From e22c746e3f7ee9b4263dd4a67c68efd924d409a8 Mon Sep 17 00:00:00 2001
From: adobrodey <8377544+ADobrodey@users.noreply.github.com>
Date: Mon, 11 Mar 2024 12:13:17 +0100
Subject: [PATCH] [VDEVOPS-000]: SSO roles chart

Signed-off-by: adobrodey <8377544+ADobrodey@users.noreply.github.com>
---
 stable/sso-roles/.helmignore                | 23 +++++++++++
 stable/sso-roles/Chart.yaml                 | 14 +++++++
 stable/sso-roles/README.md                  | 24 +++++++++++
 stable/sso-roles/templates/rolebinding.yaml | 46 +++++++++++++++++++++
 stable/sso-roles/values.schema.json         | 36 ++++++++++++++++
 stable/sso-roles/values.yaml                | 26 ++++++++++++
 6 files changed, 169 insertions(+)
 create mode 100644 stable/sso-roles/.helmignore
 create mode 100644 stable/sso-roles/Chart.yaml
 create mode 100644 stable/sso-roles/README.md
 create mode 100644 stable/sso-roles/templates/rolebinding.yaml
 create mode 100644 stable/sso-roles/values.schema.json
 create mode 100644 stable/sso-roles/values.yaml

diff --git a/stable/sso-roles/.helmignore b/stable/sso-roles/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/stable/sso-roles/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/stable/sso-roles/Chart.yaml b/stable/sso-roles/Chart.yaml
new file mode 100644
index 0000000..aaa6c07
--- /dev/null
+++ b/stable/sso-roles/Chart.yaml
@@ -0,0 +1,14 @@
+apiVersion: v2
+name: sso-roles
+version: 1.5.0
+description: Kubernetes SSO Roles
+type: application
+dependencies:
+  - name: k8s-common
+    version: ^1.5.0
+    repository: https://vinivia.github.io/kubernetes-helm-charts
+sources:
+  - https://github.com/vinivia/kubernetes-helm-charts/tree/main/stable/sso-roles
+maintainers:
+  - name: Alexander Dobrodey
+    url: https://github.com/ADobrodey
diff --git a/stable/sso-roles/README.md b/stable/sso-roles/README.md
new file mode 100644
index 0000000..89be4ff
--- /dev/null
+++ b/stable/sso-roles/README.md
@@ -0,0 +1,24 @@
+# cronjobs
+
+![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square)
+
+Kubernetes Cron Jobs
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| file://../k8s-common | k8s-common | 2.0.0   |
+
+## Parameters
+
+### Global parameters
+
+| Name                 | Description                                             | Value     |
+| -------------------- | ------------------------------------------------------- | --------- |
+| `global.product`     | The product of the service                              | `""`      |
+| `global.serviceName` | Name of the service. Affects public DNS.                | `example` |
+| `global.environment` | Type of the environment, one of "dev", "stage", "prod". | `dev`     |
+| `global.domain`      | Company Root-level domain, expects                      | `""`      |
+| `commonLabels`       | Labels to add to all deployed objects                   | `{}`      |
+
diff --git a/stable/sso-roles/templates/rolebinding.yaml b/stable/sso-roles/templates/rolebinding.yaml
new file mode 100644
index 0000000..25909ad
--- /dev/null
+++ b/stable/sso-roles/templates/rolebinding.yaml
@@ -0,0 +1,46 @@
+---
+apiVersion: {{ include "k8s-common.capabilities.rbac.apiVersion" . }}
+kind: RoleBinding
+metadata:
+  name: {{ template "k8s-common.names.fullname" . }}-aws-maintainers
+  namespace: {{ include "k8s-common.names.namespace" . | quote }}
+  labels: {{- include "k8s-common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: 'admin'
+subjects:
+  - kind: Group
+    name: 'aws-maintainers'
+    namespace: {{ include "k8s-common.names.namespace" . | quote }}
+---
+apiVersion: {{ include "k8s-common.capabilities.rbac.apiVersion" . }}
+kind: RoleBinding
+metadata:
+  name: {{ template "k8s-common.names.fullname" . }}-aws-developers
+  namespace: {{ include "k8s-common.names.namespace" . | quote }}
+  labels: {{- include "k8s-common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: 'edit'
+subjects:
+  - kind: Group
+    name: 'aws-developers'
+    namespace: {{ include "k8s-common.names.namespace" . | quote }}
+---
+apiVersion: {{ include "k8s-common.capabilities.rbac.apiVersion" . }}
+kind: RoleBinding
+metadata:
+  name: {{ template "k8s-common.names.fullname" . }}-aws-guests
+  namespace: {{ include "k8s-common.names.namespace" . | quote }}
+  labels: {{- include "k8s-common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: view
+subjects:
+  - kind: Group
+    name: 'aws-guests'
+    namespace: {{ include "k8s-common.names.namespace" . | quote }}
+
diff --git a/stable/sso-roles/values.schema.json b/stable/sso-roles/values.schema.json
new file mode 100644
index 0000000..ec79c3b
--- /dev/null
+++ b/stable/sso-roles/values.schema.json
@@ -0,0 +1,36 @@
+{
+    "title": "Chart Values",
+    "type": "object",
+    "properties": {
+        "global": {
+            "type": "object",
+            "properties": {
+                "product": {
+                    "type": "string",
+                    "description": "The product of the service",
+                    "default": ""
+                },
+                "serviceName": {
+                    "type": "string",
+                    "description": "Name of the service. Affects public DNS.",
+                    "default": "example"
+                },
+                "environment": {
+                    "type": "string",
+                    "description": "Type of the environment, one of \"dev\", \"stage\", \"prod\".",
+                    "default": "dev"
+                },
+                "domain": {
+                    "type": "string",
+                    "description": "Company Root-level domain, expects",
+                    "default": ""
+                }
+            }
+        },
+        "commonLabels": {
+            "type": "object",
+            "description": "Labels to add to all deployed objects",
+            "default": {}
+        }
+    }
+}
\ No newline at end of file
diff --git a/stable/sso-roles/values.yaml b/stable/sso-roles/values.yaml
new file mode 100644
index 0000000..198ff2e
--- /dev/null
+++ b/stable/sso-roles/values.yaml
@@ -0,0 +1,26 @@
+---
+# Default values for sso-roles chart.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+## @section Global parameters
+## Global Docker image parameters
+global:
+  ## @param global.product The product of the service
+  ##
+  product: ""
+  ## @param global.serviceName Name of the service. Affects public DNS.
+  ## E.g. cherry-admin, tpt-service-api
+  ##
+  serviceName: "example"
+  ## @param global.environment Type of the environment, one of "dev", "stage", "prod".
+  ##
+  environment: "dev"
+  ## @param global.domain Company Root-level domain, expects
+  ## [<global.product>.<global.environment>].<global.domain> Route53 HZ.
+  ##
+  domain: ""
+
+## @param commonLabels Labels to add to all deployed objects
+##
+commonLabels: {}