move to project lifecycle structure

kubernetes/incubating/userspace/templates/limitrange.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: LimitRange
+metadata:
+  name: default
+  namespace: {{ .Release.Name }}
+spec:
+  limits:
+  - type: Container
+    default:
+      memory: 128Mi
+      cpu: 100m
+    defaultRequest:
+      memory: 1Mi
+      cpu: 1m

kubernetes/incubating/userspace/templates/namespace-manager-role.yaml

@@ -0,0 +1,57 @@
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: namespace-manager
+  namespace: {{ .Release.Name }}
+rules:
+- apiGroups:
+    - ""
+    - extensions
+    - apps
+    - batch
+    - autoscaling
+    - networking.k8s.io
+    - rbac.authorization.k8s.io
+    - metrics.k8s.io
+    - policy
+    - cert-manager.io
+  resources: 
+    - deployments
+    - replicasets
+    - pods
+    - pods/exec
+    - pods/log
+    - pods/attach
+    - daemonsets
+    - statefulsets
+    - replicationcontrollers
+    - horizontalpodautoscalers
+    - services
+    - ingresses
+    - persistentvolumeclaims
+    - jobs
+    - cronjobs
+    - secrets
+    - configmaps
+    - serviceaccounts
+    - rolebindings
+    - ingressroutes
+    - middlewares
+    - endpoints
+    - deployments/scale
+    - poddisruptionbudgets
+    - certificates
+    - roles
+  verbs: 
+    - "*"
+- apiGroups:
+    - ""
+    - metrics.k8s.io
+    - rbac.authorization.k8s.io
+    - policy
+  resources:
+    - resourcequotas
+    - roles
+  verbs:
+    - list
+    - get

kubernetes/incubating/userspace/templates/namespace-manager-rolebinding.yaml

@@ -0,0 +1,13 @@
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: namespace-manager
+  namespace: {{ .Release.Name }}
+subjects:
+- kind: User
+  name: {{ .Values.user }}
+  apiGroup: ""
+roleRef:
+  kind: Role
+  name: namespace-manager
+  apiGroup: ""

kubernetes/incubating/userspace/templates/namespace-readonly-role.yaml

@@ -0,0 +1,46 @@
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: namespace-readonly
+  namespace: {{ .Release.Name }}
+rules:
+- apiGroups:
+    - ""
+    - extensions
+    - apps
+    - batch
+    - autoscaling
+    - networking.k8s.io
+    - traefik.containo.us
+    - rbac.authorization.k8s.io
+    - metrics.k8s.io
+    - storage.k8s.io
+  resources: 
+    - deployments
+    - replicasets
+    - pods
+    - pods/exec
+    - pods/log
+    - pods/attach
+    - daemonsets
+    - statefulsets
+    - replicationcontrollers
+    - horizontalpodautoscalers
+    - services
+    - ingresses
+    - persistentvolumeclaims
+    - jobs
+    - cronjobs
+    - secrets
+    - configmaps
+    - serviceaccounts
+    - rolebindings
+    - ingressroutes
+    - middlewares
+    - resourcequotas
+    - roles
+    - endpoints
+    - clusterroles
+  verbs: 
+    - list
+    - watch

kubernetes/incubating/userspace/templates/namespace-readonly-rolebinding.yaml

@@ -0,0 +1,12 @@
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: user-readonly
+subjects:
+- kind: User
+  name: {{ .Values.user }}
+  apiGroup: ""
+roleRef:
+  kind: ClusterRole
+  name: user-readonly
+  apiGroup: ""

kubernetes/incubating/userspace/templates/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ .Release.Name }}

kubernetes/incubating/userspace/templates/resourcequota.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ResourceQuota
+metadata:
+  name: default
+  namespace: {{ .Release.Name }}
+spec:
+  hard:
+    requests.cpu: "8"
+    requests.memory: "8Gi"
+    limits.cpu: "16"
+    limits.memory: "16Gi"
+    requests.storage: "500Gi"