Add kubevirt-chart

Imported from https://github.com/suse-edge/charts/tree/main/charts/kubevirt/0.4.0
2024-11-15 17:30:49 +00:00
parent fcbe8b9452
commit fc3da390e9
15 changed files with 8412 additions and 0 deletions
--- a/kubevirt-chart/templates/namespace-hooks.yaml
+++ b/kubevirt-chart/templates/namespace-hooks.yaml
@@ -0,0 +1,60 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "kubevirt.namespaceHook.name" . }}
+  {{ template "kubevirt.namespaceHook.annotations" (dict "hookWeight" 1) }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "kubevirt.namespaceHook.name" . }}
+  {{ template "kubevirt.namespaceHook.annotations" (dict "hookWeight" 1) }}
+rules:
+  - apiGroups: [ "" ]
+    resources: [ "namespaces" ]
+    resourceNames:
+      - {{ .Release.Namespace | quote }}
+    verbs: [ "get", "patch" ]
+  - apiGroups: [ "management.cattle.io" ] # Rancher
+    resources: [ "projects" ]
+    verbs: [ "updatepsa" ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "kubevirt.namespaceHook.name" . }}
+  {{ template "kubevirt.namespaceHook.annotations" (dict "hookWeight" 2) }}
+subjects:
+  - kind: ServiceAccount
+    namespace: {{ .Release.Namespace }}
+    name: {{ template "kubevirt.namespaceHook.name" . }}
+roleRef:
+  kind: ClusterRole
+  name: {{ template "kubevirt.namespaceHook.name" . }}
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "kubevirt.namespaceHook.name" . }}
+  {{ template "kubevirt.namespaceHook.annotations" (dict "hookWeight" 3) }}
+spec:
+  template:
+    metadata:
+      name: {{ template "kubevirt.namespaceHook.name" . }}
+    spec:
+      serviceAccountName: {{ template "kubevirt.namespaceHook.name" . }}
+      restartPolicy: {{ .Values.hookRestartPolicy }}
+      containers:
+        - name: {{ template "kubevirt.namespaceHook.name" . }}
+          securityContext:
+            {{- toYaml .Values.hookSecurityContext | nindent 12 }}
+          image: {{ .Values.hookImage }}
+          args:
+            - label
+            - namespace
+            - {{ .Release.Namespace }}
+            - kubevirt.io=
+            - pod-security.kubernetes.io/enforce=privileged