regenerated charts/hnc/templates

Signed-off-by: Zakhar Pecherichny <[email protected]>

Author: zfrhv

charts/hnc/templates/hnc-admin-role.yaml renamed to charts/hnc/templates/hnc-admin.yaml

@@ -3,11 +3,13 @@ kind: ClusterRole
 metadata:
   labels:
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
-  name: '{{ include "hnc.fullname" . }}-admin-role'
+  name: '{{ include "hnc.fullname" . }}-admin'
 rules:
   - apiGroups:
       - hnc.x-k8s.io
     resources:
-      - '*'
+      - hierarchicalresourcequotas
+      - subnamespaceanchors
+      - hierarchyconfigurations
     verbs:
       - '*'

charts/hnc/templates/hnc-controller-manager-ha.yaml

@@ -23,6 +23,9 @@ spec:
             {{- if .Values.hrq.enabled }}
             - --enable-hrq
             {{- end }}
+            {{- if $hncIncludeNamespacesRegex}}
+            - --included-namespace-regex={{ $hncIncludeNamespacesRegex }}
+            {{- end }}
             {{- range $hncExcludeNamespace := .Values.hncExcludeNamespaces}}
             - --excluded-namespace={{ $hncExcludeNamespace }}
             {{- end }}

charts/hnc/templates/hnc-controller-manager.yaml

@@ -22,6 +22,9 @@ spec:
             {{- if .Values.hrq.enabled }}
             - --enable-hrq
             {{- end }}
+            {{- if $hncIncludeNamespacesRegex}}
+            - --included-namespace-regex={{ $hncIncludeNamespacesRegex }}
+            {{- end }}
             {{- range $hncExcludeNamespace := .Values.hncExcludeNamespaces}}
             - --excluded-namespace={{ $hncExcludeNamespace }}
             {{- end }}

charts/hnc/templates/hnc-edit.yaml

@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-edit: "true"
+  name: '{{ include "hnc.fullname" . }}-edit'
+rules:
+  - apiGroups:
+      - hnc.x-k8s.io
+    resources:
+      - hierarchicalresourcequotas
+      - subnamespaceanchors
+    verbs:
+      - '*'

charts/hnc/templates/hnc-resourcelist-apiextension.yaml

@@ -0,0 +1,65 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: resourcelist-apiextension
+  name: {{ include "hnc.fullname" . }}-resourcelist-apiextension
+  namespace: {{ include "hnc.namespace" . }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: resourcelist-apiextension
+  template:
+    metadata:
+      labels:
+        app: resourcelist-apiextension
+    spec:
+      containers:
+        - args:
+            {{- if .Values.hrq.enabled }}
+            - --enable-hrq
+            {{- end }}
+            {{- if $hncIncludeNamespacesRegex}}
+            - --included-namespace-regex={{ $hncIncludeNamespacesRegex }}
+            {{- end }}
+            {{- range $hncExcludeNamespace := .Values.hncExcludeNamespaces}}
+            - --excluded-namespace={{ $hncExcludeNamespace }}
+            {{- end }}
+            - --cert=/certs/tls.crt
+            - --key=/certs/tls.key
+          command:
+            - /apiextension
+          image: hnc-manager:latest
+          {{- with .Values.imagePullPolicy }}
+          imagePullPolicy: IfNotPresent
+          {{- end }}
+          name: resourcelist
+          ports:
+            - containerPort: 7443
+              name: server
+              protocol: TCP
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /certs
+              name: certs
+      securityContext:
+        fsGroup: 2000
+        runAsNonRoot: true
+        runAsUser: 1000
+      volumes:
+        - name: certs
+          secret:
+            defaultMode: 420
+            secretName: hnc-resourcelist-apiextension
+      nodeSelector: {{- toYaml . | nindent 8}}
+      affinity: {{- toYaml . | nindent 8}}
+      tolerations: {{- toYaml . | nindent 8}}

charts/hnc/templates/hnc-resourcelist.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: resourcelist
+  name: '{{ include "hnc.fullname" . }}-resourcelist'
+  namespace: '{{ include "hnc.namespace" . }}'
+spec:
+  ports:
+    - port: 7443
+      protocol: TCP
+      targetPort: 7443
+  selector:
+    app: resourcelist

charts/hnc/templates/hnc-view.yaml

@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-view: "true"
+  name: '{{ include "hnc.fullname" . }}-view'
+rules:
+  - apiGroups:
+      - hnc.x-k8s.io
+    resources:
+      - '*'
+    verbs:
+      - get
+      - list
+      - watch

charts/hnc/templates/v1alpha2.resources.hnc.x-k8s.io.yaml

@@ -0,0 +1,13 @@
+apiVersion: apiregistration.k8s.io/v1
+kind: APIService
+metadata:
+  name: '{{ include "hnc.fullname" . }}-v1alpha2.resources.hnc.x-k8s.io'
+spec:
+  group: resources.hnc.x-k8s.io
+  groupPriorityMinimum: 10
+  service:
+    name: hnc-resourcelist
+    namespace: hnc-system
+    port: 7443
+  version: v1alpha2
+  versionPriority: 10

charts/hnc/values.yaml

@@ -1,6 +1,6 @@
 image:
-  repository: gcr.io/k8s-staging-multitenancy/hnc-manager
-  tag: v1.1.0
+  repository: /hnc-manager
+  tag: latest
   imagePullPolicy: {}
 # Regex of namespaces for HNC to manage
 # example include everything except openshift.*