regenerated charts/hnc/templates

Signed-off-by: Zakhar Pecherichny <[email protected]>

charts/hnc/templates/hnc-admin-role.yaml → charts/hnc/templates/hnc-admin.yaml

@@ -3,11 +3,13 @@ kind: ClusterRole
 metadata:
   labels:
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
-  name: '{{ include "hnc.fullname" . }}-admin-role'
+  name: '{{ include "hnc.fullname" . }}-admin'
 rules:
   - apiGroups:
       - hnc.x-k8s.io
     resources:
-      - '*'
+      - hierarchicalresourcequotas
+      - subnamespaceanchors
+      - hierarchyconfigurations
     verbs:
       - '*'

charts/hnc/templates/hnc-controller-manager-ha.yaml

@@ -23,7 +23,10 @@ spec:
             {{- if .Values.hrq.enabled }}
             - --enable-hrq
             {{- end }}
-            {{- range $hncExcludeNamespace := .Values.hncExcludeNamespaces}}
+            {{- if $hncIncludeNamespacesRegex }}
+            - --included-namespace-regex={{ $hncIncludeNamespacesRegex }}
+            {{- end }}
+            {{- range $hncExcludeNamespace := .Values.hncExcludeNamespaces }}
             - --excluded-namespace={{ $hncExcludeNamespace }}
             {{- end }}
             - --webhook-server-port=9443

charts/hnc/templates/hnc-controller-manager.yaml

@@ -22,7 +22,10 @@ spec:
             {{- if .Values.hrq.enabled }}
             - --enable-hrq
             {{- end }}
-            {{- range $hncExcludeNamespace := .Values.hncExcludeNamespaces}}
+            {{- if $hncIncludeNamespacesRegex }}
+            - --included-namespace-regex={{ $hncIncludeNamespacesRegex }}
+            {{- end }}
+            {{- range $hncExcludeNamespace := .Values.hncExcludeNamespaces }}
             - --excluded-namespace={{ $hncExcludeNamespace }}
             {{- end }}
             {{- if .Values.ha.enabled }}

charts/hnc/templates/hnc-edit.yaml

@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-edit: "true"
+  name: '{{ include "hnc.fullname" . }}-edit'
+rules:
+  - apiGroups:
+      - hnc.x-k8s.io
+    resources:
+      - hierarchicalresourcequotas
+      - subnamespaceanchors
+    verbs:
+      - '*'

charts/hnc/templates/hnc-resourcelist-apiextension.yaml

@@ -0,0 +1,65 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: resourcelist-apiextension
+  name: {{ include "hnc.fullname" . }}-resourcelist-apiextension
+  namespace: {{ include "hnc.namespace" . }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: resourcelist-apiextension
+  template:
+    metadata:
+      labels:
+        app: resourcelist-apiextension
+    spec:
+      containers:
+        - args:
+            {{- if .Values.hrq.enabled }}
+            - --enable-hrq
+            {{- end }}
+            {{- if $hncIncludeNamespacesRegex }}
+            - --included-namespace-regex={{ $hncIncludeNamespacesRegex }}
+            {{- end }}
+            {{- range $hncExcludeNamespace := .Values.hncExcludeNamespaces }}
+            - --excluded-namespace={{ $hncExcludeNamespace }}
+            {{- end }}
+            - --cert=/certs/tls.crt
+            - --key=/certs/tls.key
+          command:
+            - /apiextension
+          image: gcr.io/k8s-staging-multitenancy/hnc-manager:v1.1.0
+          {{- with .Values.imagePullPolicy }}
+          imagePullPolicy: IfNotPresent
+          {{- end }}
+          name: resourcelist
+          ports:
+            - containerPort: 7443
+              name: server
+              protocol: TCP
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /certs
+              name: certs
+      securityContext:
+        fsGroup: 2000
+        runAsNonRoot: true
+        runAsUser: 1000
+      volumes:
+        - name: certs
+          secret:
+            defaultMode: 420
+            secretName: hnc-resourcelist-apiextension
+      nodeSelector: {{- toYaml . | nindent 8}}
+      affinity: {{- toYaml . | nindent 8}}
+      tolerations: {{- toYaml . | nindent 8}}

charts/hnc/templates/hnc-resourcelist.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: resourcelist
+  name: '{{ include "hnc.fullname" . }}-resourcelist'
+  namespace: '{{ include "hnc.namespace" . }}'
+spec:
+  ports:
+    - port: 7443
+      protocol: TCP
+      targetPort: 7443
+  selector:
+    app: resourcelist

charts/hnc/templates/hnc-view.yaml

@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-view: "true"
+  name: '{{ include "hnc.fullname" . }}-view'
+rules:
+  - apiGroups:
+      - hnc.x-k8s.io
+    resources:
+      - '*'
+    verbs:
+      - get
+      - list
+      - watch

charts/hnc/templates/v1alpha2.resources.hnc.x-k8s.io.yaml

@@ -0,0 +1,13 @@
+apiVersion: apiregistration.k8s.io/v1
+kind: APIService
+metadata:
+  name: '{{ include "hnc.fullname" . }}-v1alpha2.resources.hnc.x-k8s.io'
+spec:
+  group: resources.hnc.x-k8s.io
+  groupPriorityMinimum: 10
+  service:
+    name: hnc-resourcelist
+    namespace: hnc-system
+    port: 7443
+  version: v1alpha2
+  versionPriority: 10