feat: implement helm support

config/rbac.yaml

@@ -1,17 +1,17 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: my-sa
+  name: k8sgatekeeper-sa
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: my-sa-view
+  name: k8sgatekeeper-sa-view
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: cluster-admin
 subjects:
   - kind: ServiceAccount
-    name: my-sa
+    name: k8sgatekeeper-sa
     namespace: default

config/webhook_deployment.yaml

@@ -27,9 +27,9 @@ spec:
       labels:
         app: casbin-webhook
     spec:
-      serviceAccountName: my-sa
+      serviceAccountName: k8sgatekeeper-sa
       containers:
-      - name: casbin-kubesphere-authz
+      - name: casbin-gatekeeper
         image: k8s-gatekeeper:latest
         imagePullPolicy: Never
         ports:

k8sgatekeeper/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

k8sgatekeeper/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: ksauth
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"

k8sgatekeeper/templates/cluster_role_binding.yaml

@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: k8sgatekeeper-sa-view
+  namespace: {{ .Values.namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+  - kind: ServiceAccount
+    name: k8sgatekeeper-sa
+    namespace: {{ .Values.namespace }}

k8sgatekeeper/templates/deployment.yaml

@@ -0,0 +1,24 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: {{ .Values.namespace }}
+  name: casbin-webhook
+  labels:
+    app: casbin-webhook
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: casbin-webhook
+  template:
+    metadata:
+      labels:
+        app: casbin-webhook
+    spec:
+      serviceAccountName: k8sgatekeeper-sa
+      containers:
+        - name: casbin-gatekeeper
+          image: k8s-gatekeeper:latest
+          imagePullPolicy: Never
+          ports:
+            - containerPort: 8080

k8sgatekeeper/templates/kubebuilder.yml

@@ -0,0 +1,123 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.4.1
+  creationTimestamp: null
+  name: casbinmodels.auth.casbin.org
+spec:
+  group: auth.casbin.org
+  names:
+    kind: CasbinModel
+    listKind: CasbinModelList
+    plural: casbinmodels
+    singular: casbinmodel
+  scope: Namespaced
+  versions:
+    - name: v1
+      schema:
+        openAPIV3Schema:
+          description: CasbinModel is the Schema for the casbinmodels API
+          properties:
+            apiVersion:
+              description:
+                "APIVersion defines the versioned schema of this representation
+                of an object. Servers should convert recognized schemas to the latest
+                internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
+              type: string
+            kind:
+              description:
+                "Kind is a string value representing the REST resource this
+                object represents. Servers may infer this from the endpoint the client
+                submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
+              type: string
+            metadata:
+              type: object
+            spec:
+              description: CasbinModelSpec defines the desired state of CasbinModel
+              properties:
+                enabled:
+                  description: This Model is valid only if enabled is true
+                  type: boolean
+                modelText:
+                  description: ModelText contains the content of casbin model
+                  type: string
+              required:
+                - enabled
+              type: object
+            status:
+              description: CasbinModelStatus defines the observed state of CasbinModel
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.4.1
+  creationTimestamp: null
+  name: casbinpolicies.auth.casbin.org
+spec:
+  group: auth.casbin.org
+  names:
+    kind: CasbinPolicy
+    listKind: CasbinPolicyList
+    plural: casbinpolicies
+    singular: casbinpolicy
+  scope: Namespaced
+  versions:
+    - name: v1
+      schema:
+        openAPIV3Schema:
+          description: CasbinPolicy is the Schema for the casbinpolicies API
+          properties:
+            apiVersion:
+              description:
+                "APIVersion defines the versioned schema of this representation
+                of an object. Servers should convert recognized schemas to the latest
+                internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
+              type: string
+            kind:
+              description:
+                "Kind is a string value representing the REST resource this
+                object represents. Servers may infer this from the endpoint the client
+                submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
+              type: string
+            metadata:
+              type: object
+            spec:
+              description: CasbinPolicySpec defines the desired state of CasbinPolicy
+              properties:
+                policyItem:
+                  description:
+                    Foo is an example field of CasbinPolicy. Edit Casbinpolicy_types.go
+                    to remove/update
+                  type: string
+              required:
+                - policyItem
+              type: object
+            status:
+              description: CasbinPolicyStatus defines the observed state of CasbinPolicy
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

k8sgatekeeper/templates/namespace.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ .Values.namespace }}
+spec:
+  finalizers:
+    - kubernetes
+status:
+  phase: Active

k8sgatekeeper/templates/service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: {{ .Values.namespace }}
+  name: casbin-webhook-svc
+  labels:
+    app: casbin-webhook-svc
+spec:
+  type: NodePort
+  ports:
+    - port: 8080
+  selector:
+    app: casbin-webhook

k8sgatekeeper/templates/service_account.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: {{ .Values.namespace }}
+  name: k8sgatekeeper-sa

k8sgatekeeper/values.yaml

@@ -0,0 +1,4 @@
+# Default values for ksauth.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+namespace: "default"