add battalions chart

add chart for deploying a battalion to warnet.
a battalion is a collection of users in a namespace
with roles assigned to the users that allow them to
manage resources in their namespace only. after
the battalion namespace is created, the bitcoincore
chart can be used to deploy tanks to the battalion.

Author: josibake

resources/charts/battalions/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: battalion-namespace
+description: A Helm chart for creating a battalion namespace
+type: application
+version: 0.1.0
+appVersion: "1.0.0"

resources/charts/battalions/templates/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ .Values.namespaceName | default .Release.Name }}

resources/charts/battalions/templates/role.yaml

@@ -0,0 +1,10 @@
+{{- range .Values.roles }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .name }}
+  namespace: {{ $.Values.namespaceName | default $.Release.Name }}
+rules:
+{{ toYaml .rules | indent 2 }}
+{{- end }}

resources/charts/battalions/templates/rolebinding.yaml

@@ -0,0 +1,18 @@
+{{- range $user := .Values.users }}
+{{- range $role := $user.roles }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ $.Release.Name }}-{{ $role }}-{{ $user.name }}
+  namespace: {{ $.Values.namespaceName | default $.Release.Name }}
+subjects:
+- kind: ServiceAccount
+  name: {{ $user.name }}
+  namespace: {{ $.Values.namespaceName | default $.Release.Name }}
+roleRef:
+  kind: Role
+  name: {{ $role }}
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
+{{- end }}

resources/charts/battalions/templates/serviceaccount.yaml

@@ -0,0 +1,11 @@
+{{- range .Values.users }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .name }}
+  namespace: {{ $.Values.namespaceName | default $.Release.Name }}
+  annotations:
+    helm.sh/hook: post-install,post-upgrade
+    helm.sh/hook-weight: "-5"
+{{- end }}

resources/charts/battalions/values.yaml

@@ -0,0 +1,19 @@
+users:
+  - name: alice
+    roles:
+      - pod-viewer
+  - name: bob
+    roles:
+      - pod-viewer
+      - pod-manager
+roles:
+  - name: pod-viewer
+    rules:
+      - apiGroups: [""]
+        resources: ["pods"]
+        verbs: ["get", "list", "watch"]
+  - name: pod-manager
+    rules:
+      - apiGroups: [""]
+        resources: ["pods"]
+        verbs: ["get", "list", "watch", "create", "update", "delete"]

resources/charts/battalions/warnet-battalion-00-values.yaml

@@ -0,0 +1,19 @@
+users:
+  - name: alice
+    roles:
+      - pod-viewer
+  - name: bob
+    roles:
+      - pod-viewer
+      - pod-manager
+roles:
+  - name: pod-viewer
+    rules:
+      - apiGroups: [""]
+        resources: ["pods"]
+        verbs: ["get", "list", "watch"]
+  - name: pod-manager
+    rules:
+      - apiGroups: [""]
+        resources: ["pods"]
+        verbs: ["get", "list", "watch", "create", "update", "delete"]

resources/charts/battalions/warnet-battalion-01-values.yaml

@@ -0,0 +1,19 @@
+users:
+  - name: alice
+    roles:
+      - pod-viewer
+  - name: bob
+    roles:
+      - pod-viewer
+      - pod-manager
+roles:
+  - name: pod-viewer
+    rules:
+      - apiGroups: [""]
+        resources: ["pods"]
+        verbs: ["get", "list", "watch"]
+  - name: pod-manager
+    rules:
+      - apiGroups: [""]
+        resources: ["pods"]
+        verbs: ["get", "list", "watch", "create", "update", "delete"]