diff --git a/cmd/main.go b/cmd/main.go index 64a25502cd7..f0e35e16663 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -30,6 +30,7 @@ import ( deployimagev1alpha1 "sigs.k8s.io/kubebuilder/v4/pkg/plugins/golang/deploy-image/v1alpha1" golangv4 "sigs.k8s.io/kubebuilder/v4/pkg/plugins/golang/v4" grafanav1alpha1 "sigs.k8s.io/kubebuilder/v4/pkg/plugins/optional/grafana/v1alpha" + helmv1alpha1 "sigs.k8s.io/kubebuilder/v4/pkg/plugins/optional/helm/v1alpha" ) func init() { @@ -61,6 +62,7 @@ func main() { &kustomizecommonv2.Plugin{}, &deployimagev1alpha1.Plugin{}, &grafanav1alpha1.Plugin{}, + &helmv1alpha1.Plugin{}, ), cli.WithPlugins(externalPlugins...), cli.WithDefaultPlugins(cfgv3.Version, gov4Bundle), diff --git a/pkg/plugins/optional/helm/v1alpha/commons.go b/pkg/plugins/optional/helm/v1alpha/commons.go new file mode 100644 index 00000000000..a6cb521d442 --- /dev/null +++ b/pkg/plugins/optional/helm/v1alpha/commons.go @@ -0,0 +1,40 @@ +/* +Copyright 2024 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha + +import ( + "errors" + + "sigs.k8s.io/kubebuilder/v4/pkg/config" +) + +func InsertPluginMetaToConfig(target config.Config, cfg pluginConfig) error { + err := target.DecodePluginConfig(pluginKey, cfg) + if !errors.As(err, &config.UnsupportedFieldError{}) { + + if err != nil && !errors.As(err, &config.PluginKeyNotFoundError{}) { + return err + } + + if err = target.EncodePluginConfig(pluginKey, cfg); err != nil { + return err + } + + } + + return nil +} diff --git a/pkg/plugins/optional/helm/v1alpha/edit.go b/pkg/plugins/optional/helm/v1alpha/edit.go new file mode 100644 index 00000000000..b2cf75484d5 --- /dev/null +++ b/pkg/plugins/optional/helm/v1alpha/edit.go @@ -0,0 +1,68 @@ +/* +Copyright 2024 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha + +import ( + "fmt" + + "github.com/spf13/pflag" + "sigs.k8s.io/kubebuilder/v4/pkg/config" + "sigs.k8s.io/kubebuilder/v4/pkg/machinery" + "sigs.k8s.io/kubebuilder/v4/pkg/plugin" + "sigs.k8s.io/kubebuilder/v4/pkg/plugins/optional/helm/v1alpha/scaffolds" +) + +var _ plugin.EditSubcommand = &editSubcommand{} + +type editSubcommand struct { + config config.Config + force bool +} + +func (p *editSubcommand) UpdateMetadata(cliMeta plugin.CLIMetadata, subcmdMeta *plugin.SubcommandMetadata) { + subcmdMeta.Description = `Initialize a helm chart to distribute the project under dist/ +` + subcmdMeta.Examples = fmt.Sprintf(` # Initialize a helm chart to distribute the project under dist/ + %[1]s edit --plugins helm/v1alpha + +`, cliMeta.CommandName) +} + +func (p *editSubcommand) BindFlags(fs *pflag.FlagSet) { + fs.BoolVar(&p.force, "force", true, "if true, run re-generate the files") +} + +func (p *editSubcommand) InjectConfig(c config.Config) error { + p.config = c + return nil +} + +func (p *editSubcommand) Scaffold(fs machinery.Filesystem) error { + scaffolder := scaffolds.NewInitScaffolder() + scaffolder.InjectFS(fs) + err := scaffolder.Scaffold() + if err != nil { + return err + } + + // Track the resources following a declarative approach + if err := InsertPluginMetaToConfig(p.config, pluginConfig{}); err != nil { + return err + } + + return nil +} diff --git a/pkg/plugins/optional/helm/v1alpha/init.go b/pkg/plugins/optional/helm/v1alpha/init.go new file mode 100644 index 00000000000..0ab0b6b70a7 --- /dev/null +++ b/pkg/plugins/optional/helm/v1alpha/init.go @@ -0,0 +1,62 @@ +/* +Copyright 2024 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha + +import ( + "fmt" + + "sigs.k8s.io/kubebuilder/v4/pkg/config" + "sigs.k8s.io/kubebuilder/v4/pkg/machinery" + "sigs.k8s.io/kubebuilder/v4/pkg/plugin" + "sigs.k8s.io/kubebuilder/v4/pkg/plugins/optional/grafana/v1alpha/scaffolds" +) + +var _ plugin.InitSubcommand = &initSubcommand{} + +type initSubcommand struct { + config config.Config +} + +func (p *initSubcommand) UpdateMetadata(cliMeta plugin.CLIMetadata, subcmdMeta *plugin.SubcommandMetadata) { + subcmdMeta.Description = `Initialize a helm chart to distribute the project under dist/ +` + subcmdMeta.Examples = fmt.Sprintf(` # Initialize a helm chart to distribute the project under dist/ + %[1]s init --plugins helm/v1alpha + +`, cliMeta.CommandName) +} + +func (p *initSubcommand) InjectConfig(c config.Config) error { + p.config = c + return nil +} + +func (p *initSubcommand) Scaffold(fs machinery.Filesystem) error { + scaffolder := scaffolds.NewInitScaffolder() + scaffolder.InjectFS(fs) + err := scaffolder.Scaffold() + if err != nil { + return err + } + + // Track the resources following a declarative approach + if err := InsertPluginMetaToConfig(p.config, pluginConfig{}); err != nil { + return err + } + + return nil +} diff --git a/pkg/plugins/optional/helm/v1alpha/plugin.go b/pkg/plugins/optional/helm/v1alpha/plugin.go new file mode 100644 index 00000000000..e43dd41316a --- /dev/null +++ b/pkg/plugins/optional/helm/v1alpha/plugin.go @@ -0,0 +1,64 @@ +/* +Copyright 2024 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha + +import ( + "sigs.k8s.io/kubebuilder/v4/pkg/config" + cfgv3 "sigs.k8s.io/kubebuilder/v4/pkg/config/v3" + "sigs.k8s.io/kubebuilder/v4/pkg/model/stage" + "sigs.k8s.io/kubebuilder/v4/pkg/plugin" + "sigs.k8s.io/kubebuilder/v4/pkg/plugins" +) + +const pluginName = "helm." + plugins.DefaultNameQualifier + +var ( + pluginVersion = plugin.Version{Number: 1, Stage: stage.Alpha} + supportedProjectVersions = []config.Version{cfgv3.Version} + pluginKey = plugin.KeyFor(Plugin{}) +) + +// Plugin implements the plugin.Full interface +type Plugin struct { + initSubcommand + editSubcommand +} + +var ( + _ plugin.Init = Plugin{} +) + +// Name returns the name of the plugin +func (Plugin) Name() string { return pluginName } + +// Version returns the version of the grafana plugin +func (Plugin) Version() plugin.Version { return pluginVersion } + +// SupportedProjectVersions returns an array with all project versions supported by the plugin +func (Plugin) SupportedProjectVersions() []config.Version { return supportedProjectVersions } + +// GetInitSubcommand will return the subcommand which is responsible for initializing and scaffolding grafana manifests +func (p Plugin) GetInitSubcommand() plugin.InitSubcommand { return &p.initSubcommand } + +// GetEditSubcommand will return the subcommand which is responsible for adding grafana manifests +func (p Plugin) GetEditSubcommand() plugin.EditSubcommand { return &p.editSubcommand } + +type pluginConfig struct{} + +func (p Plugin) DeprecationWarning() string { + return "" +} diff --git a/pkg/plugins/optional/helm/v1alpha/scaffolds/init.go b/pkg/plugins/optional/helm/v1alpha/scaffolds/init.go new file mode 100644 index 00000000000..abfe38e9795 --- /dev/null +++ b/pkg/plugins/optional/helm/v1alpha/scaffolds/init.go @@ -0,0 +1,145 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package scaffolds + +import ( + "fmt" + "os" + "path/filepath" + "strings" + + log "github.com/sirupsen/logrus" + "sigs.k8s.io/kubebuilder/v4/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates" + + "sigs.k8s.io/kubebuilder/v4/pkg/machinery" + "sigs.k8s.io/kubebuilder/v4/pkg/plugins" +) + +var _ plugins.Scaffolder = &initScaffolder{} + +type initScaffolder struct { + fs machinery.Filesystem +} + +// NewInitScaffolder returns a new Scaffolder for project initialization operations +func NewInitScaffolder() plugins.Scaffolder { + return &initScaffolder{} +} + +// InjectFS implements cmdutil.Scaffolder +func (s *initScaffolder) InjectFS(fs machinery.Filesystem) { + s.fs = fs +} + +// Scaffold implements cmdutil.Scaffolder +func (s *initScaffolder) Scaffold() error { + log.Println("Generating Helm Chart to distribute project") + + scaffold := machinery.NewScaffold(s.fs) + + err := scaffold.Execute( + &templates.HelmChart{}, + &templates.HelmValues{}, + &templates.HelmIgnore{}, + ) + if err != nil { + return err + } + + // Copy all relevant files from config/ to chart/templates/ + err = copyConfigFiles() + if err != nil { + return err + } + return nil +} + +// Helper function to copy files from config/ to dist/chart/templates/ +func copyConfigFiles() error { + // Define the source directories and destination directories under dist/chart/templates + configDirs := []struct { + SrcDir string + DestDir string + SubDir string + }{ + {"config/rbac", "dist/chart/templates/rbac", "rbac"}, + {"config/manager", "dist/chart/templates/manager", "controllerManager"}, + {"config/webhook", "dist/chart/templates/webhook", "webhook"}, + {"config/crd/bases", "dist/chart/templates/crds", "crd"}, + {"config/prometheus", "dist/chart/templates/prometheus", "prometheus"}, + {"config/certmanager", "dist/chart/templates/certmanager", "certmanager"}, + {"config/network-policy", "dist/chart/templates/network-policy", "networkPolicy"}, + } + + // Copy all YAML files in each directory + for _, dir := range configDirs { + files, err := filepath.Glob(filepath.Join(dir.SrcDir, "*.yaml")) + if err != nil { + return err + } + + for _, srcFile := range files { + destFile := filepath.Join(dir.DestDir, filepath.Base(srcFile)) + err := copyFileWithHelmLogic(srcFile, destFile, dir.SubDir) + if err != nil { + return err + } + } + } + + return nil +} + +// copyFileWithHelmLogic reads the source file, wraps it with Helm logic, and writes it to the destination +func copyFileWithHelmLogic(srcFile, destFile, subDir string) error { + // Ensure the source file exists + if _, err := os.Stat(srcFile); os.IsNotExist(err) { + log.Printf("Source file does not exist: %s", srcFile) + return err + } + + // Read the source file + content, err := os.ReadFile(srcFile) + if err != nil { + log.Printf("Error reading source file: %s", srcFile) + return err + } + + // Skip irrelevant files like kustomization.yaml + if strings.HasSuffix(srcFile, "kustomization.yaml") || strings.HasSuffix(srcFile, "kustomizeconfig.yaml") { + log.Printf("Skipping irrelevant file: %s", srcFile) + return nil + } + + // Wrap the content with Helm conditional logic based on the subdirectory (e.g., "rbac", "manager") + wrappedContent := fmt.Sprintf("{{- if .Values.%s.create }}\n%s\n{{- end }}\n", subDir, string(content)) + + // Ensure the destination directory exists + if err := os.MkdirAll(filepath.Dir(destFile), os.ModePerm); err != nil { + return err + } + + // Write the wrapped content to the destination file + err = os.WriteFile(destFile, []byte(wrappedContent), os.ModePerm) + if err != nil { + log.Printf("Error writing destination file: %s", destFile) + return err + } + + log.Printf("Successfully copied %s to %s", srcFile, destFile) + return nil +} diff --git a/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates/chart.go b/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates/chart.go new file mode 100644 index 00000000000..134f870e34f --- /dev/null +++ b/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates/chart.go @@ -0,0 +1,63 @@ +/* +Copyright 2024 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package templates + +import ( + "path/filepath" + + "sigs.k8s.io/kubebuilder/v4/pkg/machinery" +) + +var _ machinery.Template = &HelmChart{} + +// Chart scaffolds a file that defines the Helm chart structure +type HelmChart struct { + machinery.TemplateMixin + machinery.ProjectNameMixin + + Force bool +} + +// SetTemplateDefaults implements file.Template +func (f *HelmChart) SetTemplateDefaults() error { + // Define the path where the Helm Chart.yaml will be created + if f.Path == "" { + f.Path = filepath.Join("dist", "chart", "Chart.yaml") + } + + // Use the chart template defined below + f.TemplateBody = helmChartTemplate + + // Define file handling action based on Force flag + if f.Force { + f.IfExistsAction = machinery.OverwriteFile + } else { + // If file exists (ex. because a Helm chart was already created), skip creation. + f.IfExistsAction = machinery.SkipFile + } + + return nil +} + +// Define the content for the Chart.yaml file +const helmChartTemplate = `apiVersion: v2 +name: {{ .ProjectName }} +description: A Helm chart to distribute the project {{ .ProjectName }} +type: application +version: 0.1.0 +appVersion: "0.1.0" +` diff --git a/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates/helmignore.go b/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates/helmignore.go new file mode 100644 index 00000000000..8ea99a38992 --- /dev/null +++ b/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates/helmignore.go @@ -0,0 +1,104 @@ +/* +Copyright 2024 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package templates + +import ( + "path/filepath" + + "sigs.k8s.io/kubebuilder/v4/pkg/machinery" +) + +var _ machinery.Template = &HelmIgnore{} + +// HelmIgnore scaffolds a file that defines the .helmignore for Helm packaging +type HelmIgnore struct { + machinery.TemplateMixin + + Force bool +} + +// SetTemplateDefaults implements file.Template +func (f *HelmIgnore) SetTemplateDefaults() error { + // Define the path where the .helmignore will be created + if f.Path == "" { + f.Path = filepath.Join("dist", "chart", ".helmignore") + } + + // Use the .helmignore template defined below + f.TemplateBody = helmIgnoreTemplate + + // Define file handling action based on Force flag + if f.Force { + f.IfExistsAction = machinery.OverwriteFile + } else { + // If file exists, skip creation. + f.IfExistsAction = machinery.SkipFile + } + + return nil +} + +// Define the content for the .helmignore file +const helmIgnoreTemplate = `# Patterns to ignore when building Helm packages. +# Supports shell glob matching, relative path matching, and negation. + +# Operating system files +.DS_Store + +# Version control directories +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ + +# Backup and temporary files +*.swp +*.swo +*.tmp +*.bak +*.orig +*~ + +# IDE and editor-related files +.idea/ +.vscode/ +*.tmproj +.project + +# Go-related files +*.exe +*.exe~ +*.dll +*.so +*.dylib +bin/* +Dockerfile.cross +*.test +*.out + +# Go workspace file +go.work + +# Ignore Kubernetes generated files (except vendored files) +!vendor/**/zz_generated.* + +# Helm chart artifacts in the dist/chart directory +dist/chart/*.tgz +` diff --git a/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates/values.go b/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates/values.go new file mode 100644 index 00000000000..8ff7f0e39f5 --- /dev/null +++ b/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates/values.go @@ -0,0 +1,90 @@ +/* +Copyright 2024 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package templates + +import ( + "path/filepath" + + "sigs.k8s.io/kubebuilder/v4/pkg/machinery" +) + +var _ machinery.Template = &HelmValues{} + +// Values scaffolds a file that defines the values.yaml structure for the Helm chart +type HelmValues struct { + machinery.TemplateMixin + machinery.ResourceMixin + + Force bool +} + +// SetTemplateDefaults implements file.Template +func (f *HelmValues) SetTemplateDefaults() error { + // Define the path where the values.yaml will be created + if f.Path == "" { + f.Path = filepath.Join("dist", "chart", "values.yaml") + } + + // Use the values.yaml template defined below + f.TemplateBody = helmValuesTemplate + + // Define file handling action based on Force flag + if f.Force { + f.IfExistsAction = machinery.OverwriteFile + } else { + // If file exists, skip creation. + f.IfExistsAction = machinery.SkipFile + } + + return nil +} + +// Define the content for the values.yaml file +const helmValuesTemplate = `# Default values for the Kubebuilder Helm chart + +# RBAC settings +# Set to false to skip creating RBAC resources (roles, bindings, service accounts) +rbac: + create: true + +# Controller Manager settings +# Set to false to skip creating the controller manager deployment +controllerManager: + create: true + +# Webhook service settings +webhook: + create: true + +# CRDs settings +# Set to false to skip creating CustomResourceDefinitions (CRDs) +crd: + create: true + +# Prometheus monitoring settings +# Set to false to skip creating Prometheus monitoring resources +prometheus: + create: true + +# CertManager settings for certificates +certmanager: + create: false + +# Network policies +networkPolicy: + create: false +` diff --git a/test/e2e/utils/test_context.go b/test/e2e/utils/test_context.go index 922e235aa29..fddd1782a67 100644 --- a/test/e2e/utils/test_context.go +++ b/test/e2e/utils/test_context.go @@ -331,3 +331,43 @@ func (t *TestContext) AllowProjectBeMultiGroup() error { } return nil } + +// InstallHelm installs Helm in the e2e server. +func (t *TestContext) InstallHelm() error { + // You can fetch the latest Helm installation script from its official website + helmInstallScript := "https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3" + + // Use curl to fetch the Helm installation script and install Helm + cmd := exec.Command("bash", "-c", fmt.Sprintf("curl -fsSL %s | bash", helmInstallScript)) + + // Run the command to install Helm + if output, err := cmd.CombinedOutput(); err != nil { + return fmt.Errorf("failed to install Helm: %s", string(output)) + } + + // Optionally verify that Helm was installed correctly by running `helm version` + verifyCmd := exec.Command("helm", "version") + if output, err := verifyCmd.CombinedOutput(); err != nil { + return fmt.Errorf("failed to verify Helm installation: %s", string(output)) + } + + return nil +} + +// UninstallHelmRelease removes the specified Helm release from the cluster. +func (t *TestContext) UninstallHelmRelease(releaseName, namespace string) error { + // Uninstall the Helm release + cmd := exec.Command("helm", "uninstall", releaseName, "--namespace", namespace) + + // Run the command to uninstall the Helm release + if output, err := cmd.CombinedOutput(); err != nil { + return fmt.Errorf("failed to uninstall Helm release %s: %s", releaseName, string(output)) + } + + // Optionally wait for the namespace to be cleaned up + if _, err := t.Kubectl.Wait(false, "namespace", namespace, "--for=delete", "--timeout=2m"); err != nil { + return fmt.Errorf("failed to wait for namespace deletion: %s", err) + } + + return nil +} diff --git a/test/e2e/v4/plugin_cluster_test.go b/test/e2e/v4/plugin_cluster_test.go index 8c47403369b..0431a144ced 100644 --- a/test/e2e/v4/plugin_cluster_test.go +++ b/test/e2e/v4/plugin_cluster_test.go @@ -69,39 +69,52 @@ var _ = Describe("kubebuilder", func() { It("should generate a runnable project", func() { kbc.IsRestricted = false GenerateV4(kbc) - Run(kbc, true, false, true, false) + Run(kbc, true, false, false, true, false) }) It("should generate a runnable project with the Installer", func() { kbc.IsRestricted = false GenerateV4(kbc) - Run(kbc, false, true, true, false) + Run(kbc, false, true, false, true, false) + }) + It("should generate a runnable project with the HelmChart", func() { + kbc.IsRestricted = false + GenerateV4(kbc) + + // Install Helm before running the tests + Expect(kbc.InstallHelm()).To(Succeed()) + + Run(kbc, false, false, true, true, false) + + // After test execution, uninstall the Helm release + Expect(kbc.UninstallHelmRelease("my-helm-release", "default")).To(Succeed()) }) It("should generate a runnable project without metrics exposed", func() { kbc.IsRestricted = false GenerateV4WithoutMetrics(kbc) - Run(kbc, true, false, false, false) + Run(kbc, true, false, false, false, false) }) It("should generate a runnable project with metrics protected by network policies", func() { kbc.IsRestricted = false GenerateV4WithNetworkPoliciesWithoutWebhooks(kbc) - Run(kbc, false, false, true, true) + Run(kbc, false, false, false, true, true) }) It("should generate a runnable project with webhooks and metrics protected by network policies", func() { kbc.IsRestricted = false GenerateV4WithNetworkPolicies(kbc) - Run(kbc, true, false, true, true) + Run(kbc, true, false, false, true, true) }) It("should generate a runnable project with the manager running "+ "as restricted and without webhooks", func() { kbc.IsRestricted = true GenerateV4WithoutWebhooks(kbc) - Run(kbc, false, false, true, false) + Run(kbc, false, false, false, true, false) }) }) }) // Run runs a set of e2e tests for a scaffolded project defined by a TestContext. -func Run(kbc *utils.TestContext, hasWebhook, isToUseInstaller, hasMetrics bool, hasNetworkPolicies bool) { +func Run(kbc *utils.TestContext, hasWebhook, isToUseInstaller, isToUseHelmChart, hasMetrics bool, + hasNetworkPolicies bool) { var controllerPodName string var err error var output []byte @@ -132,14 +145,14 @@ func Run(kbc *utils.TestContext, hasWebhook, isToUseInstaller, hasMetrics bool, err = kbc.LoadImageToKindCluster() ExpectWithOffset(1, err).NotTo(HaveOccurred()) - if !isToUseInstaller { + if !isToUseInstaller && !isToUseHelmChart { By("deploying the controller-manager") cmd := exec.Command("make", "deploy", "IMG="+kbc.ImageName) output, err = kbc.Run(cmd) ExpectWithOffset(1, err).NotTo(HaveOccurred()) } - if isToUseInstaller { + if isToUseInstaller && !isToUseHelmChart { By("building the installer") err = kbc.Make("build-installer", "IMG="+kbc.ImageName) ExpectWithOffset(1, err).NotTo(HaveOccurred()) @@ -149,6 +162,17 @@ func Run(kbc *utils.TestContext, hasWebhook, isToUseInstaller, hasMetrics bool, ExpectWithOffset(1, err).NotTo(HaveOccurred()) } + if isToUseHelmChart && !isToUseInstaller { + By("building the helm-chart") + cmd := exec.Command("kubebuilder", "edit", "plugins=helm.kubebuilder.io/v1-alpha") + _, err = kbc.Run(cmd) + ExpectWithOffset(1, err).NotTo(HaveOccurred()) + + By("install with Helm") + cmd = exec.Command("helm", "install", "my-release", "./dist/chart") + _, err = kbc.Run(cmd) + ExpectWithOffset(1, err).NotTo(HaveOccurred()) + } if kbc.IsRestricted { By("validating that manager Pod/container(s) are restricted") ExpectWithOffset(1, output).NotTo(ContainSubstring("Warning: would violate PodSecurity")) diff --git a/test/testdata/generate.sh b/test/testdata/generate.sh index f9d5d2f3d8d..71acc38a963 100755 --- a/test/testdata/generate.sh +++ b/test/testdata/generate.sh @@ -95,6 +95,12 @@ function scaffold_test_project { make all make build-installer + + if [[ $project =~ multigroup ]] || [[ $project =~ with-plugins ]] ; then + header_text 'Editing project with Helm plugin ...' + $kb edit --plugins=helm.kubebuilder.io/v1-alpha + fi + # To avoid conflicts rm -f go.sum go mod tidy diff --git a/testdata/project-v4-multigroup/PROJECT b/testdata/project-v4-multigroup/PROJECT index ab8ce10ec1e..56d8f2cd135 100644 --- a/testdata/project-v4-multigroup/PROJECT +++ b/testdata/project-v4-multigroup/PROJECT @@ -25,6 +25,7 @@ plugins: image: busybox:1.36.1 version: v1alpha1 grafana.kubebuilder.io/v1-alpha: {} + helm.kubebuilder.io/v1-alpha: {} projectName: project-v4-multigroup repo: sigs.k8s.io/kubebuilder/testdata/project-v4-multigroup resources: diff --git a/testdata/project-v4-multigroup/dist/chart/.helmignore b/testdata/project-v4-multigroup/dist/chart/.helmignore new file mode 100644 index 00000000000..23345134e6d --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/.helmignore @@ -0,0 +1,48 @@ +# Patterns to ignore when building Helm packages. +# Supports shell glob matching, relative path matching, and negation. + +# Operating system files +.DS_Store + +# Version control directories +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ + +# Backup and temporary files +*.swp +*.swo +*.tmp +*.bak +*.orig +*~ + +# IDE and editor-related files +.idea/ +.vscode/ +*.tmproj +.project + +# Go-related files +*.exe +*.exe~ +*.dll +*.so +*.dylib +bin/* +Dockerfile.cross +*.test +*.out + +# Go workspace file +go.work + +# Ignore Kubernetes generated files (except vendored files) +!vendor/**/zz_generated.* + +# Helm chart artifacts in the dist/chart directory +dist/chart/*.tgz diff --git a/testdata/project-v4-multigroup/dist/chart/Chart.yaml b/testdata/project-v4-multigroup/dist/chart/Chart.yaml new file mode 100644 index 00000000000..099230848df --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: +description: A Helm chart to distribute the project +type: application +version: 0.1.0 +appVersion: "0.1.0" diff --git a/testdata/project-v4-multigroup/dist/chart/templates/certmanager/certificate.yaml b/testdata/project-v4-multigroup/dist/chart/templates/certmanager/certificate.yaml new file mode 100755 index 00000000000..7bf7588eb92 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/certmanager/certificate.yaml @@ -0,0 +1,38 @@ +{{- if .Values.certmanager.create }} +# The following manifests contain a self-signed issuer CR and a certificate CR. +# More document can be found at https://docs.cert-manager.io +# WARNING: Targets CertManager v1.0. Check https://cert-manager.io/docs/installation/upgrading/ for breaking changes. +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + app.kubernetes.io/name: project-v4-multigroup + app.kubernetes.io/managed-by: kustomize + name: selfsigned-issuer + namespace: system +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + app.kubernetes.io/name: certificate + app.kubernetes.io/instance: serving-cert + app.kubernetes.io/component: certificate + app.kubernetes.io/created-by: project-v4-multigroup + app.kubernetes.io/part-of: project-v4-multigroup + app.kubernetes.io/managed-by: kustomize + name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml + namespace: system +spec: + # SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize + dnsNames: + - SERVICE_NAME.SERVICE_NAMESPACE.svc + - SERVICE_NAME.SERVICE_NAMESPACE.svc.cluster.local + issuerRef: + kind: Issuer + name: selfsigned-issuer + secretName: webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/crds/crew.testproject.org_captains.yaml b/testdata/project-v4-multigroup/dist/chart/templates/crds/crew.testproject.org_captains.yaml new file mode 100755 index 00000000000..287c95670af --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/crds/crew.testproject.org_captains.yaml @@ -0,0 +1,57 @@ +{{- if .Values.crd.create }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: captains.crew.testproject.org +spec: + group: crew.testproject.org + names: + kind: Captain + listKind: CaptainList + plural: captains + singular: captain + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Captain is the Schema for the captains API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: CaptainSpec defines the desired state of Captain. + properties: + foo: + description: Foo is an example field of Captain. Edit captain_types.go + to remove/update + type: string + type: object + status: + description: CaptainStatus defines the observed state of Captain. + type: object + type: object + served: true + storage: true + subresources: + status: {} + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/crds/example.com.testproject.org_busyboxes.yaml b/testdata/project-v4-multigroup/dist/chart/templates/crds/example.com.testproject.org_busyboxes.yaml new file mode 100755 index 00000000000..e03fe5a315a --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/crds/example.com.testproject.org_busyboxes.yaml @@ -0,0 +1,119 @@ +{{- if .Values.crd.create }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: busyboxes.example.com.testproject.org +spec: + group: example.com.testproject.org + names: + kind: Busybox + listKind: BusyboxList + plural: busyboxes + singular: busybox + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Busybox is the Schema for the busyboxes API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: BusyboxSpec defines the desired state of Busybox + properties: + size: + description: |- + Size defines the number of Busybox instances + The following markers will use OpenAPI v3 schema to validate the value + More info: https://book.kubebuilder.io/reference/markers/crd-validation.html + format: int32 + maximum: 3 + minimum: 1 + type: integer + type: object + status: + description: BusyboxStatus defines the observed state of Busybox + properties: + conditions: + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/crds/example.com.testproject.org_memcacheds.yaml b/testdata/project-v4-multigroup/dist/chart/templates/crds/example.com.testproject.org_memcacheds.yaml new file mode 100755 index 00000000000..7535c811d2c --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/crds/example.com.testproject.org_memcacheds.yaml @@ -0,0 +1,124 @@ +{{- if .Values.crd.create }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: memcacheds.example.com.testproject.org +spec: + group: example.com.testproject.org + names: + kind: Memcached + listKind: MemcachedList + plural: memcacheds + singular: memcached + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Memcached is the Schema for the memcacheds API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: MemcachedSpec defines the desired state of Memcached + properties: + containerPort: + description: Port defines the port that will be used to init the container + with the image + format: int32 + type: integer + size: + description: |- + Size defines the number of Memcached instances + The following markers will use OpenAPI v3 schema to validate the value + More info: https://book.kubebuilder.io/reference/markers/crd-validation.html + format: int32 + maximum: 3 + minimum: 1 + type: integer + type: object + status: + description: MemcachedStatus defines the observed state of Memcached + properties: + conditions: + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/crds/fiz.testproject.org_bars.yaml b/testdata/project-v4-multigroup/dist/chart/templates/crds/fiz.testproject.org_bars.yaml new file mode 100755 index 00000000000..b05a7284a6a --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/crds/fiz.testproject.org_bars.yaml @@ -0,0 +1,57 @@ +{{- if .Values.crd.create }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: bars.fiz.testproject.org +spec: + group: fiz.testproject.org + names: + kind: Bar + listKind: BarList + plural: bars + singular: bar + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Bar is the Schema for the bars API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: BarSpec defines the desired state of Bar. + properties: + foo: + description: Foo is an example field of Bar. Edit bar_types.go to + remove/update + type: string + type: object + status: + description: BarStatus defines the observed state of Bar. + type: object + type: object + served: true + storage: true + subresources: + status: {} + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/crds/foo.policy.testproject.org_healthcheckpolicies.yaml b/testdata/project-v4-multigroup/dist/chart/templates/crds/foo.policy.testproject.org_healthcheckpolicies.yaml new file mode 100755 index 00000000000..9ffa4d1e4b8 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/crds/foo.policy.testproject.org_healthcheckpolicies.yaml @@ -0,0 +1,57 @@ +{{- if .Values.crd.create }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: healthcheckpolicies.foo.policy.testproject.org +spec: + group: foo.policy.testproject.org + names: + kind: HealthCheckPolicy + listKind: HealthCheckPolicyList + plural: healthcheckpolicies + singular: healthcheckpolicy + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: HealthCheckPolicy is the Schema for the healthcheckpolicies API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: HealthCheckPolicySpec defines the desired state of HealthCheckPolicy. + properties: + foo: + description: Foo is an example field of HealthCheckPolicy. Edit healthcheckpolicy_types.go + to remove/update + type: string + type: object + status: + description: HealthCheckPolicyStatus defines the observed state of HealthCheckPolicy. + type: object + type: object + served: true + storage: true + subresources: + status: {} + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/crds/foo.testproject.org_bars.yaml b/testdata/project-v4-multigroup/dist/chart/templates/crds/foo.testproject.org_bars.yaml new file mode 100755 index 00000000000..060692dc3a0 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/crds/foo.testproject.org_bars.yaml @@ -0,0 +1,57 @@ +{{- if .Values.crd.create }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: bars.foo.testproject.org +spec: + group: foo.testproject.org + names: + kind: Bar + listKind: BarList + plural: bars + singular: bar + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Bar is the Schema for the bars API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: BarSpec defines the desired state of Bar. + properties: + foo: + description: Foo is an example field of Bar. Edit bar_types.go to + remove/update + type: string + type: object + status: + description: BarStatus defines the observed state of Bar. + type: object + type: object + served: true + storage: true + subresources: + status: {} + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/crds/sea-creatures.testproject.org_krakens.yaml b/testdata/project-v4-multigroup/dist/chart/templates/crds/sea-creatures.testproject.org_krakens.yaml new file mode 100755 index 00000000000..8a1db8c1e3e --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/crds/sea-creatures.testproject.org_krakens.yaml @@ -0,0 +1,57 @@ +{{- if .Values.crd.create }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: krakens.sea-creatures.testproject.org +spec: + group: sea-creatures.testproject.org + names: + kind: Kraken + listKind: KrakenList + plural: krakens + singular: kraken + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: Kraken is the Schema for the krakens API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: KrakenSpec defines the desired state of Kraken. + properties: + foo: + description: Foo is an example field of Kraken. Edit kraken_types.go + to remove/update + type: string + type: object + status: + description: KrakenStatus defines the observed state of Kraken. + type: object + type: object + served: true + storage: true + subresources: + status: {} + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/crds/sea-creatures.testproject.org_leviathans.yaml b/testdata/project-v4-multigroup/dist/chart/templates/crds/sea-creatures.testproject.org_leviathans.yaml new file mode 100755 index 00000000000..9a303706081 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/crds/sea-creatures.testproject.org_leviathans.yaml @@ -0,0 +1,57 @@ +{{- if .Values.crd.create }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: leviathans.sea-creatures.testproject.org +spec: + group: sea-creatures.testproject.org + names: + kind: Leviathan + listKind: LeviathanList + plural: leviathans + singular: leviathan + scope: Namespaced + versions: + - name: v1beta2 + schema: + openAPIV3Schema: + description: Leviathan is the Schema for the leviathans API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: LeviathanSpec defines the desired state of Leviathan. + properties: + foo: + description: Foo is an example field of Leviathan. Edit leviathan_types.go + to remove/update + type: string + type: object + status: + description: LeviathanStatus defines the observed state of Leviathan. + type: object + type: object + served: true + storage: true + subresources: + status: {} + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/crds/ship.testproject.org_cruisers.yaml b/testdata/project-v4-multigroup/dist/chart/templates/crds/ship.testproject.org_cruisers.yaml new file mode 100755 index 00000000000..8335eb45525 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/crds/ship.testproject.org_cruisers.yaml @@ -0,0 +1,57 @@ +{{- if .Values.crd.create }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: cruisers.ship.testproject.org +spec: + group: ship.testproject.org + names: + kind: Cruiser + listKind: CruiserList + plural: cruisers + singular: cruiser + scope: Cluster + versions: + - name: v2alpha1 + schema: + openAPIV3Schema: + description: Cruiser is the Schema for the cruisers API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: CruiserSpec defines the desired state of Cruiser. + properties: + foo: + description: Foo is an example field of Cruiser. Edit cruiser_types.go + to remove/update + type: string + type: object + status: + description: CruiserStatus defines the observed state of Cruiser. + type: object + type: object + served: true + storage: true + subresources: + status: {} + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/crds/ship.testproject.org_destroyers.yaml b/testdata/project-v4-multigroup/dist/chart/templates/crds/ship.testproject.org_destroyers.yaml new file mode 100755 index 00000000000..3657b7097cb --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/crds/ship.testproject.org_destroyers.yaml @@ -0,0 +1,57 @@ +{{- if .Values.crd.create }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: destroyers.ship.testproject.org +spec: + group: ship.testproject.org + names: + kind: Destroyer + listKind: DestroyerList + plural: destroyers + singular: destroyer + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Destroyer is the Schema for the destroyers API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DestroyerSpec defines the desired state of Destroyer. + properties: + foo: + description: Foo is an example field of Destroyer. Edit destroyer_types.go + to remove/update + type: string + type: object + status: + description: DestroyerStatus defines the observed state of Destroyer. + type: object + type: object + served: true + storage: true + subresources: + status: {} + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/crds/ship.testproject.org_frigates.yaml b/testdata/project-v4-multigroup/dist/chart/templates/crds/ship.testproject.org_frigates.yaml new file mode 100755 index 00000000000..e673e91a9ee --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/crds/ship.testproject.org_frigates.yaml @@ -0,0 +1,57 @@ +{{- if .Values.crd.create }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: frigates.ship.testproject.org +spec: + group: ship.testproject.org + names: + kind: Frigate + listKind: FrigateList + plural: frigates + singular: frigate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: Frigate is the Schema for the frigates API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: FrigateSpec defines the desired state of Frigate. + properties: + foo: + description: Foo is an example field of Frigate. Edit frigate_types.go + to remove/update + type: string + type: object + status: + description: FrigateStatus defines the observed state of Frigate. + type: object + type: object + served: true + storage: true + subresources: + status: {} + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/manager/manager.yaml b/testdata/project-v4-multigroup/dist/chart/templates/manager/manager.yaml new file mode 100755 index 00000000000..447f2380761 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/manager/manager.yaml @@ -0,0 +1,103 @@ +{{- if .Values.controllerManager.create }} +apiVersion: v1 +kind: Namespace +metadata: + labels: + control-plane: controller-manager + app.kubernetes.io/name: project-v4-multigroup + app.kubernetes.io/managed-by: kustomize + name: system +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system + labels: + control-plane: controller-manager + app.kubernetes.io/name: project-v4-multigroup + app.kubernetes.io/managed-by: kustomize +spec: + selector: + matchLabels: + control-plane: controller-manager + replicas: 1 + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + spec: + # TODO(user): Uncomment the following code to configure the nodeAffinity expression + # according to the platforms which are supported by your solution. + # It is considered best practice to support multiple architectures. You can + # build your manager image using the makefile target docker-buildx. + # affinity: + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/arch + # operator: In + # values: + # - amd64 + # - arm64 + # - ppc64le + # - s390x + # - key: kubernetes.io/os + # operator: In + # values: + # - linux + securityContext: + runAsNonRoot: true + # TODO(user): For common cases that do not require escalating privileges + # it is recommended to ensure that all your Pods/Containers are restrictive. + # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted + # Please uncomment the following code if your project does NOT have to work on old Kubernetes + # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ). + # seccompProfile: + # type: RuntimeDefault + containers: + - command: + - /manager + args: + - --leader-elect + - --health-probe-bind-address=:8081 + image: controller:latest + name: manager + env: + - name: BUSYBOX_IMAGE + value: busybox:1.36.1 + - name: MEMCACHED_IMAGE + value: memcached:memcached:1.6.26-alpine3.19 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + # TODO(user): Configure the resources accordingly based on the project requirements. + # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + serviceAccountName: controller-manager + terminationGracePeriodSeconds: 10 + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/network-policy/allow-metrics-traffic.yaml b/testdata/project-v4-multigroup/dist/chart/templates/network-policy/allow-metrics-traffic.yaml new file mode 100755 index 00000000000..720a77164c1 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/network-policy/allow-metrics-traffic.yaml @@ -0,0 +1,29 @@ +{{- if .Values.networkPolicy.create }} +# This NetworkPolicy allows ingress traffic +# with Pods running on namespaces labeled with 'metrics: enabled'. Only Pods on those +# namespaces are able to gathering data from the metrics endpoint. +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/name: project-v4-multigroup + app.kubernetes.io/managed-by: kustomize + name: allow-metrics-traffic + namespace: system +spec: + podSelector: + matchLabels: + control-plane: controller-manager + policyTypes: + - Ingress + ingress: + # This allows ingress traffic from any namespace with the label metrics: enabled + - from: + - namespaceSelector: + matchLabels: + metrics: enabled # Only from namespaces with this label + ports: + - port: 8443 + protocol: TCP + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/network-policy/allow-webhook-traffic.yaml b/testdata/project-v4-multigroup/dist/chart/templates/network-policy/allow-webhook-traffic.yaml new file mode 100755 index 00000000000..c1d44a92776 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/network-policy/allow-webhook-traffic.yaml @@ -0,0 +1,29 @@ +{{- if .Values.networkPolicy.create }} +# This NetworkPolicy allows ingress traffic to your webhook server running +# as part of the controller-manager from specific namespaces and pods. CR(s) which uses webhooks +# will only work when applied in namespaces labeled with 'webhook: enabled' +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/name: project-v4-multigroup + app.kubernetes.io/managed-by: kustomize + name: allow-webhook-traffic + namespace: system +spec: + podSelector: + matchLabels: + control-plane: controller-manager + policyTypes: + - Ingress + ingress: + # This allows ingress traffic from any namespace with the label webhook: enabled + - from: + - namespaceSelector: + matchLabels: + webhook: enabled # Only from namespaces with this label + ports: + - port: 443 + protocol: TCP + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/prometheus/monitor.yaml b/testdata/project-v4-multigroup/dist/chart/templates/prometheus/monitor.yaml new file mode 100755 index 00000000000..047fd6930ec --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/prometheus/monitor.yaml @@ -0,0 +1,33 @@ +{{- if .Values.prometheus.create }} +# Prometheus Monitor Service (Metrics) +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + control-plane: controller-manager + app.kubernetes.io/name: project-v4-multigroup + app.kubernetes.io/managed-by: kustomize + name: controller-manager-metrics-monitor + namespace: system +spec: + endpoints: + - path: /metrics + port: https # Ensure this is the name of the port that exposes HTTPS metrics + scheme: https + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + tlsConfig: + # TODO(user): The option insecureSkipVerify: true is not recommended for production since it disables + # certificate verification. This poses a significant security risk by making the system vulnerable to + # man-in-the-middle attacks, where an attacker could intercept and manipulate the communication between + # Prometheus and the monitored services. This could lead to unauthorized access to sensitive metrics data, + # compromising the integrity and confidentiality of the information. + # Please use the following options for secure configurations: + # caFile: /etc/metrics-certs/ca.crt + # certFile: /etc/metrics-certs/tls.crt + # keyFile: /etc/metrics-certs/tls.key + insecureSkipVerify: true + selector: + matchLabels: + control-plane: controller-manager + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/crew_captain_editor_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/crew_captain_editor_role.yaml new file mode 100755 index 00000000000..bd9daf22e0a --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/crew_captain_editor_role.yaml @@ -0,0 +1,30 @@ +{{- if .Values.rbac.create }} +# permissions for end users to edit captains. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: project-v4-multigroup + app.kubernetes.io/managed-by: kustomize + name: crew-captain-editor-role +rules: +- apiGroups: + - crew.testproject.org + resources: + - captains + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - crew.testproject.org + resources: + - captains/status + verbs: + - get + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/crew_captain_viewer_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/crew_captain_viewer_role.yaml new file mode 100755 index 00000000000..c2d03dc8fa1 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/crew_captain_viewer_role.yaml @@ -0,0 +1,26 @@ +{{- if .Values.rbac.create }} +# permissions for end users to view captains. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: project-v4-multigroup + app.kubernetes.io/managed-by: kustomize + name: crew-captain-viewer-role +rules: +- apiGroups: + - crew.testproject.org + resources: + - captains + verbs: + - get + - list + - watch +- apiGroups: + - crew.testproject.org + resources: + - captains/status + verbs: + - get + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/example.com_busybox_editor_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/example.com_busybox_editor_role.yaml new file mode 100755 index 00000000000..da49ec9611d --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/example.com_busybox_editor_role.yaml @@ -0,0 +1,30 @@ +{{- if .Values.rbac.create }} +# permissions for end users to edit busyboxes. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: project-v4-multigroup + app.kubernetes.io/managed-by: kustomize + name: example.com-busybox-editor-role +rules: +- apiGroups: + - example.com.testproject.org + resources: + - busyboxes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - example.com.testproject.org + resources: + - busyboxes/status + verbs: + - get + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/example.com_busybox_viewer_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/example.com_busybox_viewer_role.yaml new file mode 100755 index 00000000000..56f71408821 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/example.com_busybox_viewer_role.yaml @@ -0,0 +1,26 @@ +{{- if .Values.rbac.create }} +# permissions for end users to view busyboxes. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: project-v4-multigroup + app.kubernetes.io/managed-by: kustomize + name: example.com-busybox-viewer-role +rules: +- apiGroups: + - example.com.testproject.org + resources: + - busyboxes + verbs: + - get + - list + - watch +- apiGroups: + - example.com.testproject.org + resources: + - busyboxes/status + verbs: + - get + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/example.com_memcached_editor_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/example.com_memcached_editor_role.yaml new file mode 100755 index 00000000000..665eed2a63b --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/example.com_memcached_editor_role.yaml @@ -0,0 +1,30 @@ +{{- if .Values.rbac.create }} +# permissions for end users to edit memcacheds. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: project-v4-multigroup + app.kubernetes.io/managed-by: kustomize + name: example.com-memcached-editor-role +rules: +- apiGroups: + - example.com.testproject.org + resources: + - memcacheds + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - example.com.testproject.org + resources: + - memcacheds/status + verbs: + - get + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/example.com_memcached_viewer_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/example.com_memcached_viewer_role.yaml new file mode 100755 index 00000000000..8c20f7e97ac --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/example.com_memcached_viewer_role.yaml @@ -0,0 +1,26 @@ +{{- if .Values.rbac.create }} +# permissions for end users to view memcacheds. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: project-v4-multigroup + app.kubernetes.io/managed-by: kustomize + name: example.com-memcached-viewer-role +rules: +- apiGroups: + - example.com.testproject.org + resources: + - memcacheds + verbs: + - get + - list + - watch +- apiGroups: + - example.com.testproject.org + resources: + - memcacheds/status + verbs: + - get + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/fiz_bar_editor_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/fiz_bar_editor_role.yaml new file mode 100755 index 00000000000..b5bf65de761 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/fiz_bar_editor_role.yaml @@ -0,0 +1,30 @@ +{{- if .Values.rbac.create }} +# permissions for end users to edit bars. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: project-v4-multigroup + app.kubernetes.io/managed-by: kustomize + name: fiz-bar-editor-role +rules: +- apiGroups: + - fiz.testproject.org + resources: + - bars + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - fiz.testproject.org + resources: + - bars/status + verbs: + - get + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/fiz_bar_viewer_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/fiz_bar_viewer_role.yaml new file mode 100755 index 00000000000..2fea7038d3e --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/fiz_bar_viewer_role.yaml @@ -0,0 +1,26 @@ +{{- if .Values.rbac.create }} +# permissions for end users to view bars. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: project-v4-multigroup + app.kubernetes.io/managed-by: kustomize + name: fiz-bar-viewer-role +rules: +- apiGroups: + - fiz.testproject.org + resources: + - bars + verbs: + - get + - list + - watch +- apiGroups: + - fiz.testproject.org + resources: + - bars/status + verbs: + - get + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/foo.policy_healthcheckpolicy_editor_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/foo.policy_healthcheckpolicy_editor_role.yaml new file mode 100755 index 00000000000..782a72a99ce --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/foo.policy_healthcheckpolicy_editor_role.yaml @@ -0,0 +1,30 @@ +{{- if .Values.rbac.create }} +# permissions for end users to edit healthcheckpolicies. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: project-v4-multigroup + app.kubernetes.io/managed-by: kustomize + name: foo.policy-healthcheckpolicy-editor-role +rules: +- apiGroups: + - foo.policy.testproject.org + resources: + - healthcheckpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - foo.policy.testproject.org + resources: + - healthcheckpolicies/status + verbs: + - get + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/foo.policy_healthcheckpolicy_viewer_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/foo.policy_healthcheckpolicy_viewer_role.yaml new file mode 100755 index 00000000000..a52e75cecc2 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/foo.policy_healthcheckpolicy_viewer_role.yaml @@ -0,0 +1,26 @@ +{{- if .Values.rbac.create }} +# permissions for end users to view healthcheckpolicies. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: project-v4-multigroup + app.kubernetes.io/managed-by: kustomize + name: foo.policy-healthcheckpolicy-viewer-role +rules: +- apiGroups: + - foo.policy.testproject.org + resources: + - healthcheckpolicies + verbs: + - get + - list + - watch +- apiGroups: + - foo.policy.testproject.org + resources: + - healthcheckpolicies/status + verbs: + - get + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/foo_bar_editor_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/foo_bar_editor_role.yaml new file mode 100755 index 00000000000..3ec0e6aa9f3 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/foo_bar_editor_role.yaml @@ -0,0 +1,30 @@ +{{- if .Values.rbac.create }} +# permissions for end users to edit bars. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: project-v4-multigroup + app.kubernetes.io/managed-by: kustomize + name: foo-bar-editor-role +rules: +- apiGroups: + - foo.testproject.org + resources: + - bars + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - foo.testproject.org + resources: + - bars/status + verbs: + - get + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/foo_bar_viewer_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/foo_bar_viewer_role.yaml new file mode 100755 index 00000000000..6e30215b19b --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/foo_bar_viewer_role.yaml @@ -0,0 +1,26 @@ +{{- if .Values.rbac.create }} +# permissions for end users to view bars. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: project-v4-multigroup + app.kubernetes.io/managed-by: kustomize + name: foo-bar-viewer-role +rules: +- apiGroups: + - foo.testproject.org + resources: + - bars + verbs: + - get + - list + - watch +- apiGroups: + - foo.testproject.org + resources: + - bars/status + verbs: + - get + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/leader_election_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/leader_election_role.yaml new file mode 100755 index 00000000000..ac35c2668c3 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/leader_election_role.yaml @@ -0,0 +1,43 @@ +{{- if .Values.rbac.create }} +# permissions to do leader election. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/name: project-v4-multigroup + app.kubernetes.io/managed-by: kustomize + name: leader-election-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/leader_election_role_binding.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/leader_election_role_binding.yaml new file mode 100755 index 00000000000..a9a392adfe0 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/leader_election_role_binding.yaml @@ -0,0 +1,18 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/name: project-v4-multigroup + app.kubernetes.io/managed-by: kustomize + name: leader-election-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: leader-election-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: system + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/metrics_auth_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/metrics_auth_role.yaml new file mode 100755 index 00000000000..2e01e0ceac6 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/metrics_auth_role.yaml @@ -0,0 +1,20 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: metrics-auth-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/metrics_auth_role_binding.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/metrics_auth_role_binding.yaml new file mode 100755 index 00000000000..61cef704771 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/metrics_auth_role_binding.yaml @@ -0,0 +1,15 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: metrics-auth-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: metrics-auth-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: system + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/metrics_reader_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/metrics_reader_role.yaml new file mode 100755 index 00000000000..cd31f6b82df --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/metrics_reader_role.yaml @@ -0,0 +1,12 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: metrics-reader +rules: +- nonResourceURLs: + - "/metrics" + verbs: + - get + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/role.yaml new file mode 100755 index 00000000000..bb98210432d --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/role.yaml @@ -0,0 +1,247 @@ +{{- if .Values.rbac.create }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: manager-role +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments/finalizers + verbs: + - update +- apiGroups: + - apps + resources: + - deployments/status + verbs: + - get + - patch + - update +- apiGroups: + - cert-manager.io + resources: + - certificates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cert-manager.io + resources: + - certificates/finalizers + verbs: + - update +- apiGroups: + - cert-manager.io + resources: + - certificates/status + verbs: + - get + - patch + - update +- apiGroups: + - crew.testproject.org + resources: + - captains + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - crew.testproject.org + resources: + - captains/finalizers + verbs: + - update +- apiGroups: + - crew.testproject.org + resources: + - captains/status + verbs: + - get + - patch + - update +- apiGroups: + - example.com.testproject.org + resources: + - busyboxes + - memcacheds + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - example.com.testproject.org + resources: + - busyboxes/finalizers + - memcacheds/finalizers + verbs: + - update +- apiGroups: + - example.com.testproject.org + resources: + - busyboxes/status + - memcacheds/status + verbs: + - get + - patch + - update +- apiGroups: + - fiz.testproject.org + - foo.testproject.org + resources: + - bars + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - fiz.testproject.org + - foo.testproject.org + resources: + - bars/finalizers + verbs: + - update +- apiGroups: + - fiz.testproject.org + - foo.testproject.org + resources: + - bars/status + verbs: + - get + - patch + - update +- apiGroups: + - foo.policy.testproject.org + resources: + - healthcheckpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - foo.policy.testproject.org + resources: + - healthcheckpolicies/finalizers + verbs: + - update +- apiGroups: + - foo.policy.testproject.org + resources: + - healthcheckpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - sea-creatures.testproject.org + resources: + - krakens + - leviathans + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sea-creatures.testproject.org + resources: + - krakens/finalizers + - leviathans/finalizers + verbs: + - update +- apiGroups: + - sea-creatures.testproject.org + resources: + - krakens/status + - leviathans/status + verbs: + - get + - patch + - update +- apiGroups: + - ship.testproject.org + resources: + - cruisers + - destroyers + - frigates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ship.testproject.org + resources: + - cruisers/finalizers + - destroyers/finalizers + - frigates/finalizers + verbs: + - update +- apiGroups: + - ship.testproject.org + resources: + - cruisers/status + - destroyers/status + - frigates/status + verbs: + - get + - patch + - update + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/role_binding.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/role_binding.yaml new file mode 100755 index 00000000000..12d1b63dce8 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/role_binding.yaml @@ -0,0 +1,18 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: project-v4-multigroup + app.kubernetes.io/managed-by: kustomize + name: manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: manager-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: system + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/sea-creatures_kraken_editor_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/sea-creatures_kraken_editor_role.yaml new file mode 100755 index 00000000000..7ad1e18c702 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/sea-creatures_kraken_editor_role.yaml @@ -0,0 +1,30 @@ +{{- if .Values.rbac.create }} +# permissions for end users to edit krakens. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: project-v4-multigroup + app.kubernetes.io/managed-by: kustomize + name: sea-creatures-kraken-editor-role +rules: +- apiGroups: + - sea-creatures.testproject.org + resources: + - krakens + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sea-creatures.testproject.org + resources: + - krakens/status + verbs: + - get + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/sea-creatures_kraken_viewer_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/sea-creatures_kraken_viewer_role.yaml new file mode 100755 index 00000000000..daed9352082 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/sea-creatures_kraken_viewer_role.yaml @@ -0,0 +1,26 @@ +{{- if .Values.rbac.create }} +# permissions for end users to view krakens. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: project-v4-multigroup + app.kubernetes.io/managed-by: kustomize + name: sea-creatures-kraken-viewer-role +rules: +- apiGroups: + - sea-creatures.testproject.org + resources: + - krakens + verbs: + - get + - list + - watch +- apiGroups: + - sea-creatures.testproject.org + resources: + - krakens/status + verbs: + - get + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/sea-creatures_leviathan_editor_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/sea-creatures_leviathan_editor_role.yaml new file mode 100755 index 00000000000..e8aa279c62a --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/sea-creatures_leviathan_editor_role.yaml @@ -0,0 +1,30 @@ +{{- if .Values.rbac.create }} +# permissions for end users to edit leviathans. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: project-v4-multigroup + app.kubernetes.io/managed-by: kustomize + name: sea-creatures-leviathan-editor-role +rules: +- apiGroups: + - sea-creatures.testproject.org + resources: + - leviathans + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sea-creatures.testproject.org + resources: + - leviathans/status + verbs: + - get + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/sea-creatures_leviathan_viewer_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/sea-creatures_leviathan_viewer_role.yaml new file mode 100755 index 00000000000..cd91e4a6c97 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/sea-creatures_leviathan_viewer_role.yaml @@ -0,0 +1,26 @@ +{{- if .Values.rbac.create }} +# permissions for end users to view leviathans. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: project-v4-multigroup + app.kubernetes.io/managed-by: kustomize + name: sea-creatures-leviathan-viewer-role +rules: +- apiGroups: + - sea-creatures.testproject.org + resources: + - leviathans + verbs: + - get + - list + - watch +- apiGroups: + - sea-creatures.testproject.org + resources: + - leviathans/status + verbs: + - get + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/service_account.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/service_account.yaml new file mode 100755 index 00000000000..19f144cdb40 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/service_account.yaml @@ -0,0 +1,11 @@ +{{- if .Values.rbac.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: project-v4-multigroup + app.kubernetes.io/managed-by: kustomize + name: controller-manager + namespace: system + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/ship_cruiser_editor_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/ship_cruiser_editor_role.yaml new file mode 100755 index 00000000000..85e5688516e --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/ship_cruiser_editor_role.yaml @@ -0,0 +1,30 @@ +{{- if .Values.rbac.create }} +# permissions for end users to edit cruisers. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: project-v4-multigroup + app.kubernetes.io/managed-by: kustomize + name: ship-cruiser-editor-role +rules: +- apiGroups: + - ship.testproject.org + resources: + - cruisers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ship.testproject.org + resources: + - cruisers/status + verbs: + - get + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/ship_cruiser_viewer_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/ship_cruiser_viewer_role.yaml new file mode 100755 index 00000000000..40b4a97e88e --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/ship_cruiser_viewer_role.yaml @@ -0,0 +1,26 @@ +{{- if .Values.rbac.create }} +# permissions for end users to view cruisers. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: project-v4-multigroup + app.kubernetes.io/managed-by: kustomize + name: ship-cruiser-viewer-role +rules: +- apiGroups: + - ship.testproject.org + resources: + - cruisers + verbs: + - get + - list + - watch +- apiGroups: + - ship.testproject.org + resources: + - cruisers/status + verbs: + - get + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/ship_destroyer_editor_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/ship_destroyer_editor_role.yaml new file mode 100755 index 00000000000..c033e044e19 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/ship_destroyer_editor_role.yaml @@ -0,0 +1,30 @@ +{{- if .Values.rbac.create }} +# permissions for end users to edit destroyers. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: project-v4-multigroup + app.kubernetes.io/managed-by: kustomize + name: ship-destroyer-editor-role +rules: +- apiGroups: + - ship.testproject.org + resources: + - destroyers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ship.testproject.org + resources: + - destroyers/status + verbs: + - get + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/ship_destroyer_viewer_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/ship_destroyer_viewer_role.yaml new file mode 100755 index 00000000000..76f0ac69f46 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/ship_destroyer_viewer_role.yaml @@ -0,0 +1,26 @@ +{{- if .Values.rbac.create }} +# permissions for end users to view destroyers. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: project-v4-multigroup + app.kubernetes.io/managed-by: kustomize + name: ship-destroyer-viewer-role +rules: +- apiGroups: + - ship.testproject.org + resources: + - destroyers + verbs: + - get + - list + - watch +- apiGroups: + - ship.testproject.org + resources: + - destroyers/status + verbs: + - get + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/ship_frigate_editor_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/ship_frigate_editor_role.yaml new file mode 100755 index 00000000000..2abc170d711 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/ship_frigate_editor_role.yaml @@ -0,0 +1,30 @@ +{{- if .Values.rbac.create }} +# permissions for end users to edit frigates. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: project-v4-multigroup + app.kubernetes.io/managed-by: kustomize + name: ship-frigate-editor-role +rules: +- apiGroups: + - ship.testproject.org + resources: + - frigates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ship.testproject.org + resources: + - frigates/status + verbs: + - get + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/ship_frigate_viewer_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/ship_frigate_viewer_role.yaml new file mode 100755 index 00000000000..a46abf50f04 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/ship_frigate_viewer_role.yaml @@ -0,0 +1,26 @@ +{{- if .Values.rbac.create }} +# permissions for end users to view frigates. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: project-v4-multigroup + app.kubernetes.io/managed-by: kustomize + name: ship-frigate-viewer-role +rules: +- apiGroups: + - ship.testproject.org + resources: + - frigates + verbs: + - get + - list + - watch +- apiGroups: + - ship.testproject.org + resources: + - frigates/status + verbs: + - get + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/webhook/manifests.yaml b/testdata/project-v4-multigroup/dist/chart/templates/webhook/manifests.yaml new file mode 100755 index 00000000000..b396f8860b6 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/webhook/manifests.yaml @@ -0,0 +1,155 @@ +{{- if .Values.webhook.create }} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-cert-manager-io-v1-issuer + failurePolicy: Fail + name: missuer-v1.kb.io + rules: + - apiGroups: + - cert-manager.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - issuers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-crew-testproject-org-v1-captain + failurePolicy: Fail + name: mcaptain-v1.kb.io + rules: + - apiGroups: + - crew.testproject.org + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - captains + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-ship-testproject-org-v1-destroyer + failurePolicy: Fail + name: mdestroyer-v1.kb.io + rules: + - apiGroups: + - ship.testproject.org + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - destroyers + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate--v1-pod + failurePolicy: Fail + name: vpod-v1.kb.io + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - pods + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-crew-testproject-org-v1-captain + failurePolicy: Fail + name: vcaptain-v1.kb.io + rules: + - apiGroups: + - crew.testproject.org + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - captains + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-example-com-testproject-org-v1alpha1-memcached + failurePolicy: Fail + name: vmemcached-v1alpha1.kb.io + rules: + - apiGroups: + - example.com.testproject.org + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - memcacheds + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-ship-testproject-org-v2alpha1-cruiser + failurePolicy: Fail + name: vcruiser-v2alpha1.kb.io + rules: + - apiGroups: + - ship.testproject.org + apiVersions: + - v2alpha1 + operations: + - CREATE + - UPDATE + resources: + - cruisers + sideEffects: None + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/webhook/service.yaml b/testdata/project-v4-multigroup/dist/chart/templates/webhook/service.yaml new file mode 100755 index 00000000000..c565969214f --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/webhook/service.yaml @@ -0,0 +1,18 @@ +{{- if .Values.webhook.create }} +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: project-v4-multigroup + app.kubernetes.io/managed-by: kustomize + name: webhook-service + namespace: system +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + control-plane: controller-manager + +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/values.yaml b/testdata/project-v4-multigroup/dist/chart/values.yaml new file mode 100644 index 00000000000..575ea75bdda --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/values.yaml @@ -0,0 +1,33 @@ +# Default values for the Kubebuilder Helm chart + +# RBAC settings +# Set to false to skip creating RBAC resources (roles, bindings, service accounts) +rbac: + create: true + +# Controller Manager settings +# Set to false to skip creating the controller manager deployment +controllerManager: + create: true + +# Webhook service settings +webhook: + create: true + +# CRDs settings +# Set to false to skip creating CustomResourceDefinitions (CRDs) +crd: + create: true + +# Prometheus monitoring settings +# Set to false to skip creating Prometheus monitoring resources +prometheus: + create: true + +# CertManager settings for certificates +certmanager: + create: false + +# Network policies +networkPolicy: + create: false diff --git a/testdata/project-v4-with-plugins/PROJECT b/testdata/project-v4-with-plugins/PROJECT index f006d1cad32..d51806c193e 100644 --- a/testdata/project-v4-with-plugins/PROJECT +++ b/testdata/project-v4-with-plugins/PROJECT @@ -24,6 +24,7 @@ plugins: image: busybox:1.36.1 version: v1alpha1 grafana.kubebuilder.io/v1-alpha: {} + helm.kubebuilder.io/v1-alpha: {} projectName: project-v4-with-plugins repo: sigs.k8s.io/kubebuilder/testdata/project-v4-with-plugins resources: diff --git a/testdata/project-v4-with-plugins/dist/chart/.helmignore b/testdata/project-v4-with-plugins/dist/chart/.helmignore new file mode 100644 index 00000000000..23345134e6d --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/.helmignore @@ -0,0 +1,48 @@ +# Patterns to ignore when building Helm packages. +# Supports shell glob matching, relative path matching, and negation. + +# Operating system files +.DS_Store + +# Version control directories +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ + +# Backup and temporary files +*.swp +*.swo +*.tmp +*.bak +*.orig +*~ + +# IDE and editor-related files +.idea/ +.vscode/ +*.tmproj +.project + +# Go-related files +*.exe +*.exe~ +*.dll +*.so +*.dylib +bin/* +Dockerfile.cross +*.test +*.out + +# Go workspace file +go.work + +# Ignore Kubernetes generated files (except vendored files) +!vendor/**/zz_generated.* + +# Helm chart artifacts in the dist/chart directory +dist/chart/*.tgz diff --git a/testdata/project-v4-with-plugins/dist/chart/Chart.yaml b/testdata/project-v4-with-plugins/dist/chart/Chart.yaml new file mode 100644 index 00000000000..099230848df --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: +description: A Helm chart to distribute the project +type: application +version: 0.1.0 +appVersion: "0.1.0" diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/certmanager/certificate.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/certmanager/certificate.yaml new file mode 100755 index 00000000000..60aa957b262 --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/certmanager/certificate.yaml @@ -0,0 +1,38 @@ +{{- if .Values.certmanager.create }} +# The following manifests contain a self-signed issuer CR and a certificate CR. +# More document can be found at https://docs.cert-manager.io +# WARNING: Targets CertManager v1.0. Check https://cert-manager.io/docs/installation/upgrading/ for breaking changes. +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + app.kubernetes.io/name: project-v4-with-plugins + app.kubernetes.io/managed-by: kustomize + name: selfsigned-issuer + namespace: system +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + app.kubernetes.io/name: certificate + app.kubernetes.io/instance: serving-cert + app.kubernetes.io/component: certificate + app.kubernetes.io/created-by: project-v4-with-plugins + app.kubernetes.io/part-of: project-v4-with-plugins + app.kubernetes.io/managed-by: kustomize + name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml + namespace: system +spec: + # SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize + dnsNames: + - SERVICE_NAME.SERVICE_NAMESPACE.svc + - SERVICE_NAME.SERVICE_NAMESPACE.svc.cluster.local + issuerRef: + kind: Issuer + name: selfsigned-issuer + secretName: webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize + +{{- end }} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/crds/example.com.testproject.org_busyboxes.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/crds/example.com.testproject.org_busyboxes.yaml new file mode 100755 index 00000000000..e03fe5a315a --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/crds/example.com.testproject.org_busyboxes.yaml @@ -0,0 +1,119 @@ +{{- if .Values.crd.create }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: busyboxes.example.com.testproject.org +spec: + group: example.com.testproject.org + names: + kind: Busybox + listKind: BusyboxList + plural: busyboxes + singular: busybox + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Busybox is the Schema for the busyboxes API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: BusyboxSpec defines the desired state of Busybox + properties: + size: + description: |- + Size defines the number of Busybox instances + The following markers will use OpenAPI v3 schema to validate the value + More info: https://book.kubebuilder.io/reference/markers/crd-validation.html + format: int32 + maximum: 3 + minimum: 1 + type: integer + type: object + status: + description: BusyboxStatus defines the observed state of Busybox + properties: + conditions: + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} + +{{- end }} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/crds/example.com.testproject.org_memcacheds.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/crds/example.com.testproject.org_memcacheds.yaml new file mode 100755 index 00000000000..7535c811d2c --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/crds/example.com.testproject.org_memcacheds.yaml @@ -0,0 +1,124 @@ +{{- if .Values.crd.create }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: memcacheds.example.com.testproject.org +spec: + group: example.com.testproject.org + names: + kind: Memcached + listKind: MemcachedList + plural: memcacheds + singular: memcached + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Memcached is the Schema for the memcacheds API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: MemcachedSpec defines the desired state of Memcached + properties: + containerPort: + description: Port defines the port that will be used to init the container + with the image + format: int32 + type: integer + size: + description: |- + Size defines the number of Memcached instances + The following markers will use OpenAPI v3 schema to validate the value + More info: https://book.kubebuilder.io/reference/markers/crd-validation.html + format: int32 + maximum: 3 + minimum: 1 + type: integer + type: object + status: + description: MemcachedStatus defines the observed state of Memcached + properties: + conditions: + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} + +{{- end }} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/manager/manager.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/manager/manager.yaml new file mode 100755 index 00000000000..6a9dc6acc25 --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/manager/manager.yaml @@ -0,0 +1,103 @@ +{{- if .Values.controllerManager.create }} +apiVersion: v1 +kind: Namespace +metadata: + labels: + control-plane: controller-manager + app.kubernetes.io/name: project-v4-with-plugins + app.kubernetes.io/managed-by: kustomize + name: system +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system + labels: + control-plane: controller-manager + app.kubernetes.io/name: project-v4-with-plugins + app.kubernetes.io/managed-by: kustomize +spec: + selector: + matchLabels: + control-plane: controller-manager + replicas: 1 + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + spec: + # TODO(user): Uncomment the following code to configure the nodeAffinity expression + # according to the platforms which are supported by your solution. + # It is considered best practice to support multiple architectures. You can + # build your manager image using the makefile target docker-buildx. + # affinity: + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/arch + # operator: In + # values: + # - amd64 + # - arm64 + # - ppc64le + # - s390x + # - key: kubernetes.io/os + # operator: In + # values: + # - linux + securityContext: + runAsNonRoot: true + # TODO(user): For common cases that do not require escalating privileges + # it is recommended to ensure that all your Pods/Containers are restrictive. + # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted + # Please uncomment the following code if your project does NOT have to work on old Kubernetes + # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ). + # seccompProfile: + # type: RuntimeDefault + containers: + - command: + - /manager + args: + - --leader-elect + - --health-probe-bind-address=:8081 + image: controller:latest + name: manager + env: + - name: BUSYBOX_IMAGE + value: busybox:1.36.1 + - name: MEMCACHED_IMAGE + value: memcached:memcached:1.6.26-alpine3.19 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + # TODO(user): Configure the resources accordingly based on the project requirements. + # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + serviceAccountName: controller-manager + terminationGracePeriodSeconds: 10 + +{{- end }} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/network-policy/allow-metrics-traffic.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/network-policy/allow-metrics-traffic.yaml new file mode 100755 index 00000000000..9d87da1f85b --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/network-policy/allow-metrics-traffic.yaml @@ -0,0 +1,29 @@ +{{- if .Values.networkPolicy.create }} +# This NetworkPolicy allows ingress traffic +# with Pods running on namespaces labeled with 'metrics: enabled'. Only Pods on those +# namespaces are able to gathering data from the metrics endpoint. +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/name: project-v4-with-plugins + app.kubernetes.io/managed-by: kustomize + name: allow-metrics-traffic + namespace: system +spec: + podSelector: + matchLabels: + control-plane: controller-manager + policyTypes: + - Ingress + ingress: + # This allows ingress traffic from any namespace with the label metrics: enabled + - from: + - namespaceSelector: + matchLabels: + metrics: enabled # Only from namespaces with this label + ports: + - port: 8443 + protocol: TCP + +{{- end }} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/network-policy/allow-webhook-traffic.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/network-policy/allow-webhook-traffic.yaml new file mode 100755 index 00000000000..8f1773e83e1 --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/network-policy/allow-webhook-traffic.yaml @@ -0,0 +1,29 @@ +{{- if .Values.networkPolicy.create }} +# This NetworkPolicy allows ingress traffic to your webhook server running +# as part of the controller-manager from specific namespaces and pods. CR(s) which uses webhooks +# will only work when applied in namespaces labeled with 'webhook: enabled' +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/name: project-v4-with-plugins + app.kubernetes.io/managed-by: kustomize + name: allow-webhook-traffic + namespace: system +spec: + podSelector: + matchLabels: + control-plane: controller-manager + policyTypes: + - Ingress + ingress: + # This allows ingress traffic from any namespace with the label webhook: enabled + - from: + - namespaceSelector: + matchLabels: + webhook: enabled # Only from namespaces with this label + ports: + - port: 443 + protocol: TCP + +{{- end }} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/prometheus/monitor.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/prometheus/monitor.yaml new file mode 100755 index 00000000000..180d1a8ae81 --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/prometheus/monitor.yaml @@ -0,0 +1,33 @@ +{{- if .Values.prometheus.create }} +# Prometheus Monitor Service (Metrics) +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + control-plane: controller-manager + app.kubernetes.io/name: project-v4-with-plugins + app.kubernetes.io/managed-by: kustomize + name: controller-manager-metrics-monitor + namespace: system +spec: + endpoints: + - path: /metrics + port: https # Ensure this is the name of the port that exposes HTTPS metrics + scheme: https + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + tlsConfig: + # TODO(user): The option insecureSkipVerify: true is not recommended for production since it disables + # certificate verification. This poses a significant security risk by making the system vulnerable to + # man-in-the-middle attacks, where an attacker could intercept and manipulate the communication between + # Prometheus and the monitored services. This could lead to unauthorized access to sensitive metrics data, + # compromising the integrity and confidentiality of the information. + # Please use the following options for secure configurations: + # caFile: /etc/metrics-certs/ca.crt + # certFile: /etc/metrics-certs/tls.crt + # keyFile: /etc/metrics-certs/tls.key + insecureSkipVerify: true + selector: + matchLabels: + control-plane: controller-manager + +{{- end }} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/rbac/busybox_editor_role.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/busybox_editor_role.yaml new file mode 100755 index 00000000000..dc45ca08100 --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/busybox_editor_role.yaml @@ -0,0 +1,30 @@ +{{- if .Values.rbac.create }} +# permissions for end users to edit busyboxes. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: project-v4-with-plugins + app.kubernetes.io/managed-by: kustomize + name: busybox-editor-role +rules: +- apiGroups: + - example.com.testproject.org + resources: + - busyboxes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - example.com.testproject.org + resources: + - busyboxes/status + verbs: + - get + +{{- end }} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/rbac/busybox_viewer_role.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/busybox_viewer_role.yaml new file mode 100755 index 00000000000..e067dcad888 --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/busybox_viewer_role.yaml @@ -0,0 +1,26 @@ +{{- if .Values.rbac.create }} +# permissions for end users to view busyboxes. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: project-v4-with-plugins + app.kubernetes.io/managed-by: kustomize + name: busybox-viewer-role +rules: +- apiGroups: + - example.com.testproject.org + resources: + - busyboxes + verbs: + - get + - list + - watch +- apiGroups: + - example.com.testproject.org + resources: + - busyboxes/status + verbs: + - get + +{{- end }} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/rbac/leader_election_role.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/leader_election_role.yaml new file mode 100755 index 00000000000..f80d3daf87f --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/leader_election_role.yaml @@ -0,0 +1,43 @@ +{{- if .Values.rbac.create }} +# permissions to do leader election. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/name: project-v4-with-plugins + app.kubernetes.io/managed-by: kustomize + name: leader-election-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + +{{- end }} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/rbac/leader_election_role_binding.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/leader_election_role_binding.yaml new file mode 100755 index 00000000000..bbecba45b90 --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/leader_election_role_binding.yaml @@ -0,0 +1,18 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/name: project-v4-with-plugins + app.kubernetes.io/managed-by: kustomize + name: leader-election-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: leader-election-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: system + +{{- end }} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/rbac/memcached_editor_role.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/memcached_editor_role.yaml new file mode 100755 index 00000000000..9c854099684 --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/memcached_editor_role.yaml @@ -0,0 +1,30 @@ +{{- if .Values.rbac.create }} +# permissions for end users to edit memcacheds. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: project-v4-with-plugins + app.kubernetes.io/managed-by: kustomize + name: memcached-editor-role +rules: +- apiGroups: + - example.com.testproject.org + resources: + - memcacheds + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - example.com.testproject.org + resources: + - memcacheds/status + verbs: + - get + +{{- end }} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/rbac/memcached_viewer_role.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/memcached_viewer_role.yaml new file mode 100755 index 00000000000..f8204c372d2 --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/memcached_viewer_role.yaml @@ -0,0 +1,26 @@ +{{- if .Values.rbac.create }} +# permissions for end users to view memcacheds. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: project-v4-with-plugins + app.kubernetes.io/managed-by: kustomize + name: memcached-viewer-role +rules: +- apiGroups: + - example.com.testproject.org + resources: + - memcacheds + verbs: + - get + - list + - watch +- apiGroups: + - example.com.testproject.org + resources: + - memcacheds/status + verbs: + - get + +{{- end }} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/rbac/metrics_auth_role.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/metrics_auth_role.yaml new file mode 100755 index 00000000000..2e01e0ceac6 --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/metrics_auth_role.yaml @@ -0,0 +1,20 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: metrics-auth-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + +{{- end }} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/rbac/metrics_auth_role_binding.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/metrics_auth_role_binding.yaml new file mode 100755 index 00000000000..61cef704771 --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/metrics_auth_role_binding.yaml @@ -0,0 +1,15 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: metrics-auth-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: metrics-auth-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: system + +{{- end }} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/rbac/metrics_reader_role.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/metrics_reader_role.yaml new file mode 100755 index 00000000000..cd31f6b82df --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/metrics_reader_role.yaml @@ -0,0 +1,12 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: metrics-reader +rules: +- nonResourceURLs: + - "/metrics" + verbs: + - get + +{{- end }} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/rbac/role.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/role.yaml new file mode 100755 index 00000000000..2a410cc4b7b --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/role.yaml @@ -0,0 +1,65 @@ +{{- if .Values.rbac.create }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: manager-role +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - example.com.testproject.org + resources: + - busyboxes + - memcacheds + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - example.com.testproject.org + resources: + - busyboxes/finalizers + - memcacheds/finalizers + verbs: + - update +- apiGroups: + - example.com.testproject.org + resources: + - busyboxes/status + - memcacheds/status + verbs: + - get + - patch + - update + +{{- end }} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/rbac/role_binding.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/role_binding.yaml new file mode 100755 index 00000000000..9706716d403 --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/role_binding.yaml @@ -0,0 +1,18 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: project-v4-with-plugins + app.kubernetes.io/managed-by: kustomize + name: manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: manager-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: system + +{{- end }} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/rbac/service_account.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/service_account.yaml new file mode 100755 index 00000000000..b5c81fa0138 --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/service_account.yaml @@ -0,0 +1,11 @@ +{{- if .Values.rbac.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: project-v4-with-plugins + app.kubernetes.io/managed-by: kustomize + name: controller-manager + namespace: system + +{{- end }} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/webhook/manifests.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/webhook/manifests.yaml new file mode 100755 index 00000000000..81658fa3294 --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/webhook/manifests.yaml @@ -0,0 +1,29 @@ +{{- if .Values.webhook.create }} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-example-com-testproject-org-v1alpha1-memcached + failurePolicy: Fail + name: vmemcached-v1alpha1.kb.io + rules: + - apiGroups: + - example.com.testproject.org + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - memcacheds + sideEffects: None + +{{- end }} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/webhook/service.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/webhook/service.yaml new file mode 100755 index 00000000000..c79cd025ed7 --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/webhook/service.yaml @@ -0,0 +1,18 @@ +{{- if .Values.webhook.create }} +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: project-v4-with-plugins + app.kubernetes.io/managed-by: kustomize + name: webhook-service + namespace: system +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + control-plane: controller-manager + +{{- end }} diff --git a/testdata/project-v4-with-plugins/dist/chart/values.yaml b/testdata/project-v4-with-plugins/dist/chart/values.yaml new file mode 100644 index 00000000000..575ea75bdda --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/values.yaml @@ -0,0 +1,33 @@ +# Default values for the Kubebuilder Helm chart + +# RBAC settings +# Set to false to skip creating RBAC resources (roles, bindings, service accounts) +rbac: + create: true + +# Controller Manager settings +# Set to false to skip creating the controller manager deployment +controllerManager: + create: true + +# Webhook service settings +webhook: + create: true + +# CRDs settings +# Set to false to skip creating CustomResourceDefinitions (CRDs) +crd: + create: true + +# Prometheus monitoring settings +# Set to false to skip creating Prometheus monitoring resources +prometheus: + create: true + +# CertManager settings for certificates +certmanager: + create: false + +# Network policies +networkPolicy: + create: false