chore: apply update to helm chart

Author: Cho-D-YoungRae

helm/templates/certificate-and-webhook.yaml

@@ -6,10 +6,10 @@
 apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
 metadata:
-  name: resource-group-controller.ten1010.io
+  name: resource-group-controller.resource-group.ten1010.io
   namespace: {{ .Release.Namespace }}
 webhooks:
-  - name: resource-group-controller.ten1010.io
+  - name: resource-group-controller.resource-group.ten1010.io
     admissionReviewVersions: ["v1"]
     clientConfig:
       caBundle: {{ $ca.Cert | b64enc | quote }}
@@ -24,10 +24,20 @@ webhooks:
     objectSelector: {}
     reinvocationPolicy: IfNeeded
     rules:
-      - apiGroups:   [""]
-        apiVersions: ["v1"]
-        operations:  ["CREATE"]
-        resources:   ["pods"]
+      - apiGroups: [ "" ]
+        apiVersions: [ "v1" ]
+        operations: [ "CREATE" ]
+        resources: [ "pods", "replicationcontrollers" ]
+        scope: "*"
+      - apiGroups: [ "batch" ]
+        apiVersions: [ "v1" ]
+        operations: [ "CREATE" ]
+        resources: [ "cronjobs", "jobs" ]
+        scope: "*"
+      - apiGroups: [ "apps" ]
+        apiVersions: [ "v1" ]
+        operations: [ "CREATE" ]
+        resources: [ "daemonsets", "deployments", "replicasets", "statefulsets" ]
         scope: "*"
     sideEffects: None
     timeoutSeconds: 10

helm/templates/cluster-role.yaml

@@ -0,0 +1,78 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: resource-group-controller.resource-group.ten1010.io
+rules:
+  - apiGroups: [ "resource-group.ten1010.io" ]
+    resources: [ "resourcegroups" ]
+    verbs: [ "get", "watch", "list" ]
+  - apiGroups: [ "" ]
+    resources: [ "pods", "replicationcontrollers" ]
+    verbs: [ "get", "watch", "list", "update", "delete" ]
+  - apiGroups: [ "batch" ]
+    resources: [ "cronjobs", "jobs" ]
+    verbs: [ "get", "watch", "list", "update", "delete" ]
+  - apiGroups: [ "apps" ]
+    resources: [ "daemonsets", "deployments", "replicasets", "statefulsets" ]
+    verbs: [ "get", "watch", "list", "update", "delete" ]
+  - apiGroups: [ "" ]
+    resources: [ "nodes" ]
+    verbs: [ "get", "watch", "list", "update" ]
+  - apiGroups: [ "rbac.authorization.k8s.io" ]
+    resources: [ "roles" ]
+    verbs: [ "create", "get", "watch", "list", "update", "delete" ]
+  - apiGroups: [ "rbac.authorization.k8s.io" ]
+    resources: [ "rolebindings" ]
+    verbs: [ "create", "get", "watch", "list", "update", "delete" ]
+  - apiGroups: [ "rbac.authorization.k8s.io" ]
+    resources: [ "clusterroles" ]
+    verbs: [ "create", "get", "watch", "list", "update", "delete" ]
+  - apiGroups: [ "rbac.authorization.k8s.io" ]
+    resources: [ "clusterrolebindings" ]
+    verbs: [ "create", "get", "watch", "list", "update", "delete" ]
+  - apiGroups: [ "" ]
+    resources: [ "namespaces" ]
+    verbs: [ "get", "watch", "list" ]
+
+  ### Needed to reconcile resource group role ###
+  - apiGroups: [ "" ]
+    resources: [ "pods", "replicationcontrollers", "services", "configmaps", "secrets", "persistentvolumeclaims", "serviceaccounts", "limitranges", "events" ]
+    verbs: [ "*" ]
+  - apiGroups: [ "events.k8s.io" ]
+    resources: [ "events" ]
+    verbs: [ "*" ]
+  - apiGroups: [ "batch" ]
+    resources: [ "cronjobs", "jobs" ]
+    verbs: [ "*" ]
+  - apiGroups: [ "apps" ]
+    resources: [ "daemonsets", "deployments", "replicasets", "statefulsets" ]
+    verbs: [ "*" ]
+  - apiGroups: [ "autoscaling" ]
+    resources: [ "horizontalpodautoscalers" ]
+    verbs: [ "*" ]
+  - apiGroups: [ "policy" ]
+    resources: [ "poddisruptionbudgets" ]
+    verbs: [ "*" ]
+  - apiGroups: [ "ten1010.io" ]
+    resources: [ "resourcegroups" ]
+    verbs: [ "get" ]
+  - apiGroups: [ "" ]
+    resources: [ "nodes" ]
+    verbs: [ "get" ]
+  - apiGroups: [ "" ]
+    resources: [ "namespaces" ]
+    verbs: [ "get" ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: resource-group-controller.resource-group.ten1010.io
+subjects:
+  - kind: ServiceAccount
+    namespace: {{ .Release.Namespace }}
+    name: resource-group-controller
+roleRef:
+  kind: ClusterRole
+  name: resource-group-controller.resource-group.ten1010.io
+  apiGroup: rbac.authorization.k8s.io
+---

helm/templates/crd.yaml

@@ -1,18 +1,18 @@
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
-  name: resourcegroups.ten1010.io
+  name: resourcegroups.resource-group.ten1010.io
 spec:
   scope: Cluster
   names:
     kind: ResourceGroup
     plural: resourcegroups
     singular: resourcegroup
     shortNames:
-      - rgrp
-  group: ten1010.io
+      - rgroup
+  group: resource-group.ten1010.io
   versions:
-    - name: v1
+    - name: v1beta1
       served: true
       storage: true
       additionalPrinterColumns:
@@ -22,12 +22,6 @@ spec:
         - name: NAMESPACES
           type: string
           jsonPath: .spec.namespaces
-        - name: EXCEPTIONS.DAEMONSETS
-          type: string
-          jsonPath: .spec.exceptions.daemonSets
-        - name: SUBJECTS
-          type: string
-          jsonPath: .spec.subjects
       subresources:
         status: {}
       schema:
@@ -52,7 +46,7 @@ spec:
                   items:
                     type: string
                   default: []
-                exceptions:
+                daemonSet:
                   type: object
                   properties:
                     daemonSets:
@@ -68,7 +62,8 @@ spec:
                           name:
                             type: string
                       default: []
-                  default: {}
+                  default:
+                    daemonSets: []
                 subjects:
                   type: array
                   items: