add configmap for kruise game (#28)

Co-authored-by: “skkkkkkk” <sk01199367@alibaba-inc.com>

versions/kruise-game/0.1.0/templates/controller_manager_config.yaml

@@ -0,0 +1,42 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: kruise-game-manager-config
+  namespace: {{ .Values.installation.namespace }}
+data:
+  config.toml: |
+    [kubernetes]
+    enable = true
+    [kubernetes.hostPort]
+    max_port = 9000
+    min_port = 8000
+
+    [alibabacloud]
+    enable = true
+    [alibabacloud.slb]
+    max_port = 700
+    min_port = 500
+  controller_manager_config.yaml: |
+    apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
+    kind: ControllerManagerConfig
+    health:
+      healthProbeBindAddress: :8081
+    metrics:
+      bindAddress: 127.0.0.1:8080
+    webhook:
+      port: 9443
+    leaderElection:
+      leaderElect: true
+      resourceName: c637bb1e.my.domain
+# leaderElectionReleaseOnCancel defines if the leader should step down volume
+# when the Manager ends. This requires the binary to immediately end when the
+# Manager is stopped, otherwise, this setting is unsafe. Setting this significantly
+# speeds up voluntary leader transitions as the new leader don't have to wait
+# LeaseDuration time first.
+# In the default scaffold provided, the program ends immediately after
+# the manager stops, so would be fine to enable this option. However,
+# if you are doing or is intended to do any operation such as perform cleanups
+# after the manager stops then its usage might be unsafe.
+# leaderElectionReleaseOnCancel: true
+
+

versions/kruise-game/0.1.0/templates/manager.yaml

@@ -14,10 +14,10 @@ metadata:
     control-plane: {{ .Values.kruiseGame.fullname }}
 spec:
   ports:
-  - name: https
-    port: {{ .Values.service.port }}
-    protocol: TCP
-    targetPort: https
+    - name: https
+      port: {{ .Values.service.port }}
+      protocol: TCP
+      targetPort: https
   selector:
     control-plane: {{ .Values.kruiseGame.fullname }}
 ---
@@ -53,7 +53,8 @@ spec:
         - command:
             - /manager
           args:
-            - --leader-elect=false
+            - '-leader-elect=false'
+            - '-provider-config=/etc/kruise-game/config.toml'
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           name: manager
@@ -78,5 +79,16 @@ spec:
           # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+            - mountPath: /etc/kruise-game
+              name: provider-config
       serviceAccountName: {{ .Values.kruiseGame.fullname }}
       terminationGracePeriodSeconds: 10
+      volumes:
+        - configMap:
+            defaultMode: 420
+            items:
+              - key: config.toml
+                path: config.toml
+            name: kruise-game-manager-config
+          name: provider-config

versions/kruise-game/0.1.0/templates/rbac_role.yaml

@@ -7,8 +7,7 @@ metadata:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  name: leader-election-role
-  namespace: {{ .Values.installation.namespace }}
+  name: kruise-game-leader-election-role
 rules:
   - apiGroups:
       - ""
@@ -46,7 +45,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   creationTimestamp: null
-  name: manager-role
+  name: kruise-game-manager-role
 rules:
   - apiGroups:
       - ""
@@ -241,14 +240,41 @@ rules:
       - update
 ---
 apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: kruise-game-metrics-reader
+rules:
+  - nonResourceURLs:
+      - "/metrics"
+    verbs:
+      - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: kruise-game-proxy-role
+rules:
+  - apiGroups:
+      - authentication.k8s.io
+    resources:
+      - tokenreviews
+    verbs:
+      - create
+  - apiGroups:
+      - authorization.k8s.io
+    resources:
+      - subjectaccessreviews
+    verbs:
+      - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: leader-election-rolebinding
-  namespace: {{ .Values.installation.namespace }}
+  name: kruise-game-leader-election-rolebinding
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: leader-election-role
+  name: kruise-game-leader-election-role
 subjects:
   - kind: ServiceAccount
     name: {{ .Values.kruiseGame.fullname }}
@@ -257,12 +283,25 @@ subjects:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: manager-rolebinding
+  name: kruise-game-manager-rolebinding
   namespace: {{ .Values.installation.namespace }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: manager-role
+  name: kruise-game-manager-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.kruiseGame.fullname }}
+    namespace: {{ .Values.installation.namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: kruise-game-proxy-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: proxy-role
 subjects:
   - kind: ServiceAccount
     name: {{ .Values.kruiseGame.fullname }}

versions/kruise-game/0.1.0/values.yaml

@@ -16,8 +16,8 @@ kruiseGame:
 replicaCount: 1
 
 image:
-  repository: registry.cn-hangzhou.aliyuncs.com/acs/kruise-game-controller-manager
-  tag: v0.0.9
+  repository: openkruise/kruise-game-manager
+  tag: v0.1.0-pre
   pullPolicy: Always
   # Overrides the image tag whose default is the chart appVersion.