version 1 release

namespace/templates/clusterrole.yaml

@@ -0,0 +1,12 @@
+# kind: ClusterRole
+# apiVersion: rbac.authorization.k8s.io/v1
+# metadata:
+#   name: user-readonly
+# rules:
+# - apiGroups:
+#     - rbac.authorization.k8s.io
+#   resources: 
+#     - clusterroles
+#   verbs: 
+#     - list
+#     - watch

namespace/templates/limitrange.yaml

@@ -0,0 +1,14 @@
+# apiVersion: v1
+# kind: LimitRange
+# metadata:
+#   name: default
+#   namespace: {{ .Release.Name }}
+# spec:
+#   limits:
+#   - default:
+#       memory: 128Mi
+#       cpu: 100m
+#     defaultRequest:
+#       memory: 1Mi
+#       cpu: 1m
+#     type: Container

namespace/templates/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ .Release.Name }}

namespace/templates/resourcequota.yaml

@@ -0,0 +1,11 @@
+# apiVersion: v1
+# kind: ResourceQuota
+# metadata:
+#   name: default
+#   namespace: {{ .Release.Name }}
+# spec:
+#   hard:
+#     requests.cpu: "6"
+#     requests.memory: "6Gi"
+#     limits.cpu: "24"
+#     limits.memory: "20Gi"

namespace/templates/role.yaml

@@ -0,0 +1,105 @@
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: namespace-manager
+  namespace: {{ .Release.Name }}
+rules:
+- apiGroups:
+    - ""
+    - extensions
+    - apps
+    - batch
+    - autoscaling
+    - networking.k8s.io
+    - traefik.containo.us
+    - rbac.authorization.k8s.io
+    - metrics.k8s.io
+    - policy
+    - cert-manager.io
+  resources: 
+    - deployments
+    - replicasets
+    - pods
+    - pods/exec
+    - pods/log
+    - pods/attach
+    - daemonsets
+    - statefulsets
+    - replicationcontrollers
+    - horizontalpodautoscalers
+    - services
+    - ingresses
+    - persistentvolumeclaims
+    - jobs
+    - cronjobs
+    - secrets
+    - configmaps
+    - serviceaccounts
+    - rolebindings
+    - ingressroutes
+    - middlewares
+    - endpoints
+    - deployments/scale
+    - poddisruptionbudgets
+    - certificates
+    - roles
+  verbs: 
+    - "*"
+- apiGroups:
+    - ""
+    - metrics.k8s.io
+    - rbac.authorization.k8s.io
+    - policy
+  resources:
+    - resourcequotas
+    - roles
+  verbs:
+    - list
+    - get
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: namespace-readonly
+  namespace: {{ .Release.Name }}
+rules:
+- apiGroups:
+    - ""
+    - extensions
+    - apps
+    - batch
+    - autoscaling
+    - networking.k8s.io
+    - traefik.containo.us
+    - rbac.authorization.k8s.io
+    - metrics.k8s.io
+    - storage.k8s.io
+  resources: 
+    - deployments
+    - replicasets
+    - pods
+    - pods/exec
+    - pods/log
+    - pods/attach
+    - daemonsets
+    - statefulsets
+    - replicationcontrollers
+    - horizontalpodautoscalers
+    - services
+    - ingresses
+    - persistentvolumeclaims
+    - jobs
+    - cronjobs
+    - secrets
+    - configmaps
+    - serviceaccounts
+    - rolebindings
+    - ingressroutes
+    - middlewares
+    - resourcequotas
+    - roles
+    - endpoints
+    - clusterroles
+  verbs: 
+    - list
+    - watch

namespace/templates/rolebinding.yaml

@@ -0,0 +1,26 @@
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: namespace-manager
+  namespace: {{ .Release.Name }}
+subjects:
+- kind: User
+  name: {{ .Values.user }}
+  apiGroup: ""
+roleRef:
+  kind: Role
+  name: namespace-manager
+  apiGroup: ""
+# ---
+# kind: ClusterRoleBinding
+# apiVersion: rbac.authorization.k8s.io/v1
+# metadata:
+#   name: user-readonly
+# subjects:
+# - kind: User
+#   name: {{ .Values.user }}
+#   apiGroup: ""
+# roleRef:
+#   kind: ClusterRole
+#   name: user-readonly
+#   apiGroup: ""