public_git
/
ckotzbauer_helm-charts
mirror of https://github.com/ckotzbauer/helm-charts.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

initial access-manager chart (#11) 

* initial access-manager chart

Signed-off-by: Christian Kotzbauer <christian.kotzbauer@gmail.com>

* remove blank line

Signed-off-by: Christian Kotzbauer <christian.kotzbauer@gmail.com>
This commit is contained in:
Christian Kotzbauer 2020-06-11 13:11:56 +02:00 committed by GitHub
parent e26ae0019b
commit a81a545856
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 390 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
charts/access-manager/.helmignore Normal file
View File

@ -0,0 +1,21 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

16
charts/access-manager/Chart.yaml Normal file
View File

@ -0,0 +1,16 @@
apiVersion: v1
description: Kubernetes-Operator to simplify RBAC configurations
name: access-manager
version: 0.1.0
appVersion: 0.1.0
home: https://github.com/ckotzbauer/access-manager
sources:
- https://github.com/ckotzbauer/access-manager
- https://github.com/ckotzbauer/helm-charts
keywords:
- kubernetes-operator
- operator
- rbac
maintainers:
- name: ckotzbauer
email: christian.kotzbauer@gmail.com

69
charts/access-manager/README.md Normal file
View File

@ -0,0 +1,69 @@
# Access-Manager
Kubernetes-Operator to simplify RBAC configurations.
Learn more: [https://github.com/ckotzbauer/access-manager](https://github.com/ckotzbauer/access-manager)
## TL;DR;
```bash
$ helm install ckotzbauer/access-manager
```
## Prerequisites
- Kubernetes 1.9+
## Installing the Chart
To install the chart with the release name `my-release`:
```bash
$ helm install --name my-release ckotzbauer/access-manager
```
The command deploys the access-manager operator on the Kubernetes cluster using the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
## Uninstalling the Chart
To uninstall/delete the `my-release` deployment:
```bash
$ helm delete my-release
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Configuration
The following table lists the configurable parameters of the Prometheus MSTeams chart and their default values.
| Parameter | Description | Default |
| -------------------------------------- | ------------------------------------------------- | ----------------------------- |
| `image.repository` | container image repository | `ckotzbauer/access-manager` |
| `image.tag` | container image tag | `0.1.0` |
| `image.pullPolicy` | container image pull policy | `IfNotPresent` |
| `nodeSelector` | node labels for pod assignment | `{}` |
| `tolerations` | node tolerations for pod assignment | `[]` |
| `affinity` | node affinity for pod assignment | `{}` |
| `podAnnotations` | annotations to add to each pod | `{}` |
| `resources` | pod resource requests & limits | See [values.yaml](values.yaml)|
| `securityContext` | container securityContext | See [values.yaml](values.yaml)|
| `serviceAccount.create` | Should we create a ServiceAccount | `true` |
| `serviceAccount.name` | Name of the ServiceAccount to use | null |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```bash
$ helm install --name my-release \
--set key_1=value_1,key_2=value_2 \
ckotzbauer/access-manager
```
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```bash
# example for staging
$ helm install --name my-release -f values.yaml ckotzbauer/access-manager
```
> **Tip**: You can use the default [values.yaml](values.yaml)

111
charts/access-manager/crds/rbacdefinitions.yaml Normal file
View File

@ -0,0 +1,111 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: rbacdefinitions.access-manager.io
spec:
group: access-manager.io
names:
kind: RbacDefinition
listKind: RbacDefinitionList
plural: rbacdefinitions
singular: rbacdefinition
scope: Cluster
versions:
- name: v1beta1
schema:
openAPIV3Schema:
description: RbacDefinition is the Schema for the rbacdefinitions API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: RbacDefinitionSpec defines the desired state of RbacDefinition
type: object
properties:
paused:
type: boolean
namespaced:
description: Defines the desired state of RoleBindings
type: array
items:
type: object
properties:
namespace:
type: object
properties:
name:
type: string
namespaceSelector:
type: object
properties:
matchLabels:
type: object
x-kubernetes-preserve-unknown-fields: true
matchExpressions:
type: array
items:
type: object
x-kubernetes-preserve-unknown-fields: true
bindings:
type: array
items:
type: object
properties:
name:
type: string
roleName:
type: string
kind:
type: string
subjects:
type: array
items:
type: object
properties:
name:
type: string
kind:
type: string
namespace:
type: string
cluster:
description: Defines the desired state of ClusterRoleBindings
type: array
items:
type: object
properties:
name:
type: string
clusterRoleName:
type: string
subjects:
type: array
items:
type: object
properties:
name:
type: string
kind:
type: string
namespace:
type: string
status:
description: RbacDefinitionStatus defines the observed state of RbacDefinition
type: object
type: object
served: true
storage: true
subresources:
status: {}

6
charts/access-manager/templates/NOTES.txt Normal file
View File

@ -0,0 +1,6 @@
** Please be patient while the chart is being deployed **
To monitor the deployment, execute the following command:
kubectl get pods -l name={{ template "app.name" . }} --namespace {{ .Release.Namespace }} -w

43
charts/access-manager/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,43 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "app.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app.name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "app.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "app.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "app.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "app.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}

17
charts/access-manager/templates/clusterrolebinding.yaml Normal file
View File

@ -0,0 +1,17 @@
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ template "app.serviceAccountName" . }}
labels:
app: {{ template "app.name" . }}
chart: {{ template "app.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
subjects:
- kind: ServiceAccount
name: {{ template "app.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io

59
charts/access-manager/templates/deployment.yaml Normal file
View File

@ -0,0 +1,59 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "app.name" . }}
labels:
app: {{ template "app.name" . }}
chart: {{ template "app.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
replicas: 1
selector:
matchLabels:
app: {{ template "app.name" . }}
release: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ template "app.name" . }}
release: {{ .Release.Name }}
{{- if .Values.podAnnotations }}
annotations:
{{ toYaml .Values.podAnnotations | indent 8 }}
{{- end }}
spec:
serviceAccountName: {{ template "app.serviceAccountName" . }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- access-manager
env:
- name: WATCH_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: "access-manager"
securityContext:
{{ toYaml .Values.securityContext | indent 12 }}
resources:
{{ toYaml .Values.resources | indent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}

11
charts/access-manager/templates/serviceaccount.yaml Normal file
View File

@ -0,0 +1,11 @@
{{ if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: {{ template "app.name" . }}
chart: {{ template "app.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
name: {{ template "app.serviceAccountName" . }}
{{- end -}}

37
charts/access-manager/values.yaml Normal file
View File

@ -0,0 +1,37 @@
# Default values for access-manager.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
image:
repository: ckotzbauer/access-manager
tag: 0.1.0
pullPolicy: IfNotPresent
podAnnotations: {}
resources:
requests:
cpu: 10m
memory: 128Mi
limits:
cpu: 50m
memory: 128Mi
securityContext:
privileged: false
runAsUser: 1001
runAsNonRoot: false
serviceAccount:
# Specifies whether a ServiceAccount should be created
create: true
# The name of the ServiceAccount to use.
# If not set and create is true, a name is generated using the fullname template
name:
nodeSelector: {}
tolerations: []
affinity: {}