commit 285ab62ddcc4e1c06fe73d9a318f9db5587a83c3
author Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local> Wed Nov 22 13:50:45 2023 +0400
committer Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local> Wed Nov 22 13:50:45 2023 +0400
tree 20092705204de76be09285c11b15b8c0a380dbd4
parent 743fb432c977f4b7a98d37407cccdbe8605dd9cf

update charts

charts/k8s-gerrit/helm-charts/gerrit-operator/templates/operator.yaml

diff --git a/charts/k8s-gerrit/helm-charts/gerrit-operator/templates/operator.yaml b/charts/k8s-gerrit/helm-charts/gerrit-operator/templates/operator.yaml
new file mode 100644
index 0000000..f9ed84f
--- /dev/null
+++ b/charts/k8s-gerrit/helm-charts/gerrit-operator/templates/operator.yaml
@@ -0,0 +1,71 @@
+{{- if .Values.externalKeyStore.enabled }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name:  gerrit-operator-ssl
+  namespace: {{ .Release.Namespace }}
+data:
+  keystore.jks: {{ .Values.externalKeyStore.jks }}
+  keystore.password: {{ .Values.externalKeyStore.password | b64enc }}
+type: Opaque
+{{- end }}
+
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gerrit-operator
+  namespace: {{ .Release.Namespace }}
+spec:
+  selector:
+    matchLabels:
+      app: gerrit-operator
+  template:
+    metadata:
+      labels:
+        app: gerrit-operator
+    spec:
+      serviceAccountName: gerrit-operator
+      {{- with .Values.image.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+      - name: operator
+        image: {{ .Values.image.registry | default "docker.io" }}/{{ .Values.image.org }}/{{ .Values.image.name }}:{{ .Values.image.tag | default "latest" }}
+        imagePullPolicy: {{ .Values.image.imagePullPolicy }}
+        env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: INGRESS
+          value: {{ .Values.ingress.type }}
+        ports:
+        - containerPort: 80
+        readinessProbe:
+          httpGet:
+            path: /health
+            port: 8080
+            scheme: HTTPS
+          initialDelaySeconds: 10
+        livenessProbe:
+          httpGet:
+            path: /health
+            port: 8080
+            scheme: HTTPS
+          initialDelaySeconds: 30
+        {{- if .Values.externalKeyStore.enabled }}
+        volumeMounts:
+        - name: ssl
+          readOnly: true
+          mountPath: /operator
+        {{- end }}
+      {{- if .Values.externalKeyStore.enabled }}
+      volumes:
+      - name: ssl
+        secret:
+          secretName: gerrit-operator-ssl
+      {{- end }}

charts/k8s-gerrit/helm-charts/gerrit-operator/templates/rbac.yaml

diff --git a/charts/k8s-gerrit/helm-charts/gerrit-operator/templates/rbac.yaml b/charts/k8s-gerrit/helm-charts/gerrit-operator/templates/rbac.yaml
new file mode 100644
index 0000000..fbd2ae7
--- /dev/null
+++ b/charts/k8s-gerrit/helm-charts/gerrit-operator/templates/rbac.yaml
@@ -0,0 +1,87 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: gerrit-operator
+  namespace: {{ .Release.Namespace }}
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: gerrit-operator-admin
+subjects:
+- kind: ServiceAccount
+  name: gerrit-operator
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: gerrit-operator
+  apiGroup: ""
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: gerrit-operator
+rules:
+- apiGroups:
+  - "batch"
+  resources:
+  - cronjobs
+  verbs:
+  - '*'
+- apiGroups:
+  - "apps"
+  resources:
+  - statefulsets
+  - deployments
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - persistentvolumeclaims
+  - secrets
+  - services
+  verbs:
+  - '*'
+- apiGroups:
+  - "storage.k8s.io"
+  resources:
+  - storageclasses
+  verbs:
+  - 'get'
+  - 'list'
+- apiGroups:
+  - "apiextensions.k8s.io"
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - '*'
+- apiGroups:
+  - "networking.k8s.io"
+  resources:
+  - ingresses
+  verbs:
+  - '*'
+- apiGroups:
+  - "gerritoperator.google.com"
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- apiGroups:
+  - "networking.istio.io"
+  resources:
+  - "gateways"
+  - "virtualservices"
+  - "destinationrules"
+  verbs:
+  - '*'
+- apiGroups:
+  - "admissionregistration.k8s.io"
+  resources:
+  - 'validatingwebhookconfigurations'
+  verbs:
+  - '*'