public_git
/
ckotzbauer_helm-charts
mirror of https://github.com/ckotzbauer/helm-charts.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'master' of github.com:ckotzbauer/helm-charts

This commit is contained in:
Christian Kotzbauer 2020-09-11 16:35:52 +02:00
parent 39cbf0a78d 1ec23dc5cd
commit 39e02adb2d
5 changed files with 161 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
charts/access-manager/Chart.yaml
View File

@ -1,8 +1,8 @@
apiVersion: v1 apiVersion: v1
description: Kubernetes-Operator to simplify RBAC configurations description: Kubernetes-Operator to simplify RBAC configurations
name: access-manager name: access-manager
version: 0.2.0 version: 0.3.0
appVersion: 0.2.0 appVersion: 0.3.0
home: https://github.com/ckotzbauer/access-manager home: https://github.com/ckotzbauer/access-manager
sources: sources:
- https://github.com/ckotzbauer/access-manager - https://github.com/ckotzbauer/access-manager

5
charts/access-manager/README.md
View File

@ -12,7 +12,8 @@ $ helm install ckotzbauer/access-manager
## Prerequisites ## Prerequisites
- Kubernetes 1.9+ - Kubernetes 1.9+ (Helm chart)
- Kubernetes 1.16+ (Operator)
## Installing the Chart ## Installing the Chart
@ -40,7 +41,7 @@ The following table lists the configurable parameters of the Access-Manager char
| Parameter | Description | Default | | Parameter | Description | Default |
| -------------------------------------- | ------------------------------------------------- | ----------------------------- | | -------------------------------------- | ------------------------------------------------- | ----------------------------- |
| `image.repository` | container image repository | `ckotzbauer/access-manager` | | `image.repository` | container image repository | `ckotzbauer/access-manager` |
| `image.tag` | container image tag | `0.2.0` | | `image.tag` | container image tag | `0.3.0` |
| `image.pullPolicy` | container image pull policy | `IfNotPresent` | | `image.pullPolicy` | container image pull policy | `IfNotPresent` |
| `nodeSelector` | node labels for pod assignment | `{}` | | `nodeSelector` | node labels for pod assignment | `{}` |
| `tolerations` | node tolerations for pod assignment | `[]` | | `tolerations` | node tolerations for pod assignment | `[]` |

205
charts/access-manager/crds/rbacdefinitions.yaml
View File

@ -1,6 +1,11 @@
---
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.0
creationTimestamp: null
name: rbacdefinitions.access-manager.io name: rbacdefinitions.access-manager.io
spec: spec:
group: access-manager.io group: access-manager.io
@ -30,77 +35,167 @@ spec:
type: object type: object
spec: spec:
description: RbacDefinitionSpec defines the desired state of RbacDefinition description: RbacDefinitionSpec defines the desired state of RbacDefinition
type: object
properties: properties:
paused: cluster:
type: boolean
namespaced:
description: Defines the desired state of RoleBindings
type: array
items: items:
type: object
properties: properties:
namespace: clusterRoleName:
type: object type: string
properties: name:
name: type: string
type: string subjects:
namespaceSelector:
type: object
properties:
matchLabels:
type: object
x-kubernetes-preserve-unknown-fields: true
matchExpressions:
type: array
items:
type: object
x-kubernetes-preserve-unknown-fields: true
bindings:
type: array
items: items:
type: object description: Subject contains a reference to the object or
user identities a role binding applies to. This can either
hold a direct API object reference, or a value for non-objects
such as user and group names.
properties: properties:
apiGroup:
description: APIGroup holds the API group of the referenced
subject. Defaults to "" for ServiceAccount subjects.
Defaults to "rbac.authorization.k8s.io" for User and
Group subjects.
type: string
kind:
description: Kind of object being referenced. Values defined
by this API group are "User", "Group", and "ServiceAccount".
If the Authorizer does not recognized the kind value,
the Authorizer should report an error.
type: string
name:
description: Name of the object being referenced.
type: string
namespace:
description: Namespace of the referenced object. If the
object kind is non-namespace, such as "User" or "Group",
and this value is not empty the Authorizer should report
an error.
type: string
required:
- kind
- name
type: object
type: array
required:
- clusterRoleName
- name
- subjects
type: object
type: array
namespaced:
items:
properties:
bindings:
items:
properties:
kind:
type: string
name: name:
type: string type: string
roleName: roleName:
type: string type: string
kind:
type: string
subjects: subjects:
type: array
items: items:
type: object description: Subject contains a reference to the object
or user identities a role binding applies to. This
can either hold a direct API object reference, or
a value for non-objects such as user and group names.
properties: properties:
name: apiGroup:
description: APIGroup holds the API group of the
referenced subject. Defaults to "" for ServiceAccount
subjects. Defaults to "rbac.authorization.k8s.io"
for User and Group subjects.
type: string type: string
kind: kind:
description: Kind of object being referenced. Values
defined by this API group are "User", "Group",
and "ServiceAccount". If the Authorizer does not
recognized the kind value, the Authorizer should
report an error.
type: string
name:
description: Name of the object being referenced.
type: string type: string
namespace: namespace:
description: Namespace of the referenced object. If
the object kind is non-namespace, such as "User"
or "Group", and this value is not empty the Authorizer
should report an error.
type: string type: string
required:
cluster: - kind
description: Defines the desired state of ClusterRoleBindings - name
type: array type: object
items: type: array
type: object required:
properties: - kind
name: - name
type: string - roleName
clusterRoleName: - subjects
type: string
subjects:
type: array
items:
type: object type: object
properties: type: array
name: namespace:
properties:
name:
type: string
required:
- name
type: object
namespaceSelector:
description: A label selector is a label query over a set of
resources. The result of matchLabels and matchExpressions
are ANDed. An empty label selector matches all objects. A
null label selector matches no objects.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or
DoesNotExist, the values array must be empty. This
array is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string type: string
kind: description: matchLabels is a map of {key,value} pairs.
type: string A single {key,value} in the matchLabels map is equivalent
namespace: to an element of matchExpressions, whose key field is
type: string "key", the operator is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
required:
- bindings
type: object
type: array
paused:
type: boolean
type: object
status: status:
description: RbacDefinitionStatus defines the observed state of RbacDefinition description: RbacDefinitionStatus defines the observed state of RbacDefinition
type: object type: object
@ -109,3 +204,9 @@ spec:
storage: true storage: true
subresources: subresources:
status: {} status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

15
charts/access-manager/templates/deployment.yaml
View File

@ -28,19 +28,8 @@ spec:
- name: {{ .Chart.Name }} - name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }} imagePullPolicy: {{ .Values.image.pullPolicy }}
command: args:
- access-manager - --enable-leader-election
env:
- name: WATCH_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: "access-manager"
securityContext: securityContext:
{{ toYaml .Values.securityContext | indent 12 }} {{ toYaml .Values.securityContext | indent 12 }}
resources: resources:

2
charts/access-manager/values.yaml
View File

@ -4,7 +4,7 @@
image: image:
repository: ckotzbauer/access-manager repository: ckotzbauer/access-manager
tag: 0.2.0 tag: 0.3.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
podAnnotations: {} podAnnotations: {}