diff --git a/.github/workflows/test-helm-samples.yml b/.github/workflows/test-helm-samples.yml new file mode 100644 index 00000000000..4cc3fa3b4e0 --- /dev/null +++ b/.github/workflows/test-helm-samples.yml @@ -0,0 +1,110 @@ +name: Helm Testdata Sample + +on: + push: + paths: + - 'testdata/project-v4-with-plugins/**' + - 'testdata/project-v4-multigroup/**' + - '.github/workflows/test-helm-samples.yml' + pull_request: + paths: + - 'testdata/project-v4-with-plugins/**' + - 'testdata/project-v4-multigroup/**' + - '.github/workflows/test-helm-samples.yml' + +jobs: + helm-test-project-v4-with-plugins: + runs-on: ubuntu-latest + strategy: + fail-fast: true + if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version: '~1.22' + + - name: Install the latest version of kind + run: | + curl -Lo ./kind https://kind.sigs.k8s.io/dl/latest/kind-linux-amd64 + chmod +x ./kind + sudo mv ./kind /usr/local/bin/kind + + - name: Verify kind installation + run: kind version + + - name: Create kind cluster + run: kind create cluster + + - name: Prepare project-v4-with-plugins + run: | + cd testdata/project-v4-with-plugins/ + go mod tidy + make docker-build IMG=project-v4-with-plugins:v0.1.0 + kind load docker-image project-v4-with-plugins:v0.1.0 + + - name: Install Helm + run: | + curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash + + - name: Verify Helm installation + run: helm version + + - name: Lint Helm chart for project-v4-with-plugins + run: | + helm lint testdata/project-v4-with-plugins/dist/chart + + - name: Install Helm chart for project-v4-with-plugins + run: | + helm install my-release testdata/project-v4-with-plugins/dist/chart --create-namespace --namespace project-v4-with-plugins-system + + helm-test-project-v4-multigroup: + runs-on: ubuntu-latest + strategy: + fail-fast: true + if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version: '~1.22' + + - name: Install the latest version of kind + run: | + curl -Lo ./kind https://kind.sigs.k8s.io/dl/latest/kind-linux-amd64 + chmod +x ./kind + sudo mv ./kind /usr/local/bin/kind + + - name: Verify kind installation + run: kind version + + - name: Create kind cluster + run: kind create cluster + + - name: Prepare project-v4-multigroup + run: | + cd testdata/project-v4-multigroup/ + go mod tidy + make docker-build IMG=project-v4-multigroup:v0.1.0 + kind load docker-image project-v4-multigroup:v0.1.0 + + - name: Install Helm + run: | + curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash + + - name: Verify Helm installation + run: helm version + + - name: Lint Helm chart for project-v4-multigroup + run: | + helm lint testdata/project-v4-multigroup/dist/chart + + - name: Install Helm chart for project-v4-multigroup + run: | + helm install my-release-multigroup testdata/project-v4-multigroup/dist/chart --create-namespace --namespace project-v4-multigroup-system diff --git a/Makefile b/Makefile index 6d90ad0d036..ec3686b734a 100644 --- a/Makefile +++ b/Makefile @@ -97,7 +97,7 @@ lint-fix: golangci-lint ## Run golangci-lint linter and perform fixes .PHONY: yamllint yamllint: - @files=$$(find testdata -name '*.yaml' ! -path 'testdata/*/dist/install.yaml'); \ + @files=$$(find testdata -name '*.yaml' ! -path 'testdata/*/dist/*'); \ docker run --rm $$(tty -s && echo "-it" || echo) -v $(PWD):/data cytopia/yamllint:latest $$files -d "{extends: relaxed, rules: {line-length: {max: 120}}}" --no-warnings GOLANGCI_LINT = $(shell pwd)/bin/golangci-lint @@ -171,3 +171,12 @@ test-spaces: ## Run the trailing spaces check test-legacy: ## Run the tests to validate legacy path for webhooks rm -rf ./testdata/**legacy**/ ./test/testdata/legacy-webhook-path.sh + +.PHONY: install-helm +install-helm: ## Install the latest version of Helm locally + @curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash + +.PHONY: helm-lint +helm-lint: install-helm ## Lint the Helm chart in testdata + helm lint testdata/project-v4-multigroup/dist/chart + helm lint testdata/project-v4-with-plugins/dist/chart diff --git a/cmd/main.go b/cmd/main.go index 64a25502cd7..f0e35e16663 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -30,6 +30,7 @@ import ( deployimagev1alpha1 "sigs.k8s.io/kubebuilder/v4/pkg/plugins/golang/deploy-image/v1alpha1" golangv4 "sigs.k8s.io/kubebuilder/v4/pkg/plugins/golang/v4" grafanav1alpha1 "sigs.k8s.io/kubebuilder/v4/pkg/plugins/optional/grafana/v1alpha" + helmv1alpha1 "sigs.k8s.io/kubebuilder/v4/pkg/plugins/optional/helm/v1alpha" ) func init() { @@ -61,6 +62,7 @@ func main() { &kustomizecommonv2.Plugin{}, &deployimagev1alpha1.Plugin{}, &grafanav1alpha1.Plugin{}, + &helmv1alpha1.Plugin{}, ), cli.WithPlugins(externalPlugins...), cli.WithDefaultPlugins(cfgv3.Version, gov4Bundle), diff --git a/docs/book/src/plugins/available/helm-v1-alpha.md b/docs/book/src/plugins/available/helm-v1-alpha.md new file mode 100644 index 00000000000..b22157ca6b4 --- /dev/null +++ b/docs/book/src/plugins/available/helm-v1-alpha.md @@ -0,0 +1,61 @@ +# Helm Plugin (`helm/v1-alpha`) + +The Helm plugin is an optional plugin that can be used to scaffold a Helm chart, allowing you to distribute the project using Helm. + +By default, users can generate a bundle with all the manifests by running the following command: + +```bash +make build-installer IMG=/ +``` + +This allows the project consumer to install the solution by applying the bundle with: + +```bash +kubectl apply -f https://raw.githubusercontent.com//project-v4//dist/install.yaml +``` + +However, in many scenarios, you might prefer to provide a Helm chart to package your solution. +If so, you can use this plugin to generate the Helm chart under the `dist` directory. + + + +## When to use it ? + +- If you are looking to provide to your users a HelmChart to install and manage your project + +## How to use it ? + +### Basic Usage + +The Helm plugin is attached to the `init` subcommand and the `edit` subcommand: + +```sh +# Initialize a new project with helm chart +kubebuilder init --plugins helm/v1-alpha + +# Enable or Update the helm chart via the helm plugin to an existing project +kubebuilder edit --plugins helm/v1-alpha +``` + +## Subcommands + +The Helm plugin implements the following subcommands: + +- edit (`$ kubebuilder edit [OPTIONS]`) + +- init (`$ kubebuilder init [OPTIONS]`) + +## Affected files + +The following scaffolds will be created or updated by this plugin: + +- `dist/chart/*` + +[testdata]: https://github.com/kubernetes-sigs/kubebuilder/tree/master/testdata/project-v4-with-plugins + diff --git a/docs/book/src/plugins/to-add-optional-features.md b/docs/book/src/plugins/to-add-optional-features.md index 6b95e7c02c2..f6e847672dd 100644 --- a/docs/book/src/plugins/to-add-optional-features.md +++ b/docs/book/src/plugins/to-add-optional-features.md @@ -2,10 +2,12 @@ The following plugins are useful to generate code and take advantage of optional features -| Plugin | Key | Description | -|---------------------------------------------------| -------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| [grafana.kubebuilder.io/v1-alpha][grafana] | `grafana/v1-alpha` | Optional helper plugin which can be used to scaffold Grafana Manifests Dashboards for the default metrics which are exported by controller-runtime. | -| [deploy-image.go.kubebuilder.io/v1-alpha][deploy] | `deploy-image/v1-alpha` | Optional helper plugin which can be used to scaffold APIs and controller with code implementation to Deploy and Manage an Operand(image). | +| Plugin | Key | Description | +|---------------------------------------------------|-------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------| +| [grafana.kubebuilder.io/v1-alpha][grafana] | `grafana/v1-alpha` | Optional helper plugin which can be used to scaffold Grafana Manifests Dashboards for the default metrics which are exported by controller-runtime. | +| [deploy-image.go.kubebuilder.io/v1-alpha][deploy] | `deploy-image/v1-alpha` | Optional helper plugin which can be used to scaffold APIs and controller with code implementation to Deploy and Manage an Operand(image). | +| [helm.kubebuilder.io/v1-alpha][helm] | `helm/v1-alpha` | Optional helper plugin which can be used to scaffold a Helm Chart to distribute the project under the `dist` directory | [grafana]: ./available/grafana-v1-alpha.md -[deploy]: ./available/deploy-image-plugin-v1-alpha.md \ No newline at end of file +[deploy]: ./available/deploy-image-plugin-v1-alpha.md +[helm]: ./available/helm-v1-alpha.md \ No newline at end of file diff --git a/pkg/plugins/optional/helm/v1alpha/commons.go b/pkg/plugins/optional/helm/v1alpha/commons.go new file mode 100644 index 00000000000..c6942322ec7 --- /dev/null +++ b/pkg/plugins/optional/helm/v1alpha/commons.go @@ -0,0 +1,37 @@ +/* +Copyright 2024 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha + +import ( + "errors" + + "sigs.k8s.io/kubebuilder/v4/pkg/config" +) + +func insertPluginMetaToConfig(target config.Config, cfg pluginConfig) error { + err := target.DecodePluginConfig(pluginKey, cfg) + if !errors.As(err, &config.UnsupportedFieldError{}) { + if err != nil && !errors.As(err, &config.PluginKeyNotFoundError{}) { + return err + } + if err = target.EncodePluginConfig(pluginKey, cfg); err != nil { + return err + } + } + + return nil +} diff --git a/pkg/plugins/optional/helm/v1alpha/edit.go b/pkg/plugins/optional/helm/v1alpha/edit.go new file mode 100644 index 00000000000..f44cf93f26b --- /dev/null +++ b/pkg/plugins/optional/helm/v1alpha/edit.go @@ -0,0 +1,68 @@ +/* +Copyright 2024 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha + +import ( + "fmt" + + "github.com/spf13/pflag" + "sigs.k8s.io/kubebuilder/v4/pkg/config" + "sigs.k8s.io/kubebuilder/v4/pkg/machinery" + "sigs.k8s.io/kubebuilder/v4/pkg/plugin" + "sigs.k8s.io/kubebuilder/v4/pkg/plugins/optional/helm/v1alpha/scaffolds" +) + +var _ plugin.EditSubcommand = &editSubcommand{} + +type editSubcommand struct { + config config.Config + force bool +} + +func (p *editSubcommand) UpdateMetadata(cliMeta plugin.CLIMetadata, subcmdMeta *plugin.SubcommandMetadata) { + subcmdMeta.Description = `Initialize a helm chart to distribute the project under dist/ +` + subcmdMeta.Examples = fmt.Sprintf(` # Initialize a helm chart to distribute the project under dist/ + %[1]s edit --plugins helm/v1alpha + +`, cliMeta.CommandName) +} + +func (p *editSubcommand) BindFlags(fs *pflag.FlagSet) { + fs.BoolVar(&p.force, "force", true, "if true, run re-generate the files") +} + +func (p *editSubcommand) InjectConfig(c config.Config) error { + p.config = c + return nil +} + +func (p *editSubcommand) Scaffold(fs machinery.Filesystem) error { + scaffolder := scaffolds.NewInitHelmScaffolder(p.config, p.force) + scaffolder.InjectFS(fs) + err := scaffolder.Scaffold() + if err != nil { + return err + } + + // Track the resources following a declarative approach + if err := insertPluginMetaToConfig(p.config, pluginConfig{}); err != nil { + return err + } + + return nil +} diff --git a/pkg/plugins/optional/helm/v1alpha/init.go b/pkg/plugins/optional/helm/v1alpha/init.go new file mode 100644 index 00000000000..2a0a21f3e9f --- /dev/null +++ b/pkg/plugins/optional/helm/v1alpha/init.go @@ -0,0 +1,62 @@ +/* +Copyright 2024 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha + +import ( + "fmt" + + "sigs.k8s.io/kubebuilder/v4/pkg/config" + "sigs.k8s.io/kubebuilder/v4/pkg/machinery" + "sigs.k8s.io/kubebuilder/v4/pkg/plugin" + "sigs.k8s.io/kubebuilder/v4/pkg/plugins/optional/helm/v1alpha/scaffolds" +) + +var _ plugin.InitSubcommand = &initSubcommand{} + +type initSubcommand struct { + config config.Config +} + +func (p *initSubcommand) UpdateMetadata(cliMeta plugin.CLIMetadata, subcmdMeta *plugin.SubcommandMetadata) { + subcmdMeta.Description = `Initialize a helm chart to distribute the project under dist/ +` + subcmdMeta.Examples = fmt.Sprintf(` # Initialize a helm chart to distribute the project under dist/ + %[1]s init --plugins helm/v1alpha + +`, cliMeta.CommandName) +} + +func (p *initSubcommand) InjectConfig(c config.Config) error { + p.config = c + return nil +} + +func (p *initSubcommand) Scaffold(fs machinery.Filesystem) error { + scaffolder := scaffolds.NewInitHelmScaffolder(p.config, false) + scaffolder.InjectFS(fs) + err := scaffolder.Scaffold() + if err != nil { + return err + } + + // Track the resources following a declarative approach + if err := insertPluginMetaToConfig(p.config, pluginConfig{}); err != nil { + return err + } + + return nil +} diff --git a/pkg/plugins/optional/helm/v1alpha/plugin.go b/pkg/plugins/optional/helm/v1alpha/plugin.go new file mode 100644 index 00000000000..21690e4db28 --- /dev/null +++ b/pkg/plugins/optional/helm/v1alpha/plugin.go @@ -0,0 +1,65 @@ +/* +Copyright 2024 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha + +import ( + "sigs.k8s.io/kubebuilder/v4/pkg/config" + cfgv3 "sigs.k8s.io/kubebuilder/v4/pkg/config/v3" + "sigs.k8s.io/kubebuilder/v4/pkg/model/stage" + "sigs.k8s.io/kubebuilder/v4/pkg/plugin" + "sigs.k8s.io/kubebuilder/v4/pkg/plugins" +) + +const pluginName = "helm." + plugins.DefaultNameQualifier + +var ( + pluginVersion = plugin.Version{Number: 1, Stage: stage.Alpha} + supportedProjectVersions = []config.Version{cfgv3.Version} + pluginKey = plugin.KeyFor(Plugin{}) +) + +// Plugin implements the plugin.Full interface +type Plugin struct { + initSubcommand + editSubcommand +} + +var ( + _ plugin.Init = Plugin{} + _ plugin.Edit = Plugin{} +) + +type pluginConfig struct{} + +// Name returns the name of the plugin +func (Plugin) Name() string { return pluginName } + +// Version returns the version of the grafana plugin +func (Plugin) Version() plugin.Version { return pluginVersion } + +// SupportedProjectVersions returns an array with all project versions supported by the plugin +func (Plugin) SupportedProjectVersions() []config.Version { return supportedProjectVersions } + +// GetInitSubcommand will return the subcommand which is responsible for initializing and scaffolding grafana manifests +func (p Plugin) GetInitSubcommand() plugin.InitSubcommand { return &p.initSubcommand } + +// GetEditSubcommand will return the subcommand which is responsible for adding grafana manifests +func (p Plugin) GetEditSubcommand() plugin.EditSubcommand { return &p.editSubcommand } + +func (p Plugin) DeprecationWarning() string { + return "" +} diff --git a/pkg/plugins/optional/helm/v1alpha/scaffolds/init.go b/pkg/plugins/optional/helm/v1alpha/scaffolds/init.go new file mode 100644 index 00000000000..296a0a679c7 --- /dev/null +++ b/pkg/plugins/optional/helm/v1alpha/scaffolds/init.go @@ -0,0 +1,235 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package scaffolds + +import ( + "fmt" + "os" + "path/filepath" + "regexp" + "strings" + + "sigs.k8s.io/kubebuilder/v4/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates/chart_templates" + + log "github.com/sirupsen/logrus" + "sigs.k8s.io/kubebuilder/v4/pkg/config" + "sigs.k8s.io/kubebuilder/v4/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates" + + "sigs.k8s.io/kubebuilder/v4/pkg/machinery" + "sigs.k8s.io/kubebuilder/v4/pkg/plugins" +) + +var _ plugins.Scaffolder = &initScaffolder{} + +type initScaffolder struct { + config config.Config + + // fs is the filesystem that will be used by the scaffolder + fs machinery.Filesystem + + // force indicates whether to scaffold controller files even if it exists or not + force bool +} + +// NewInitHelmScaffolder returns a new Scaffolder for HelmPlugin +// nolint: lll +func NewInitHelmScaffolder(config config.Config, force bool) plugins.Scaffolder { + return &initScaffolder{ + config: config, + force: force, + } +} + +// InjectFS implements cmdutil.Scaffolder +func (s *initScaffolder) InjectFS(fs machinery.Filesystem) { + s.fs = fs +} + +// Scaffold scaffolds the Helm chart with the necessary files. +func (s *initScaffolder) Scaffold() error { + log.Println("Generating Helm Chart to distribute project") + + // Initialize the map to store the extracted images from deploy-image plugin + deployImages := make(map[string]string) + + // Detect and extract the deploy-image plugin configuration + pluginConfig := struct { + Resources []struct { + Kind string `json:"kind"` + Options map[string]string `json:"options"` + } `json:"resources"` + }{} + + err := s.config.DecodePluginConfig("deploy-image.go.kubebuilder.io/v1-alpha", &pluginConfig) + if err != nil { + return fmt.Errorf("error decoding deploy-image plugin config: %w", err) + } + + // Extract images for the resources + for _, res := range pluginConfig.Resources { + image, ok := res.Options["image"] + if ok { + deployImages[strings.ToUpper(res.Kind)] = image + } + } + + // Initialize the machinery.Scaffold that will write the files to disk + scaffold := machinery.NewScaffold(s.fs, + machinery.WithConfig(s.config), + ) + + // Pass the extracted images to the HelmValues template + err = scaffold.Execute( + &templates.HelmChart{Force: s.force}, + &templates.HelmValues{ + HasWebhooks: hasWebhooks(s.config), + DeployImages: deployImages, + Force: s.force, + }, + &templates.HelmIgnore{Force: s.force}, + &chart_templates.HelmHelpers{Force: s.force}, + &chart_templates.ManagerDeployment{Force: s.force, DeployImages: len(deployImages) > 0}, + ) + if err != nil { + return err + } + + // Copy all relevant files from config/ to chart/templates/ + err = copyConfigFiles() + if err != nil { + return err + } + return nil +} + +// Helper function to copy files from config/ to dist/chart/templates/ +func copyConfigFiles() error { + // Define the source directories and destination directories under dist/chart/templates + configDirs := []struct { + SrcDir string + DestDir string + SubDir string + }{ + {"config/rbac", "dist/chart/templates/rbac", "rbac"}, + {"config/webhook", "dist/chart/templates/webhook", "webhook"}, + {"config/crd/bases", "dist/chart/templates/crds", "crd"}, + {"config/prometheus", "dist/chart/templates/prometheus", "prometheus"}, + {"config/certmanager", "dist/chart/templates/certmanager", "certmanager"}, + {"config/network-policy", "dist/chart/templates/network-policy", "networkPolicy"}, + } + + // Copy all YAML files in each directory + for _, dir := range configDirs { + files, err := filepath.Glob(filepath.Join(dir.SrcDir, "*.yaml")) + if err != nil { + return err + } + + for _, srcFile := range files { + destFile := filepath.Join(dir.DestDir, filepath.Base(srcFile)) + err := copyFileWithHelmLogic(srcFile, destFile, dir.SubDir) + if err != nil { + return err + } + } + } + + return nil +} + +// copyFileWithHelmLogic reads the source file, modifies the content for Helm, and writes it to the destination +func copyFileWithHelmLogic(srcFile, destFile, subDir string) error { + // Ensure the source file exists + if _, err := os.Stat(srcFile); os.IsNotExist(err) { + log.Printf("Source file does not exist: %s", srcFile) + return err + } + + // Read the source file + content, err := os.ReadFile(srcFile) + if err != nil { + log.Printf("Error reading source file: %s", srcFile) + return err + } + + // Convert the content into a string for easy manipulation + contentStr := string(content) + + // Skip irrelevant files like kustomization.yaml + if strings.HasSuffix(srcFile, "kustomization.yaml") || strings.HasSuffix(srcFile, "kustomizeconfig.yaml") { + log.Printf("Skipping irrelevant file: %s", srcFile) + return nil + } + + // Remove any existing labels section from the original content + contentStr = removeLabels(contentStr) + + // Replace hardcoded namespace with Helm namespace template variable + contentStr = strings.ReplaceAll(contentStr, "namespace: system", "namespace: {{ .Values.namespace }}") + + // Insert Helm template for labels at the appropriate place + contentStr = strings.Replace(contentStr, "metadata:", `metadata: + labels: + {{- include "chart.labels" . | nindent 4 }}`, 1) + + // Wrap the content with Helm conditional logic based on the subdirectory (e.g., "rbac", "manager") + wrappedContent := fmt.Sprintf("{{- if .Values.%s.create }}\n%s{{- end -}}\n", subDir, contentStr) + + // Ensure the destination directory exists + if err := os.MkdirAll(filepath.Dir(destFile), os.ModePerm); err != nil { + return err + } + + // Write the wrapped content to the destination file + err = os.WriteFile(destFile, []byte(wrappedContent), os.ModePerm) + if err != nil { + log.Printf("Error writing destination file: %s", destFile) + return err + } + + log.Printf("Successfully copied %s to %s", srcFile, destFile) + return nil +} + +// removeLabels removes any existing labels section from the content +func removeLabels(content string) string { + // Define the regex to find and remove labels sections + labelRegex := `(?m)^ labels:\n(?: [^\n]+\n)*` + re := regexp.MustCompile(labelRegex) + + // Replace any labels sections with an empty string + return re.ReplaceAllString(content, "") +} + +func hasWebhooks(config config.Config) bool { + // Check resources for webhooks + resources, err := config.GetResources() + if err != nil { + log.Errorf("error getting resources from config: %v", err) + return false + } + + for _, res := range resources { + if res.Webhooks != nil { + // Check if any webhooks (validation, defaulting, or conversion) are configured + if res.Webhooks.Defaulting || res.Webhooks.Validation || res.Webhooks.Conversion { + return true + } + } + } + return false +} diff --git a/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates/chart.go b/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates/chart.go new file mode 100644 index 00000000000..e43959d0f87 --- /dev/null +++ b/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates/chart.go @@ -0,0 +1,64 @@ +/* +Copyright 2024 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package templates + +import ( + "path/filepath" + + "sigs.k8s.io/kubebuilder/v4/pkg/machinery" +) + +var _ machinery.Template = &HelmChart{} + +// Chart scaffolds a file that defines the Helm chart structure +type HelmChart struct { + machinery.TemplateMixin + machinery.ProjectNameMixin + + Force bool +} + +// SetTemplateDefaults implements file.Template +func (f *HelmChart) SetTemplateDefaults() error { + // Define the path where the Helm Chart.yaml will be created + if f.Path == "" { + f.Path = filepath.Join("dist", "chart", "Chart.yaml") + } + + // Use the chart template defined below + f.TemplateBody = helmChartTemplate + + // Define file handling action based on Force flag + if f.Force { + f.IfExistsAction = machinery.OverwriteFile + } else { + // If file exists (ex. because a Helm chart was already created), skip creation. + f.IfExistsAction = machinery.SkipFile + } + + return nil +} + +// Define the content for the Chart.yaml file +const helmChartTemplate = `apiVersion: v2 +name: {{ .ProjectName }} +description: A Helm chart to distribute the project {{ .ProjectName }} +type: application +version: 0.1.0 +appVersion: "0.1.0" +icon: "https://example.com/icon.png" +` diff --git a/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates/chart_templates/helpers_tpl.go b/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates/chart_templates/helpers_tpl.go new file mode 100644 index 00000000000..bb915c1cc59 --- /dev/null +++ b/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates/chart_templates/helpers_tpl.go @@ -0,0 +1,103 @@ +/* +Copyright 2024 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package chart_templates + +import ( + "path/filepath" + + "sigs.k8s.io/kubebuilder/v4/pkg/machinery" +) + +var _ machinery.Template = &HelmHelpers{} + +// HelmHelpers scaffolds the _helpers.tpl file for Helm charts +type HelmHelpers struct { + machinery.TemplateMixin + machinery.ProjectNameMixin + Force bool +} + +// SetTemplateDefaults sets the default template configuration +func (f *HelmHelpers) SetTemplateDefaults() error { + // Define the path where _helpers.tpl will be created + if f.Path == "" { + f.Path = filepath.Join("dist", "chart", "templates", "_helpers.tpl") + } + + // Use the helpers.tpl template defined below + f.TemplateBody = helmHelpersTemplate + + // Define file handling action based on Force flag + if f.Force { + f.IfExistsAction = machinery.OverwriteFile + } else { + f.IfExistsAction = machinery.SkipFile + } + + return nil +} + +// Define the content for the _helpers.tpl file +const helmHelpersTemplate = `{{"{{"}}/* +Expand the name of the chart. +*/{{"}}"}} +{{"{{"}}- define "chart.name" -{{"}}" }} +{{"{{"}}- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" {{"}}"}} +{{"{{"}}- end {{"}}"}} + +{{"{{"}}/* +Create a default fully qualified app name. +*/{{"}}"}} +{{"{{"}}- define "chart.fullname" -{{"}}" }} +{{"{{"}}- if .Values.fullnameOverride {{"}}"}} +{{"{{"}}.Values.fullnameOverride | trunc 63 | trimSuffix "-" {{"}}"}} +{{"{{"}}- else {{"}}"}} +{{"{{"}}- $name := default .Chart.Name .Values.nameOverride {{"}}"}} +{{"{{"}}- if contains $name .Release.Name {{"}}"}} +{{"{{"}}.Release.Name | trunc 63 | trimSuffix "-" {{"}}"}} +{{"{{"}}- else {{"}}"}} +{{"{{"}}printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" {{"}}"}} +{{"{{"}}- end {{"}}"}} +{{"{{"}}- end {{"}}"}} +{{"{{"}}- end {{"}}"}} + +{{"{{"}}/* +Create chart name and version as used by the chart label. +*/{{"}}"}} +{{"{{"}}- define "chart.version" -{{"}}" }} +{{"{{"}}printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" {{"}}"}} +{{"{{"}}- end {{"}}"}} + +{{"{{"}}/* +Common labels +*/{{"}}"}} +{{"{{"}}- define "chart.labels" -{{"}}" }} +helm.sh/chart: {{"{{"}} include "chart.version" . {{"}}"}} +app.kubernetes.io/name: {{"{{"}} include "chart.name" . {{"}}"}} +app.kubernetes.io/instance: {{"{{"}} .Release.Name {{"}}"}} +app.kubernetes.io/version: {{"{{"}} .Chart.AppVersion | quote {{"}}"}} +app.kubernetes.io/managed-by: {{"{{"}} .Release.Service {{"}}"}} +{{"{{"}}- end {{"}}"}} + +{{"{{"}}/* +Selector labels +*/{{"}}"}} +{{"{{"}}- define "chart.selectorLabels" -{{"}}" }} +app.kubernetes.io/name: {{"{{"}} include "chart.name" . {{"}}"}} +app.kubernetes.io/instance: {{"{{"}} .Release.Name {{"}}"}} +{{"{{"}}- end {{"}}"}} +` diff --git a/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates/chart_templates/manager.go b/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates/chart_templates/manager.go new file mode 100644 index 00000000000..54fc61274a0 --- /dev/null +++ b/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates/chart_templates/manager.go @@ -0,0 +1,94 @@ +/* +Copyright 2024 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package chart_templates + +import ( + "path/filepath" + + "sigs.k8s.io/kubebuilder/v4/pkg/machinery" +) + +var _ machinery.Template = &ManagerDeployment{} + +// ManagerDeployment scaffolds the manager Deployment for the Helm chart +type ManagerDeployment struct { + machinery.TemplateMixin + + DeployImages bool + Force bool +} + +// SetTemplateDefaults sets the default template configuration +func (f *ManagerDeployment) SetTemplateDefaults() error { + // Define the path where manager.yaml will be created + if f.Path == "" { + f.Path = filepath.Join("dist", "chart", "templates", "manager", "manager.yaml") + } + + // Use the manager.yaml template defined below + f.TemplateBody = managerDeploymentTemplate + + // Define file handling action based on Force flag + if f.Force { + f.IfExistsAction = machinery.OverwriteFile + } else { + // If file exists, skip creation. + f.IfExistsAction = machinery.SkipFile + } + + return nil +} + +// Define the content for the manager.yaml file +const managerDeploymentTemplate = `apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: {{"{{" }} .Values.namespace {{"}}" }} + labels: + {{"{{" }}- include "chart.labels" . | nindent 4 {{"}}" }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{"{{" }} include "chart.name" . {{"}}" }} + app.kubernetes.io/instance: {{"{{" }} .Release.Name {{"}}" }} + template: + metadata: + labels: + {{"{{" }}- include "chart.labels" . | nindent 8 {{"}}" }} + spec: + serviceAccountName: {{"{{" }} .Values.controllerManager.serviceAccountName {{"}}" }} + containers: + - name: manager + image: {{"{{" }} .Values.controllerManager.image.repository {{"}}" }}:{{"{{" }} .Values.controllerManager.image.tag {{"}}" }} + {{- if .DeployImages }} + env: + {{"{{" }}- range $key, $value := .Values.controllerManager.env {{"}}" }} + - name: {{"{{" }} $key {{"}}" }} + value: {{"{{" }} $value {{"}}" }} + {{"{{" }}- end {{"}}" }} + {{- end }} + livenessProbe: + {{"{{" }}- toYaml .Values.controllerManager.livenessProbe | nindent 8 {{"}}" }} + readinessProbe: + {{"{{" }}- toYaml .Values.controllerManager.readinessProbe | nindent 8 {{"}}" }} + resources: + {{"{{" }}- toYaml .Values.controllerManager.resources | nindent 8 {{"}}" }} + securityContext: + {{"{{" }}- toYaml .Values.controllerManager.securityContext | nindent 8 {{"}}" }} + terminationGracePeriodSeconds: {{"{{" }} .Values.controllerManager.terminationGracePeriodSeconds {{"}}" }} +` diff --git a/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates/helmignore.go b/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates/helmignore.go new file mode 100644 index 00000000000..47ef594aad5 --- /dev/null +++ b/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates/helmignore.go @@ -0,0 +1,83 @@ +/* +Copyright 2024 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package templates + +import ( + "path/filepath" + + "sigs.k8s.io/kubebuilder/v4/pkg/machinery" +) + +var _ machinery.Template = &HelmIgnore{} + +// HelmIgnore scaffolds a file that defines the .helmignore for Helm packaging +type HelmIgnore struct { + machinery.TemplateMixin + + Force bool +} + +// SetTemplateDefaults implements file.Template +func (f *HelmIgnore) SetTemplateDefaults() error { + // Define the path where the .helmignore will be created + if f.Path == "" { + f.Path = filepath.Join("dist", "chart", ".helmignore") + } + + // Use the .helmignore template defined below + f.TemplateBody = helmIgnoreTemplate + + // Define file handling action based on Force flag + if f.Force { + f.IfExistsAction = machinery.OverwriteFile + } else { + // If file exists, skip creation. + f.IfExistsAction = machinery.SkipFile + } + + return nil +} + +// Define the content for the .helmignore file +const helmIgnoreTemplate = `# Patterns to ignore when building Helm packages. +# Supports shell glob matching, relative path matching, and negation. + +# Operating system files +.DS_Store + +# Version control directories +.git/ +.gitignore +.bzr/ +.hg/ +.hgignore +.svn/ + +# Backup and temporary files +*.swp +*.tmp +*.bak +*.orig +*~ + +# IDE and editor-related files +.idea/ +.vscode/ + +# Helm chart artifacts +dist/chart/*.tgz +` diff --git a/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates/values.go b/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates/values.go new file mode 100644 index 00000000000..553e221becd --- /dev/null +++ b/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates/values.go @@ -0,0 +1,129 @@ +/* +Copyright 2024 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package templates + +import ( + "path/filepath" + + "sigs.k8s.io/kubebuilder/v4/pkg/machinery" +) + +var _ machinery.Template = &HelmValues{} + +// Values scaffolds a file that defines the values.yaml structure for the Helm chart +type HelmValues struct { + machinery.TemplateMixin + machinery.ProjectNameMixin + + // DeployImages store the images used for the DeployImage plugin + DeployImages map[string]string + Force bool + HasWebhooks bool +} + +// SetTemplateDefaults implements file.Template +func (f *HelmValues) SetTemplateDefaults() error { + // Define the path where the values.yaml will be created + if f.Path == "" { + f.Path = filepath.Join("dist", "chart", "values.yaml") + } + + // Use the values.yaml template defined below + f.TemplateBody = helmValuesTemplate + + // Define file handling action based on Force flag + if f.Force { + f.IfExistsAction = machinery.OverwriteFile + } else { + // If file exists, skip creation. + f.IfExistsAction = machinery.SkipFile + } + + return nil +} + +// Define the content for the values.yaml file +const helmValuesTemplate = `# Default values for the Kubebuilder Helm chart + +namespace: {{ .ProjectName }}-system + +# Controller Manager settings +controllerManager: + image: + repository: controller + tag: latest + replicas: 1 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + livenessProbe: + initialDelaySeconds: 15 + periodSeconds: 20 + httpGet: + path: /healthz + port: 8081 + readinessProbe: + initialDelaySeconds: 5 + periodSeconds: 10 + httpGet: + path: /readyz + port: 8081 + securityContext: + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + serviceAccountName: controller-manager + terminationGracePeriodSeconds: 10 +{{- if .DeployImages }} + env: +{{- range $kind, $image := .DeployImages }} + {{ $kind }}_IMAGE: {{ $image }} +{{- end }} +{{- end }} + +# RBAC settings +rbac: + create: true + +# CRDs settings +crd: + create: true + +{{ if .HasWebhooks }} +# Webhook service settings +webhook: + create: true +{{ end }} + +# Prometheus monitoring settings +prometheus: + create: false + +# CertManager settings for certificates +certmanager: + create: false + +# Network policies +networkPolicy: + create: false +` diff --git a/test/e2e/utils/test_context.go b/test/e2e/utils/test_context.go index 922e235aa29..5d02f6add53 100644 --- a/test/e2e/utils/test_context.go +++ b/test/e2e/utils/test_context.go @@ -331,3 +331,58 @@ func (t *TestContext) AllowProjectBeMultiGroup() error { } return nil } + +// InstallHelm installs Helm in the e2e server. +func (t *TestContext) InstallHelm() error { + // You can fetch the latest Helm installation script from its official website + helmInstallScript := "https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3" + + // Use curl to fetch the Helm installation script and install Helm + cmd := exec.Command("bash", "-c", fmt.Sprintf("curl -fsSL %s | bash", helmInstallScript)) + + // Run the command to install Helm + if output, err := cmd.CombinedOutput(); err != nil { + return fmt.Errorf("failed to install Helm: %s", string(output)) + } + + // Optionally verify that Helm was installed correctly by running `helm version` + verifyCmd := exec.Command("helm", "version") + if output, err := verifyCmd.CombinedOutput(); err != nil { + return fmt.Errorf("failed to verify Helm installation: %s", string(output)) + } + + return nil +} + +// UninstallHelmRelease removes the specified Helm release from the cluster. +func (t *TestContext) UninstallHelmRelease(releaseName, namespace string) error { + // Uninstall the Helm release + cmd := exec.Command("helm", "uninstall", releaseName, "--namespace", namespace) + + // Run the command to uninstall the Helm release + if output, err := cmd.CombinedOutput(); err != nil { + return fmt.Errorf("failed to uninstall Helm release %s: %s", releaseName, string(output)) + } + + // Optionally wait for the namespace to be cleaned up + if _, err := t.Kubectl.Wait(false, "namespace", namespace, "--for=delete", "--timeout=2m"); err != nil { + return fmt.Errorf("failed to wait for namespace deletion: %s", err) + } + + return nil +} + +// EditHelmPlugin is for running `kubebuilder edit plugins=helm.kubebuilder.io/v1-alpha` +func (t *TestContext) EditHelmPlugin() error { + cmd := exec.Command(t.BinaryName, "edit", "plugins=helm.kubebuilder.io/v1-alpha") + _, err := t.Run(cmd) + return err +} + +// HelmInstallRelease is for running install the HelmChart +func (t *TestContext) HelmInstallRelease() error { + cmd := exec.Command("helm", "install", fmt.Sprintf("release-%s", t.TestSuffix), fmt.Sprintf("%s/dist/chart", t.Dir), + "create-namespace", "namespace", fmt.Sprintf("e2e-%s-system", t.TestSuffix)) + _, err := t.Run(cmd) + return err +} diff --git a/test/e2e/v4/plugin_cluster_test.go b/test/e2e/v4/plugin_cluster_test.go index 8c47403369b..28a66b88e27 100644 --- a/test/e2e/v4/plugin_cluster_test.go +++ b/test/e2e/v4/plugin_cluster_test.go @@ -69,39 +69,46 @@ var _ = Describe("kubebuilder", func() { It("should generate a runnable project", func() { kbc.IsRestricted = false GenerateV4(kbc) - Run(kbc, true, false, true, false) + Run(kbc, true, false, false, true, false) }) It("should generate a runnable project with the Installer", func() { kbc.IsRestricted = false GenerateV4(kbc) - Run(kbc, false, true, true, false) + Run(kbc, false, true, false, true, false) + }) + It("should generate a runnable project with the HelmChart", func() { + kbc.IsRestricted = false + GenerateV4(kbc) + Expect(kbc.InstallHelm()).To(Succeed()) + Run(kbc, false, false, true, true, false) }) It("should generate a runnable project without metrics exposed", func() { kbc.IsRestricted = false GenerateV4WithoutMetrics(kbc) - Run(kbc, true, false, false, false) + Run(kbc, true, false, false, false, false) }) It("should generate a runnable project with metrics protected by network policies", func() { kbc.IsRestricted = false GenerateV4WithNetworkPoliciesWithoutWebhooks(kbc) - Run(kbc, false, false, true, true) + Run(kbc, false, false, false, true, true) }) It("should generate a runnable project with webhooks and metrics protected by network policies", func() { kbc.IsRestricted = false GenerateV4WithNetworkPolicies(kbc) - Run(kbc, true, false, true, true) + Run(kbc, true, false, false, true, true) }) It("should generate a runnable project with the manager running "+ "as restricted and without webhooks", func() { kbc.IsRestricted = true GenerateV4WithoutWebhooks(kbc) - Run(kbc, false, false, true, false) + Run(kbc, false, false, false, true, false) }) }) }) // Run runs a set of e2e tests for a scaffolded project defined by a TestContext. -func Run(kbc *utils.TestContext, hasWebhook, isToUseInstaller, hasMetrics bool, hasNetworkPolicies bool) { +func Run(kbc *utils.TestContext, hasWebhook, isToUseInstaller, isToUseHelmChart, hasMetrics bool, + hasNetworkPolicies bool) { var controllerPodName string var err error var output []byte @@ -132,14 +139,14 @@ func Run(kbc *utils.TestContext, hasWebhook, isToUseInstaller, hasMetrics bool, err = kbc.LoadImageToKindCluster() ExpectWithOffset(1, err).NotTo(HaveOccurred()) - if !isToUseInstaller { + if !isToUseInstaller && !isToUseHelmChart { By("deploying the controller-manager") cmd := exec.Command("make", "deploy", "IMG="+kbc.ImageName) output, err = kbc.Run(cmd) ExpectWithOffset(1, err).NotTo(HaveOccurred()) } - if isToUseInstaller { + if isToUseInstaller && !isToUseHelmChart { By("building the installer") err = kbc.Make("build-installer", "IMG="+kbc.ImageName) ExpectWithOffset(1, err).NotTo(HaveOccurred()) @@ -149,6 +156,15 @@ func Run(kbc *utils.TestContext, hasWebhook, isToUseInstaller, hasMetrics bool, ExpectWithOffset(1, err).NotTo(HaveOccurred()) } + if isToUseHelmChart && !isToUseInstaller { + By("building the helm-chart") + err = kbc.EditHelmPlugin() + Expect(err).NotTo(HaveOccurred(), "Failed to edit project to generate helm-chart") + + By("install with Helm release") + err = kbc.HelmInstallRelease() + Expect(err).NotTo(HaveOccurred(), "Failed to install helm release") + } if kbc.IsRestricted { By("validating that manager Pod/container(s) are restricted") ExpectWithOffset(1, output).NotTo(ContainSubstring("Warning: would violate PodSecurity")) diff --git a/test/testdata/generate.sh b/test/testdata/generate.sh index f9d5d2f3d8d..71acc38a963 100755 --- a/test/testdata/generate.sh +++ b/test/testdata/generate.sh @@ -95,6 +95,12 @@ function scaffold_test_project { make all make build-installer + + if [[ $project =~ multigroup ]] || [[ $project =~ with-plugins ]] ; then + header_text 'Editing project with Helm plugin ...' + $kb edit --plugins=helm.kubebuilder.io/v1-alpha + fi + # To avoid conflicts rm -f go.sum go mod tidy diff --git a/testdata/project-v4-multigroup/PROJECT b/testdata/project-v4-multigroup/PROJECT index ab8ce10ec1e..56d8f2cd135 100644 --- a/testdata/project-v4-multigroup/PROJECT +++ b/testdata/project-v4-multigroup/PROJECT @@ -25,6 +25,7 @@ plugins: image: busybox:1.36.1 version: v1alpha1 grafana.kubebuilder.io/v1-alpha: {} + helm.kubebuilder.io/v1-alpha: {} projectName: project-v4-multigroup repo: sigs.k8s.io/kubebuilder/testdata/project-v4-multigroup resources: diff --git a/testdata/project-v4-multigroup/dist/chart/.helmignore b/testdata/project-v4-multigroup/dist/chart/.helmignore new file mode 100644 index 00000000000..4eba77dd129 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/.helmignore @@ -0,0 +1,27 @@ +# Patterns to ignore when building Helm packages. +# Supports shell glob matching, relative path matching, and negation. + +# Operating system files +.DS_Store + +# Version control directories +.git/ +.gitignore +.bzr/ +.hg/ +.hgignore +.svn/ + +# Backup and temporary files +*.swp +*.tmp +*.bak +*.orig +*~ + +# IDE and editor-related files +.idea/ +.vscode/ + +# Helm chart artifacts +dist/chart/*.tgz diff --git a/testdata/project-v4-multigroup/dist/chart/Chart.yaml b/testdata/project-v4-multigroup/dist/chart/Chart.yaml new file mode 100644 index 00000000000..16168e41f30 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +name: project-v4-multigroup +description: A Helm chart to distribute the project project-v4-multigroup +type: application +version: 0.1.0 +appVersion: "0.1.0" +icon: "https://example.com/icon.png" diff --git a/testdata/project-v4-multigroup/dist/chart/templates/_helpers.tpl b/testdata/project-v4-multigroup/dist/chart/templates/_helpers.tpl new file mode 100644 index 00000000000..e8fb6a44608 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/_helpers.tpl @@ -0,0 +1,48 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "chart.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +*/}} +{{- define "chart.fullname" -}} +{{- if .Values.fullnameOverride }} +{{.Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{.Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "chart.version" -}} +{{printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "chart.labels" -}} +helm.sh/chart: {{ include "chart.version" . }} +app.kubernetes.io/name: {{ include "chart.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "chart.selectorLabels" -}} +app.kubernetes.io/name: {{ include "chart.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/certmanager/certificate.yaml b/testdata/project-v4-multigroup/dist/chart/templates/certmanager/certificate.yaml new file mode 100755 index 00000000000..dc58c3af859 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/certmanager/certificate.yaml @@ -0,0 +1,29 @@ +{{- if .Values.certmanager.create }} +# The following manifests contain a self-signed issuer CR and a certificate CR. +# More document can be found at https://docs.cert-manager.io +# WARNING: Targets CertManager v1.0. Check https://cert-manager.io/docs/installation/upgrading/ for breaking changes. +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: selfsigned-issuer + namespace: {{ .Values.namespace }} +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml + namespace: {{ .Values.namespace }} +spec: + # SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize + dnsNames: + - SERVICE_NAME.SERVICE_NAMESPACE.svc + - SERVICE_NAME.SERVICE_NAMESPACE.svc.cluster.local + issuerRef: + kind: Issuer + name: selfsigned-issuer + secretName: webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/crds/crew.testproject.org_captains.yaml b/testdata/project-v4-multigroup/dist/chart/templates/crds/crew.testproject.org_captains.yaml new file mode 100755 index 00000000000..02b2d49e8f0 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/crds/crew.testproject.org_captains.yaml @@ -0,0 +1,58 @@ +{{- if .Values.crd.create }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: captains.crew.testproject.org +spec: + group: crew.testproject.org + names: + kind: Captain + listKind: CaptainList + plural: captains + singular: captain + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Captain is the Schema for the captains API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: CaptainSpec defines the desired state of Captain. + properties: + foo: + description: Foo is an example field of Captain. Edit captain_types.go + to remove/update + type: string + type: object + status: + description: CaptainStatus defines the observed state of Captain. + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/crds/example.com.testproject.org_busyboxes.yaml b/testdata/project-v4-multigroup/dist/chart/templates/crds/example.com.testproject.org_busyboxes.yaml new file mode 100755 index 00000000000..fba78ef68fc --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/crds/example.com.testproject.org_busyboxes.yaml @@ -0,0 +1,120 @@ +{{- if .Values.crd.create }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: busyboxes.example.com.testproject.org +spec: + group: example.com.testproject.org + names: + kind: Busybox + listKind: BusyboxList + plural: busyboxes + singular: busybox + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Busybox is the Schema for the busyboxes API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: BusyboxSpec defines the desired state of Busybox + properties: + size: + description: |- + Size defines the number of Busybox instances + The following markers will use OpenAPI v3 schema to validate the value + More info: https://book.kubebuilder.io/reference/markers/crd-validation.html + format: int32 + maximum: 3 + minimum: 1 + type: integer + type: object + status: + description: BusyboxStatus defines the observed state of Busybox + properties: + conditions: + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/crds/example.com.testproject.org_memcacheds.yaml b/testdata/project-v4-multigroup/dist/chart/templates/crds/example.com.testproject.org_memcacheds.yaml new file mode 100755 index 00000000000..b389828fe06 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/crds/example.com.testproject.org_memcacheds.yaml @@ -0,0 +1,125 @@ +{{- if .Values.crd.create }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: memcacheds.example.com.testproject.org +spec: + group: example.com.testproject.org + names: + kind: Memcached + listKind: MemcachedList + plural: memcacheds + singular: memcached + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Memcached is the Schema for the memcacheds API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: MemcachedSpec defines the desired state of Memcached + properties: + containerPort: + description: Port defines the port that will be used to init the container + with the image + format: int32 + type: integer + size: + description: |- + Size defines the number of Memcached instances + The following markers will use OpenAPI v3 schema to validate the value + More info: https://book.kubebuilder.io/reference/markers/crd-validation.html + format: int32 + maximum: 3 + minimum: 1 + type: integer + type: object + status: + description: MemcachedStatus defines the observed state of Memcached + properties: + conditions: + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/crds/fiz.testproject.org_bars.yaml b/testdata/project-v4-multigroup/dist/chart/templates/crds/fiz.testproject.org_bars.yaml new file mode 100755 index 00000000000..fc4814abc54 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/crds/fiz.testproject.org_bars.yaml @@ -0,0 +1,58 @@ +{{- if .Values.crd.create }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: bars.fiz.testproject.org +spec: + group: fiz.testproject.org + names: + kind: Bar + listKind: BarList + plural: bars + singular: bar + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Bar is the Schema for the bars API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: BarSpec defines the desired state of Bar. + properties: + foo: + description: Foo is an example field of Bar. Edit bar_types.go to + remove/update + type: string + type: object + status: + description: BarStatus defines the observed state of Bar. + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/crds/foo.policy.testproject.org_healthcheckpolicies.yaml b/testdata/project-v4-multigroup/dist/chart/templates/crds/foo.policy.testproject.org_healthcheckpolicies.yaml new file mode 100755 index 00000000000..c0b156d637c --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/crds/foo.policy.testproject.org_healthcheckpolicies.yaml @@ -0,0 +1,58 @@ +{{- if .Values.crd.create }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: healthcheckpolicies.foo.policy.testproject.org +spec: + group: foo.policy.testproject.org + names: + kind: HealthCheckPolicy + listKind: HealthCheckPolicyList + plural: healthcheckpolicies + singular: healthcheckpolicy + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: HealthCheckPolicy is the Schema for the healthcheckpolicies API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: HealthCheckPolicySpec defines the desired state of HealthCheckPolicy. + properties: + foo: + description: Foo is an example field of HealthCheckPolicy. Edit healthcheckpolicy_types.go + to remove/update + type: string + type: object + status: + description: HealthCheckPolicyStatus defines the observed state of HealthCheckPolicy. + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/crds/foo.testproject.org_bars.yaml b/testdata/project-v4-multigroup/dist/chart/templates/crds/foo.testproject.org_bars.yaml new file mode 100755 index 00000000000..d38a6727bfd --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/crds/foo.testproject.org_bars.yaml @@ -0,0 +1,58 @@ +{{- if .Values.crd.create }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: bars.foo.testproject.org +spec: + group: foo.testproject.org + names: + kind: Bar + listKind: BarList + plural: bars + singular: bar + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Bar is the Schema for the bars API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: BarSpec defines the desired state of Bar. + properties: + foo: + description: Foo is an example field of Bar. Edit bar_types.go to + remove/update + type: string + type: object + status: + description: BarStatus defines the observed state of Bar. + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/crds/sea-creatures.testproject.org_krakens.yaml b/testdata/project-v4-multigroup/dist/chart/templates/crds/sea-creatures.testproject.org_krakens.yaml new file mode 100755 index 00000000000..271c9a291df --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/crds/sea-creatures.testproject.org_krakens.yaml @@ -0,0 +1,58 @@ +{{- if .Values.crd.create }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: krakens.sea-creatures.testproject.org +spec: + group: sea-creatures.testproject.org + names: + kind: Kraken + listKind: KrakenList + plural: krakens + singular: kraken + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: Kraken is the Schema for the krakens API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: KrakenSpec defines the desired state of Kraken. + properties: + foo: + description: Foo is an example field of Kraken. Edit kraken_types.go + to remove/update + type: string + type: object + status: + description: KrakenStatus defines the observed state of Kraken. + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/crds/sea-creatures.testproject.org_leviathans.yaml b/testdata/project-v4-multigroup/dist/chart/templates/crds/sea-creatures.testproject.org_leviathans.yaml new file mode 100755 index 00000000000..046f746eaa9 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/crds/sea-creatures.testproject.org_leviathans.yaml @@ -0,0 +1,58 @@ +{{- if .Values.crd.create }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: leviathans.sea-creatures.testproject.org +spec: + group: sea-creatures.testproject.org + names: + kind: Leviathan + listKind: LeviathanList + plural: leviathans + singular: leviathan + scope: Namespaced + versions: + - name: v1beta2 + schema: + openAPIV3Schema: + description: Leviathan is the Schema for the leviathans API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: LeviathanSpec defines the desired state of Leviathan. + properties: + foo: + description: Foo is an example field of Leviathan. Edit leviathan_types.go + to remove/update + type: string + type: object + status: + description: LeviathanStatus defines the observed state of Leviathan. + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/crds/ship.testproject.org_cruisers.yaml b/testdata/project-v4-multigroup/dist/chart/templates/crds/ship.testproject.org_cruisers.yaml new file mode 100755 index 00000000000..73dc3e6fe69 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/crds/ship.testproject.org_cruisers.yaml @@ -0,0 +1,58 @@ +{{- if .Values.crd.create }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: cruisers.ship.testproject.org +spec: + group: ship.testproject.org + names: + kind: Cruiser + listKind: CruiserList + plural: cruisers + singular: cruiser + scope: Cluster + versions: + - name: v2alpha1 + schema: + openAPIV3Schema: + description: Cruiser is the Schema for the cruisers API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: CruiserSpec defines the desired state of Cruiser. + properties: + foo: + description: Foo is an example field of Cruiser. Edit cruiser_types.go + to remove/update + type: string + type: object + status: + description: CruiserStatus defines the observed state of Cruiser. + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/crds/ship.testproject.org_destroyers.yaml b/testdata/project-v4-multigroup/dist/chart/templates/crds/ship.testproject.org_destroyers.yaml new file mode 100755 index 00000000000..91bd867ccc0 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/crds/ship.testproject.org_destroyers.yaml @@ -0,0 +1,58 @@ +{{- if .Values.crd.create }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: destroyers.ship.testproject.org +spec: + group: ship.testproject.org + names: + kind: Destroyer + listKind: DestroyerList + plural: destroyers + singular: destroyer + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Destroyer is the Schema for the destroyers API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DestroyerSpec defines the desired state of Destroyer. + properties: + foo: + description: Foo is an example field of Destroyer. Edit destroyer_types.go + to remove/update + type: string + type: object + status: + description: DestroyerStatus defines the observed state of Destroyer. + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/crds/ship.testproject.org_frigates.yaml b/testdata/project-v4-multigroup/dist/chart/templates/crds/ship.testproject.org_frigates.yaml new file mode 100755 index 00000000000..68ba6314522 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/crds/ship.testproject.org_frigates.yaml @@ -0,0 +1,58 @@ +{{- if .Values.crd.create }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: frigates.ship.testproject.org +spec: + group: ship.testproject.org + names: + kind: Frigate + listKind: FrigateList + plural: frigates + singular: frigate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: Frigate is the Schema for the frigates API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: FrigateSpec defines the desired state of Frigate. + properties: + foo: + description: Foo is an example field of Frigate. Edit frigate_types.go + to remove/update + type: string + type: object + status: + description: FrigateStatus defines the observed state of Frigate. + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/manager/manager.yaml b/testdata/project-v4-multigroup/dist/chart/templates/manager/manager.yaml new file mode 100644 index 00000000000..dcd3041b46f --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/manager/manager.yaml @@ -0,0 +1,35 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: {{ .Values.namespace }} + labels: + {{- include "chart.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ include "chart.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + {{- include "chart.labels" . | nindent 8 }} + spec: + serviceAccountName: {{ .Values.controllerManager.serviceAccountName }} + containers: + - name: manager + image: {{ .Values.controllerManager.image.repository }}:{{ .Values.controllerManager.image.tag }} + env: + {{- range $key, $value := .Values.controllerManager.env }} + - name: {{ $key }} + value: {{ $value }} + {{- end }} + livenessProbe: + {{- toYaml .Values.controllerManager.livenessProbe | nindent 8 }} + readinessProbe: + {{- toYaml .Values.controllerManager.readinessProbe | nindent 8 }} + resources: + {{- toYaml .Values.controllerManager.resources | nindent 8 }} + securityContext: + {{- toYaml .Values.controllerManager.securityContext | nindent 8 }} + terminationGracePeriodSeconds: {{ .Values.controllerManager.terminationGracePeriodSeconds }} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/network-policy/allow-metrics-traffic.yaml b/testdata/project-v4-multigroup/dist/chart/templates/network-policy/allow-metrics-traffic.yaml new file mode 100755 index 00000000000..460cb846983 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/network-policy/allow-metrics-traffic.yaml @@ -0,0 +1,27 @@ +{{- if .Values.networkPolicy.create }} +# This NetworkPolicy allows ingress traffic +# with Pods running on namespaces labeled with 'metrics: enabled'. Only Pods on those +# namespaces are able to gathering data from the metrics endpoint. +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: allow-metrics-traffic + namespace: {{ .Values.namespace }} +spec: + podSelector: + matchLabels: + control-plane: controller-manager + policyTypes: + - Ingress + ingress: + # This allows ingress traffic from any namespace with the label metrics: enabled + - from: + - namespaceSelector: + matchLabels: + metrics: enabled # Only from namespaces with this label + ports: + - port: 8443 + protocol: TCP +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/network-policy/allow-webhook-traffic.yaml b/testdata/project-v4-multigroup/dist/chart/templates/network-policy/allow-webhook-traffic.yaml new file mode 100755 index 00000000000..3a34a352302 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/network-policy/allow-webhook-traffic.yaml @@ -0,0 +1,27 @@ +{{- if .Values.networkPolicy.create }} +# This NetworkPolicy allows ingress traffic to your webhook server running +# as part of the controller-manager from specific namespaces and pods. CR(s) which uses webhooks +# will only work when applied in namespaces labeled with 'webhook: enabled' +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: allow-webhook-traffic + namespace: {{ .Values.namespace }} +spec: + podSelector: + matchLabels: + control-plane: controller-manager + policyTypes: + - Ingress + ingress: + # This allows ingress traffic from any namespace with the label webhook: enabled + - from: + - namespaceSelector: + matchLabels: + webhook: enabled # Only from namespaces with this label + ports: + - port: 443 + protocol: TCP +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/prometheus/monitor.yaml b/testdata/project-v4-multigroup/dist/chart/templates/prometheus/monitor.yaml new file mode 100755 index 00000000000..41ab6e848d7 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/prometheus/monitor.yaml @@ -0,0 +1,30 @@ +{{- if .Values.prometheus.create }} +# Prometheus Monitor Service (Metrics) +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: controller-manager-metrics-monitor + namespace: {{ .Values.namespace }} +spec: + endpoints: + - path: /metrics + port: https # Ensure this is the name of the port that exposes HTTPS metrics + scheme: https + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + tlsConfig: + # TODO(user): The option insecureSkipVerify: true is not recommended for production since it disables + # certificate verification. This poses a significant security risk by making the system vulnerable to + # man-in-the-middle attacks, where an attacker could intercept and manipulate the communication between + # Prometheus and the monitored services. This could lead to unauthorized access to sensitive metrics data, + # compromising the integrity and confidentiality of the information. + # Please use the following options for secure configurations: + # caFile: /etc/metrics-certs/ca.crt + # certFile: /etc/metrics-certs/tls.crt + # keyFile: /etc/metrics-certs/tls.key + insecureSkipVerify: true + selector: + matchLabels: + control-plane: controller-manager +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/crew_captain_editor_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/crew_captain_editor_role.yaml new file mode 100755 index 00000000000..151e92cbccf --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/crew_captain_editor_role.yaml @@ -0,0 +1,28 @@ +{{- if .Values.rbac.create }} +# permissions for end users to edit captains. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: crew-captain-editor-role +rules: +- apiGroups: + - crew.testproject.org + resources: + - captains + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - crew.testproject.org + resources: + - captains/status + verbs: + - get +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/crew_captain_viewer_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/crew_captain_viewer_role.yaml new file mode 100755 index 00000000000..bba3bcba01d --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/crew_captain_viewer_role.yaml @@ -0,0 +1,24 @@ +{{- if .Values.rbac.create }} +# permissions for end users to view captains. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: crew-captain-viewer-role +rules: +- apiGroups: + - crew.testproject.org + resources: + - captains + verbs: + - get + - list + - watch +- apiGroups: + - crew.testproject.org + resources: + - captains/status + verbs: + - get +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/example.com_busybox_editor_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/example.com_busybox_editor_role.yaml new file mode 100755 index 00000000000..b1fe015cb1a --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/example.com_busybox_editor_role.yaml @@ -0,0 +1,28 @@ +{{- if .Values.rbac.create }} +# permissions for end users to edit busyboxes. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: example.com-busybox-editor-role +rules: +- apiGroups: + - example.com.testproject.org + resources: + - busyboxes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - example.com.testproject.org + resources: + - busyboxes/status + verbs: + - get +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/example.com_busybox_viewer_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/example.com_busybox_viewer_role.yaml new file mode 100755 index 00000000000..db0b7ecb89b --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/example.com_busybox_viewer_role.yaml @@ -0,0 +1,24 @@ +{{- if .Values.rbac.create }} +# permissions for end users to view busyboxes. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: example.com-busybox-viewer-role +rules: +- apiGroups: + - example.com.testproject.org + resources: + - busyboxes + verbs: + - get + - list + - watch +- apiGroups: + - example.com.testproject.org + resources: + - busyboxes/status + verbs: + - get +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/example.com_memcached_editor_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/example.com_memcached_editor_role.yaml new file mode 100755 index 00000000000..19f32db855d --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/example.com_memcached_editor_role.yaml @@ -0,0 +1,28 @@ +{{- if .Values.rbac.create }} +# permissions for end users to edit memcacheds. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: example.com-memcached-editor-role +rules: +- apiGroups: + - example.com.testproject.org + resources: + - memcacheds + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - example.com.testproject.org + resources: + - memcacheds/status + verbs: + - get +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/example.com_memcached_viewer_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/example.com_memcached_viewer_role.yaml new file mode 100755 index 00000000000..c93e28c2871 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/example.com_memcached_viewer_role.yaml @@ -0,0 +1,24 @@ +{{- if .Values.rbac.create }} +# permissions for end users to view memcacheds. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: example.com-memcached-viewer-role +rules: +- apiGroups: + - example.com.testproject.org + resources: + - memcacheds + verbs: + - get + - list + - watch +- apiGroups: + - example.com.testproject.org + resources: + - memcacheds/status + verbs: + - get +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/fiz_bar_editor_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/fiz_bar_editor_role.yaml new file mode 100755 index 00000000000..44e7e787327 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/fiz_bar_editor_role.yaml @@ -0,0 +1,28 @@ +{{- if .Values.rbac.create }} +# permissions for end users to edit bars. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: fiz-bar-editor-role +rules: +- apiGroups: + - fiz.testproject.org + resources: + - bars + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - fiz.testproject.org + resources: + - bars/status + verbs: + - get +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/fiz_bar_viewer_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/fiz_bar_viewer_role.yaml new file mode 100755 index 00000000000..91326492019 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/fiz_bar_viewer_role.yaml @@ -0,0 +1,24 @@ +{{- if .Values.rbac.create }} +# permissions for end users to view bars. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: fiz-bar-viewer-role +rules: +- apiGroups: + - fiz.testproject.org + resources: + - bars + verbs: + - get + - list + - watch +- apiGroups: + - fiz.testproject.org + resources: + - bars/status + verbs: + - get +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/foo.policy_healthcheckpolicy_editor_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/foo.policy_healthcheckpolicy_editor_role.yaml new file mode 100755 index 00000000000..2be9acfdbda --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/foo.policy_healthcheckpolicy_editor_role.yaml @@ -0,0 +1,28 @@ +{{- if .Values.rbac.create }} +# permissions for end users to edit healthcheckpolicies. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: foo.policy-healthcheckpolicy-editor-role +rules: +- apiGroups: + - foo.policy.testproject.org + resources: + - healthcheckpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - foo.policy.testproject.org + resources: + - healthcheckpolicies/status + verbs: + - get +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/foo.policy_healthcheckpolicy_viewer_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/foo.policy_healthcheckpolicy_viewer_role.yaml new file mode 100755 index 00000000000..9585db188e7 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/foo.policy_healthcheckpolicy_viewer_role.yaml @@ -0,0 +1,24 @@ +{{- if .Values.rbac.create }} +# permissions for end users to view healthcheckpolicies. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: foo.policy-healthcheckpolicy-viewer-role +rules: +- apiGroups: + - foo.policy.testproject.org + resources: + - healthcheckpolicies + verbs: + - get + - list + - watch +- apiGroups: + - foo.policy.testproject.org + resources: + - healthcheckpolicies/status + verbs: + - get +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/foo_bar_editor_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/foo_bar_editor_role.yaml new file mode 100755 index 00000000000..35636a8dce2 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/foo_bar_editor_role.yaml @@ -0,0 +1,28 @@ +{{- if .Values.rbac.create }} +# permissions for end users to edit bars. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: foo-bar-editor-role +rules: +- apiGroups: + - foo.testproject.org + resources: + - bars + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - foo.testproject.org + resources: + - bars/status + verbs: + - get +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/foo_bar_viewer_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/foo_bar_viewer_role.yaml new file mode 100755 index 00000000000..5ea6e38add2 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/foo_bar_viewer_role.yaml @@ -0,0 +1,24 @@ +{{- if .Values.rbac.create }} +# permissions for end users to view bars. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: foo-bar-viewer-role +rules: +- apiGroups: + - foo.testproject.org + resources: + - bars + verbs: + - get + - list + - watch +- apiGroups: + - foo.testproject.org + resources: + - bars/status + verbs: + - get +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/leader_election_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/leader_election_role.yaml new file mode 100755 index 00000000000..07bb4a2c407 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/leader_election_role.yaml @@ -0,0 +1,41 @@ +{{- if .Values.rbac.create }} +# permissions to do leader election. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: leader-election-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/leader_election_role_binding.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/leader_election_role_binding.yaml new file mode 100755 index 00000000000..f81780e69df --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/leader_election_role_binding.yaml @@ -0,0 +1,16 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: leader-election-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: leader-election-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: {{ .Values.namespace }} +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/metrics_auth_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/metrics_auth_role.yaml new file mode 100755 index 00000000000..d3edf2766af --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/metrics_auth_role.yaml @@ -0,0 +1,21 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: metrics-auth-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/metrics_auth_role_binding.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/metrics_auth_role_binding.yaml new file mode 100755 index 00000000000..f051f06d96f --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/metrics_auth_role_binding.yaml @@ -0,0 +1,16 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: metrics-auth-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: metrics-auth-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: {{ .Values.namespace }} +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/metrics_reader_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/metrics_reader_role.yaml new file mode 100755 index 00000000000..df8bd5b4b1d --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/metrics_reader_role.yaml @@ -0,0 +1,13 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: metrics-reader +rules: +- nonResourceURLs: + - "/metrics" + verbs: + - get +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/role.yaml new file mode 100755 index 00000000000..e3c79bb0a2c --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/role.yaml @@ -0,0 +1,248 @@ +{{- if .Values.rbac.create }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: manager-role +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments/finalizers + verbs: + - update +- apiGroups: + - apps + resources: + - deployments/status + verbs: + - get + - patch + - update +- apiGroups: + - cert-manager.io + resources: + - certificates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cert-manager.io + resources: + - certificates/finalizers + verbs: + - update +- apiGroups: + - cert-manager.io + resources: + - certificates/status + verbs: + - get + - patch + - update +- apiGroups: + - crew.testproject.org + resources: + - captains + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - crew.testproject.org + resources: + - captains/finalizers + verbs: + - update +- apiGroups: + - crew.testproject.org + resources: + - captains/status + verbs: + - get + - patch + - update +- apiGroups: + - example.com.testproject.org + resources: + - busyboxes + - memcacheds + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - example.com.testproject.org + resources: + - busyboxes/finalizers + - memcacheds/finalizers + verbs: + - update +- apiGroups: + - example.com.testproject.org + resources: + - busyboxes/status + - memcacheds/status + verbs: + - get + - patch + - update +- apiGroups: + - fiz.testproject.org + - foo.testproject.org + resources: + - bars + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - fiz.testproject.org + - foo.testproject.org + resources: + - bars/finalizers + verbs: + - update +- apiGroups: + - fiz.testproject.org + - foo.testproject.org + resources: + - bars/status + verbs: + - get + - patch + - update +- apiGroups: + - foo.policy.testproject.org + resources: + - healthcheckpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - foo.policy.testproject.org + resources: + - healthcheckpolicies/finalizers + verbs: + - update +- apiGroups: + - foo.policy.testproject.org + resources: + - healthcheckpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - sea-creatures.testproject.org + resources: + - krakens + - leviathans + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sea-creatures.testproject.org + resources: + - krakens/finalizers + - leviathans/finalizers + verbs: + - update +- apiGroups: + - sea-creatures.testproject.org + resources: + - krakens/status + - leviathans/status + verbs: + - get + - patch + - update +- apiGroups: + - ship.testproject.org + resources: + - cruisers + - destroyers + - frigates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ship.testproject.org + resources: + - cruisers/finalizers + - destroyers/finalizers + - frigates/finalizers + verbs: + - update +- apiGroups: + - ship.testproject.org + resources: + - cruisers/status + - destroyers/status + - frigates/status + verbs: + - get + - patch + - update +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/role_binding.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/role_binding.yaml new file mode 100755 index 00000000000..a0336756722 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/role_binding.yaml @@ -0,0 +1,16 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: manager-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: {{ .Values.namespace }} +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/sea-creatures_kraken_editor_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/sea-creatures_kraken_editor_role.yaml new file mode 100755 index 00000000000..7c641aac7c5 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/sea-creatures_kraken_editor_role.yaml @@ -0,0 +1,28 @@ +{{- if .Values.rbac.create }} +# permissions for end users to edit krakens. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: sea-creatures-kraken-editor-role +rules: +- apiGroups: + - sea-creatures.testproject.org + resources: + - krakens + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sea-creatures.testproject.org + resources: + - krakens/status + verbs: + - get +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/sea-creatures_kraken_viewer_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/sea-creatures_kraken_viewer_role.yaml new file mode 100755 index 00000000000..e945c0d9a22 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/sea-creatures_kraken_viewer_role.yaml @@ -0,0 +1,24 @@ +{{- if .Values.rbac.create }} +# permissions for end users to view krakens. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: sea-creatures-kraken-viewer-role +rules: +- apiGroups: + - sea-creatures.testproject.org + resources: + - krakens + verbs: + - get + - list + - watch +- apiGroups: + - sea-creatures.testproject.org + resources: + - krakens/status + verbs: + - get +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/sea-creatures_leviathan_editor_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/sea-creatures_leviathan_editor_role.yaml new file mode 100755 index 00000000000..6847507539a --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/sea-creatures_leviathan_editor_role.yaml @@ -0,0 +1,28 @@ +{{- if .Values.rbac.create }} +# permissions for end users to edit leviathans. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: sea-creatures-leviathan-editor-role +rules: +- apiGroups: + - sea-creatures.testproject.org + resources: + - leviathans + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sea-creatures.testproject.org + resources: + - leviathans/status + verbs: + - get +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/sea-creatures_leviathan_viewer_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/sea-creatures_leviathan_viewer_role.yaml new file mode 100755 index 00000000000..7945dabb16a --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/sea-creatures_leviathan_viewer_role.yaml @@ -0,0 +1,24 @@ +{{- if .Values.rbac.create }} +# permissions for end users to view leviathans. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: sea-creatures-leviathan-viewer-role +rules: +- apiGroups: + - sea-creatures.testproject.org + resources: + - leviathans + verbs: + - get + - list + - watch +- apiGroups: + - sea-creatures.testproject.org + resources: + - leviathans/status + verbs: + - get +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/service_account.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/service_account.yaml new file mode 100755 index 00000000000..6d176e3772c --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/service_account.yaml @@ -0,0 +1,9 @@ +{{- if .Values.rbac.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: controller-manager + namespace: {{ .Values.namespace }} +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/ship_cruiser_editor_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/ship_cruiser_editor_role.yaml new file mode 100755 index 00000000000..166030dc6ea --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/ship_cruiser_editor_role.yaml @@ -0,0 +1,28 @@ +{{- if .Values.rbac.create }} +# permissions for end users to edit cruisers. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: ship-cruiser-editor-role +rules: +- apiGroups: + - ship.testproject.org + resources: + - cruisers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ship.testproject.org + resources: + - cruisers/status + verbs: + - get +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/ship_cruiser_viewer_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/ship_cruiser_viewer_role.yaml new file mode 100755 index 00000000000..84f28ac829a --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/ship_cruiser_viewer_role.yaml @@ -0,0 +1,24 @@ +{{- if .Values.rbac.create }} +# permissions for end users to view cruisers. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: ship-cruiser-viewer-role +rules: +- apiGroups: + - ship.testproject.org + resources: + - cruisers + verbs: + - get + - list + - watch +- apiGroups: + - ship.testproject.org + resources: + - cruisers/status + verbs: + - get +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/ship_destroyer_editor_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/ship_destroyer_editor_role.yaml new file mode 100755 index 00000000000..a314b5113f0 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/ship_destroyer_editor_role.yaml @@ -0,0 +1,28 @@ +{{- if .Values.rbac.create }} +# permissions for end users to edit destroyers. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: ship-destroyer-editor-role +rules: +- apiGroups: + - ship.testproject.org + resources: + - destroyers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ship.testproject.org + resources: + - destroyers/status + verbs: + - get +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/ship_destroyer_viewer_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/ship_destroyer_viewer_role.yaml new file mode 100755 index 00000000000..4910e7049ac --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/ship_destroyer_viewer_role.yaml @@ -0,0 +1,24 @@ +{{- if .Values.rbac.create }} +# permissions for end users to view destroyers. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: ship-destroyer-viewer-role +rules: +- apiGroups: + - ship.testproject.org + resources: + - destroyers + verbs: + - get + - list + - watch +- apiGroups: + - ship.testproject.org + resources: + - destroyers/status + verbs: + - get +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/ship_frigate_editor_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/ship_frigate_editor_role.yaml new file mode 100755 index 00000000000..197df51ebf1 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/ship_frigate_editor_role.yaml @@ -0,0 +1,28 @@ +{{- if .Values.rbac.create }} +# permissions for end users to edit frigates. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: ship-frigate-editor-role +rules: +- apiGroups: + - ship.testproject.org + resources: + - frigates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ship.testproject.org + resources: + - frigates/status + verbs: + - get +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/rbac/ship_frigate_viewer_role.yaml b/testdata/project-v4-multigroup/dist/chart/templates/rbac/ship_frigate_viewer_role.yaml new file mode 100755 index 00000000000..245f7eb7dc3 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/rbac/ship_frigate_viewer_role.yaml @@ -0,0 +1,24 @@ +{{- if .Values.rbac.create }} +# permissions for end users to view frigates. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: ship-frigate-viewer-role +rules: +- apiGroups: + - ship.testproject.org + resources: + - frigates + verbs: + - get + - list + - watch +- apiGroups: + - ship.testproject.org + resources: + - frigates/status + verbs: + - get +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/webhook/manifests.yaml b/testdata/project-v4-multigroup/dist/chart/templates/webhook/manifests.yaml new file mode 100755 index 00000000000..e6bd9e36037 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/webhook/manifests.yaml @@ -0,0 +1,156 @@ +{{- if .Values.webhook.create }} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: {{ .Values.namespace }} + path: /mutate-cert-manager-io-v1-issuer + failurePolicy: Fail + name: missuer-v1.kb.io + rules: + - apiGroups: + - cert-manager.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - issuers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: {{ .Values.namespace }} + path: /mutate-crew-testproject-org-v1-captain + failurePolicy: Fail + name: mcaptain-v1.kb.io + rules: + - apiGroups: + - crew.testproject.org + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - captains + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: {{ .Values.namespace }} + path: /mutate-ship-testproject-org-v1-destroyer + failurePolicy: Fail + name: mdestroyer-v1.kb.io + rules: + - apiGroups: + - ship.testproject.org + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - destroyers + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: {{ .Values.namespace }} + path: /validate--v1-pod + failurePolicy: Fail + name: vpod-v1.kb.io + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - pods + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: {{ .Values.namespace }} + path: /validate-crew-testproject-org-v1-captain + failurePolicy: Fail + name: vcaptain-v1.kb.io + rules: + - apiGroups: + - crew.testproject.org + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - captains + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: {{ .Values.namespace }} + path: /validate-example-com-testproject-org-v1alpha1-memcached + failurePolicy: Fail + name: vmemcached-v1alpha1.kb.io + rules: + - apiGroups: + - example.com.testproject.org + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - memcacheds + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: {{ .Values.namespace }} + path: /validate-ship-testproject-org-v2alpha1-cruiser + failurePolicy: Fail + name: vcruiser-v2alpha1.kb.io + rules: + - apiGroups: + - ship.testproject.org + apiVersions: + - v2alpha1 + operations: + - CREATE + - UPDATE + resources: + - cruisers + sideEffects: None +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/templates/webhook/service.yaml b/testdata/project-v4-multigroup/dist/chart/templates/webhook/service.yaml new file mode 100755 index 00000000000..11719ba30c9 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/templates/webhook/service.yaml @@ -0,0 +1,16 @@ +{{- if .Values.webhook.create }} +apiVersion: v1 +kind: Service +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: webhook-service + namespace: {{ .Values.namespace }} +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + control-plane: controller-manager +{{- end -}} diff --git a/testdata/project-v4-multigroup/dist/chart/values.yaml b/testdata/project-v4-multigroup/dist/chart/values.yaml new file mode 100644 index 00000000000..5d4014dadc4 --- /dev/null +++ b/testdata/project-v4-multigroup/dist/chart/values.yaml @@ -0,0 +1,66 @@ +# Default values for the Kubebuilder Helm chart + +namespace: project-v4-multigroup-system + +# Controller Manager settings +controllerManager: + image: + repository: controller + tag: latest + replicas: 1 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + livenessProbe: + initialDelaySeconds: 15 + periodSeconds: 20 + httpGet: + path: /healthz + port: 8081 + readinessProbe: + initialDelaySeconds: 5 + periodSeconds: 10 + httpGet: + path: /readyz + port: 8081 + securityContext: + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + serviceAccountName: controller-manager + terminationGracePeriodSeconds: 10 + env: + BUSYBOX_IMAGE: busybox:1.36.1 + MEMCACHED_IMAGE: memcached:memcached:1.6.26-alpine3.19 + +# RBAC settings +rbac: + create: true + +# CRDs settings +crd: + create: true + + +# Webhook service settings +webhook: + create: true + + +# Prometheus monitoring settings +prometheus: + create: false + +# CertManager settings for certificates +certmanager: + create: false + +# Network policies +networkPolicy: + create: false diff --git a/testdata/project-v4-with-plugins/PROJECT b/testdata/project-v4-with-plugins/PROJECT index f006d1cad32..d51806c193e 100644 --- a/testdata/project-v4-with-plugins/PROJECT +++ b/testdata/project-v4-with-plugins/PROJECT @@ -24,6 +24,7 @@ plugins: image: busybox:1.36.1 version: v1alpha1 grafana.kubebuilder.io/v1-alpha: {} + helm.kubebuilder.io/v1-alpha: {} projectName: project-v4-with-plugins repo: sigs.k8s.io/kubebuilder/testdata/project-v4-with-plugins resources: diff --git a/testdata/project-v4-with-plugins/dist/chart/.helmignore b/testdata/project-v4-with-plugins/dist/chart/.helmignore new file mode 100644 index 00000000000..4eba77dd129 --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/.helmignore @@ -0,0 +1,27 @@ +# Patterns to ignore when building Helm packages. +# Supports shell glob matching, relative path matching, and negation. + +# Operating system files +.DS_Store + +# Version control directories +.git/ +.gitignore +.bzr/ +.hg/ +.hgignore +.svn/ + +# Backup and temporary files +*.swp +*.tmp +*.bak +*.orig +*~ + +# IDE and editor-related files +.idea/ +.vscode/ + +# Helm chart artifacts +dist/chart/*.tgz diff --git a/testdata/project-v4-with-plugins/dist/chart/Chart.yaml b/testdata/project-v4-with-plugins/dist/chart/Chart.yaml new file mode 100644 index 00000000000..0f89680c555 --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +name: project-v4-with-plugins +description: A Helm chart to distribute the project project-v4-with-plugins +type: application +version: 0.1.0 +appVersion: "0.1.0" +icon: "https://example.com/icon.png" diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/_helpers.tpl b/testdata/project-v4-with-plugins/dist/chart/templates/_helpers.tpl new file mode 100644 index 00000000000..e8fb6a44608 --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/_helpers.tpl @@ -0,0 +1,48 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "chart.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +*/}} +{{- define "chart.fullname" -}} +{{- if .Values.fullnameOverride }} +{{.Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{.Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "chart.version" -}} +{{printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "chart.labels" -}} +helm.sh/chart: {{ include "chart.version" . }} +app.kubernetes.io/name: {{ include "chart.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "chart.selectorLabels" -}} +app.kubernetes.io/name: {{ include "chart.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/certmanager/certificate.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/certmanager/certificate.yaml new file mode 100755 index 00000000000..dc58c3af859 --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/certmanager/certificate.yaml @@ -0,0 +1,29 @@ +{{- if .Values.certmanager.create }} +# The following manifests contain a self-signed issuer CR and a certificate CR. +# More document can be found at https://docs.cert-manager.io +# WARNING: Targets CertManager v1.0. Check https://cert-manager.io/docs/installation/upgrading/ for breaking changes. +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: selfsigned-issuer + namespace: {{ .Values.namespace }} +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml + namespace: {{ .Values.namespace }} +spec: + # SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize + dnsNames: + - SERVICE_NAME.SERVICE_NAMESPACE.svc + - SERVICE_NAME.SERVICE_NAMESPACE.svc.cluster.local + issuerRef: + kind: Issuer + name: selfsigned-issuer + secretName: webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize +{{- end -}} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/crds/example.com.testproject.org_busyboxes.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/crds/example.com.testproject.org_busyboxes.yaml new file mode 100755 index 00000000000..fba78ef68fc --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/crds/example.com.testproject.org_busyboxes.yaml @@ -0,0 +1,120 @@ +{{- if .Values.crd.create }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: busyboxes.example.com.testproject.org +spec: + group: example.com.testproject.org + names: + kind: Busybox + listKind: BusyboxList + plural: busyboxes + singular: busybox + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Busybox is the Schema for the busyboxes API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: BusyboxSpec defines the desired state of Busybox + properties: + size: + description: |- + Size defines the number of Busybox instances + The following markers will use OpenAPI v3 schema to validate the value + More info: https://book.kubebuilder.io/reference/markers/crd-validation.html + format: int32 + maximum: 3 + minimum: 1 + type: integer + type: object + status: + description: BusyboxStatus defines the observed state of Busybox + properties: + conditions: + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end -}} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/crds/example.com.testproject.org_memcacheds.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/crds/example.com.testproject.org_memcacheds.yaml new file mode 100755 index 00000000000..b389828fe06 --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/crds/example.com.testproject.org_memcacheds.yaml @@ -0,0 +1,125 @@ +{{- if .Values.crd.create }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: memcacheds.example.com.testproject.org +spec: + group: example.com.testproject.org + names: + kind: Memcached + listKind: MemcachedList + plural: memcacheds + singular: memcached + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Memcached is the Schema for the memcacheds API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: MemcachedSpec defines the desired state of Memcached + properties: + containerPort: + description: Port defines the port that will be used to init the container + with the image + format: int32 + type: integer + size: + description: |- + Size defines the number of Memcached instances + The following markers will use OpenAPI v3 schema to validate the value + More info: https://book.kubebuilder.io/reference/markers/crd-validation.html + format: int32 + maximum: 3 + minimum: 1 + type: integer + type: object + status: + description: MemcachedStatus defines the observed state of Memcached + properties: + conditions: + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end -}} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/manager/manager.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/manager/manager.yaml new file mode 100644 index 00000000000..dcd3041b46f --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/manager/manager.yaml @@ -0,0 +1,35 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: {{ .Values.namespace }} + labels: + {{- include "chart.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ include "chart.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + {{- include "chart.labels" . | nindent 8 }} + spec: + serviceAccountName: {{ .Values.controllerManager.serviceAccountName }} + containers: + - name: manager + image: {{ .Values.controllerManager.image.repository }}:{{ .Values.controllerManager.image.tag }} + env: + {{- range $key, $value := .Values.controllerManager.env }} + - name: {{ $key }} + value: {{ $value }} + {{- end }} + livenessProbe: + {{- toYaml .Values.controllerManager.livenessProbe | nindent 8 }} + readinessProbe: + {{- toYaml .Values.controllerManager.readinessProbe | nindent 8 }} + resources: + {{- toYaml .Values.controllerManager.resources | nindent 8 }} + securityContext: + {{- toYaml .Values.controllerManager.securityContext | nindent 8 }} + terminationGracePeriodSeconds: {{ .Values.controllerManager.terminationGracePeriodSeconds }} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/network-policy/allow-metrics-traffic.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/network-policy/allow-metrics-traffic.yaml new file mode 100755 index 00000000000..460cb846983 --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/network-policy/allow-metrics-traffic.yaml @@ -0,0 +1,27 @@ +{{- if .Values.networkPolicy.create }} +# This NetworkPolicy allows ingress traffic +# with Pods running on namespaces labeled with 'metrics: enabled'. Only Pods on those +# namespaces are able to gathering data from the metrics endpoint. +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: allow-metrics-traffic + namespace: {{ .Values.namespace }} +spec: + podSelector: + matchLabels: + control-plane: controller-manager + policyTypes: + - Ingress + ingress: + # This allows ingress traffic from any namespace with the label metrics: enabled + - from: + - namespaceSelector: + matchLabels: + metrics: enabled # Only from namespaces with this label + ports: + - port: 8443 + protocol: TCP +{{- end -}} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/network-policy/allow-webhook-traffic.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/network-policy/allow-webhook-traffic.yaml new file mode 100755 index 00000000000..3a34a352302 --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/network-policy/allow-webhook-traffic.yaml @@ -0,0 +1,27 @@ +{{- if .Values.networkPolicy.create }} +# This NetworkPolicy allows ingress traffic to your webhook server running +# as part of the controller-manager from specific namespaces and pods. CR(s) which uses webhooks +# will only work when applied in namespaces labeled with 'webhook: enabled' +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: allow-webhook-traffic + namespace: {{ .Values.namespace }} +spec: + podSelector: + matchLabels: + control-plane: controller-manager + policyTypes: + - Ingress + ingress: + # This allows ingress traffic from any namespace with the label webhook: enabled + - from: + - namespaceSelector: + matchLabels: + webhook: enabled # Only from namespaces with this label + ports: + - port: 443 + protocol: TCP +{{- end -}} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/prometheus/monitor.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/prometheus/monitor.yaml new file mode 100755 index 00000000000..41ab6e848d7 --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/prometheus/monitor.yaml @@ -0,0 +1,30 @@ +{{- if .Values.prometheus.create }} +# Prometheus Monitor Service (Metrics) +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: controller-manager-metrics-monitor + namespace: {{ .Values.namespace }} +spec: + endpoints: + - path: /metrics + port: https # Ensure this is the name of the port that exposes HTTPS metrics + scheme: https + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + tlsConfig: + # TODO(user): The option insecureSkipVerify: true is not recommended for production since it disables + # certificate verification. This poses a significant security risk by making the system vulnerable to + # man-in-the-middle attacks, where an attacker could intercept and manipulate the communication between + # Prometheus and the monitored services. This could lead to unauthorized access to sensitive metrics data, + # compromising the integrity and confidentiality of the information. + # Please use the following options for secure configurations: + # caFile: /etc/metrics-certs/ca.crt + # certFile: /etc/metrics-certs/tls.crt + # keyFile: /etc/metrics-certs/tls.key + insecureSkipVerify: true + selector: + matchLabels: + control-plane: controller-manager +{{- end -}} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/rbac/busybox_editor_role.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/busybox_editor_role.yaml new file mode 100755 index 00000000000..371f3475a6f --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/busybox_editor_role.yaml @@ -0,0 +1,28 @@ +{{- if .Values.rbac.create }} +# permissions for end users to edit busyboxes. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: busybox-editor-role +rules: +- apiGroups: + - example.com.testproject.org + resources: + - busyboxes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - example.com.testproject.org + resources: + - busyboxes/status + verbs: + - get +{{- end -}} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/rbac/busybox_viewer_role.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/busybox_viewer_role.yaml new file mode 100755 index 00000000000..8553e02e781 --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/busybox_viewer_role.yaml @@ -0,0 +1,24 @@ +{{- if .Values.rbac.create }} +# permissions for end users to view busyboxes. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: busybox-viewer-role +rules: +- apiGroups: + - example.com.testproject.org + resources: + - busyboxes + verbs: + - get + - list + - watch +- apiGroups: + - example.com.testproject.org + resources: + - busyboxes/status + verbs: + - get +{{- end -}} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/rbac/leader_election_role.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/leader_election_role.yaml new file mode 100755 index 00000000000..07bb4a2c407 --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/leader_election_role.yaml @@ -0,0 +1,41 @@ +{{- if .Values.rbac.create }} +# permissions to do leader election. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: leader-election-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +{{- end -}} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/rbac/leader_election_role_binding.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/leader_election_role_binding.yaml new file mode 100755 index 00000000000..f81780e69df --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/leader_election_role_binding.yaml @@ -0,0 +1,16 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: leader-election-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: leader-election-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: {{ .Values.namespace }} +{{- end -}} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/rbac/memcached_editor_role.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/memcached_editor_role.yaml new file mode 100755 index 00000000000..8af2ebbe627 --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/memcached_editor_role.yaml @@ -0,0 +1,28 @@ +{{- if .Values.rbac.create }} +# permissions for end users to edit memcacheds. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: memcached-editor-role +rules: +- apiGroups: + - example.com.testproject.org + resources: + - memcacheds + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - example.com.testproject.org + resources: + - memcacheds/status + verbs: + - get +{{- end -}} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/rbac/memcached_viewer_role.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/memcached_viewer_role.yaml new file mode 100755 index 00000000000..c9aac7582e5 --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/memcached_viewer_role.yaml @@ -0,0 +1,24 @@ +{{- if .Values.rbac.create }} +# permissions for end users to view memcacheds. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: memcached-viewer-role +rules: +- apiGroups: + - example.com.testproject.org + resources: + - memcacheds + verbs: + - get + - list + - watch +- apiGroups: + - example.com.testproject.org + resources: + - memcacheds/status + verbs: + - get +{{- end -}} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/rbac/metrics_auth_role.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/metrics_auth_role.yaml new file mode 100755 index 00000000000..d3edf2766af --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/metrics_auth_role.yaml @@ -0,0 +1,21 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: metrics-auth-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +{{- end -}} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/rbac/metrics_auth_role_binding.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/metrics_auth_role_binding.yaml new file mode 100755 index 00000000000..f051f06d96f --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/metrics_auth_role_binding.yaml @@ -0,0 +1,16 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: metrics-auth-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: metrics-auth-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: {{ .Values.namespace }} +{{- end -}} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/rbac/metrics_reader_role.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/metrics_reader_role.yaml new file mode 100755 index 00000000000..df8bd5b4b1d --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/metrics_reader_role.yaml @@ -0,0 +1,13 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: metrics-reader +rules: +- nonResourceURLs: + - "/metrics" + verbs: + - get +{{- end -}} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/rbac/role.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/role.yaml new file mode 100755 index 00000000000..f5d1c9448fd --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/role.yaml @@ -0,0 +1,66 @@ +{{- if .Values.rbac.create }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: manager-role +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - example.com.testproject.org + resources: + - busyboxes + - memcacheds + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - example.com.testproject.org + resources: + - busyboxes/finalizers + - memcacheds/finalizers + verbs: + - update +- apiGroups: + - example.com.testproject.org + resources: + - busyboxes/status + - memcacheds/status + verbs: + - get + - patch + - update +{{- end -}} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/rbac/role_binding.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/role_binding.yaml new file mode 100755 index 00000000000..a0336756722 --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/role_binding.yaml @@ -0,0 +1,16 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: manager-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: {{ .Values.namespace }} +{{- end -}} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/rbac/service_account.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/service_account.yaml new file mode 100755 index 00000000000..6d176e3772c --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/rbac/service_account.yaml @@ -0,0 +1,9 @@ +{{- if .Values.rbac.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: controller-manager + namespace: {{ .Values.namespace }} +{{- end -}} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/webhook/manifests.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/webhook/manifests.yaml new file mode 100755 index 00000000000..30bb3e97116 --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/webhook/manifests.yaml @@ -0,0 +1,30 @@ +{{- if .Values.webhook.create }} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: {{ .Values.namespace }} + path: /validate-example-com-testproject-org-v1alpha1-memcached + failurePolicy: Fail + name: vmemcached-v1alpha1.kb.io + rules: + - apiGroups: + - example.com.testproject.org + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - memcacheds + sideEffects: None +{{- end -}} diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/webhook/service.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/webhook/service.yaml new file mode 100755 index 00000000000..11719ba30c9 --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/templates/webhook/service.yaml @@ -0,0 +1,16 @@ +{{- if .Values.webhook.create }} +apiVersion: v1 +kind: Service +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: webhook-service + namespace: {{ .Values.namespace }} +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + control-plane: controller-manager +{{- end -}} diff --git a/testdata/project-v4-with-plugins/dist/chart/values.yaml b/testdata/project-v4-with-plugins/dist/chart/values.yaml new file mode 100644 index 00000000000..b7f82ae4a9a --- /dev/null +++ b/testdata/project-v4-with-plugins/dist/chart/values.yaml @@ -0,0 +1,66 @@ +# Default values for the Kubebuilder Helm chart + +namespace: project-v4-with-plugins-system + +# Controller Manager settings +controllerManager: + image: + repository: controller + tag: latest + replicas: 1 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + livenessProbe: + initialDelaySeconds: 15 + periodSeconds: 20 + httpGet: + path: /healthz + port: 8081 + readinessProbe: + initialDelaySeconds: 5 + periodSeconds: 10 + httpGet: + path: /readyz + port: 8081 + securityContext: + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + serviceAccountName: controller-manager + terminationGracePeriodSeconds: 10 + env: + BUSYBOX_IMAGE: busybox:1.36.1 + MEMCACHED_IMAGE: memcached:memcached:1.6.26-alpine3.19 + +# RBAC settings +rbac: + create: true + +# CRDs settings +crd: + create: true + + +# Webhook service settings +webhook: + create: true + + +# Prometheus monitoring settings +prometheus: + create: false + +# CertManager settings for certificates +certmanager: + create: false + +# Network policies +networkPolicy: + create: false