
resources:

2
charts/access-manager/values.yaml
View File

@ -4,7 +4,7 @@
image:
repository: ckotzbauer/access-manager
tag: 0.2.0
tag: 0.3.0
pullPolicy: IfNotPresent
podAnnotations: {}