From d0c56528d291dacd739c47774359a3bbb3e1c1b4 Mon Sep 17 00:00:00 2001
From: Jerry Sun <jerry.sun@windriver.com>
Date: Mon, 8 Jun 2020 22:26:23 -0400
Subject: [PATCH] Add helm chart for psp-rolebinding

This commit adds a helm chart that deploys a rolebinding to allow
application deployments to a specified namespace after the
PodSecurityPolicy plugin is enabled on the Kubernetes cluster.

Partial-bug: 1878900

Change-Id: I58270da3596eea536bc5b96a2e8a4d62e4138afc
Signed-off-by: Jerry Sun <jerry.sun@windriver.com>
---
 .../helm-charts/psp-rolebinding/Chart.yaml    |  5 +++++
 .../templates/rolebinding.yaml                | 21 +++++++++++++++++++
 .../helm-charts/psp-rolebinding/values.yaml   |  8 +++++++
 3 files changed, 34 insertions(+)
 create mode 100644 psp-rolebinding/psp-rolebinding/helm-charts/psp-rolebinding/Chart.yaml
 create mode 100644 psp-rolebinding/psp-rolebinding/helm-charts/psp-rolebinding/templates/rolebinding.yaml
 create mode 100644 psp-rolebinding/psp-rolebinding/helm-charts/psp-rolebinding/values.yaml

diff --git a/psp-rolebinding/psp-rolebinding/helm-charts/psp-rolebinding/Chart.yaml b/psp-rolebinding/psp-rolebinding/helm-charts/psp-rolebinding/Chart.yaml
new file mode 100644
index 0000000..f6b4207
--- /dev/null
+++ b/psp-rolebinding/psp-rolebinding/helm-charts/psp-rolebinding/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart for PSP role bindings
+name: psp-rolebinding
+version: 0.1.0
diff --git a/psp-rolebinding/psp-rolebinding/helm-charts/psp-rolebinding/templates/rolebinding.yaml b/psp-rolebinding/psp-rolebinding/helm-charts/psp-rolebinding/templates/rolebinding.yaml
new file mode 100644
index 0000000..3454c84
--- /dev/null
+++ b/psp-rolebinding/psp-rolebinding/helm-charts/psp-rolebinding/templates/rolebinding.yaml
@@ -0,0 +1,21 @@
+{{/*
+#
+# Copyright (c) 2020 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+*/}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name:  {{ .Values.rolebindingNamespace }}-privileged-psp-users
+  namespace: {{ .Values.rolebindingNamespace }}
+roleRef:
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+   name: privileged-psp-user
+subjects:
+- kind: Group
+  name: system:serviceaccounts:{{ .Values.serviceAccount }}
+  apiGroup: rbac.authorization.k8s.io
diff --git a/psp-rolebinding/psp-rolebinding/helm-charts/psp-rolebinding/values.yaml b/psp-rolebinding/psp-rolebinding/helm-charts/psp-rolebinding/values.yaml
new file mode 100644
index 0000000..84e029b
--- /dev/null
+++ b/psp-rolebinding/psp-rolebinding/helm-charts/psp-rolebinding/values.yaml
@@ -0,0 +1,8 @@
+#
+# Copyright (c) 2020 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+rolebindingNamespace: default
+serviceAccount: default