remove examples add a simple example

Author: waveywaves

Dockerfile

@@ -24,8 +24,14 @@ FROM alpine:3.19
 WORKDIR /
 COPY --from=builder /workspace/manager .
 
+# Create home directory for non-root user
+RUN mkdir -p /home/nonroot && \
+    chown -R 65532:65532 /home/nonroot
+
 # Install Helm
 ENV HELM_VERSION="v3.14.4"
+ENV HOME="/home/nonroot"
+
 RUN apk add --no-cache curl tar && \
     curl -fsSL -o helm.tar.gz https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz && \
     tar -xzf helm.tar.gz && \

api/v1alpha1/virtualcluster_types.go

@@ -18,10 +18,12 @@ package v1alpha1
 
 import (
 	"encoding/json"
+	"fmt"
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	"sigs.k8s.io/yaml"
 )
 
 // EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
@@ -40,9 +42,12 @@ type VirtualClusterSpec struct {
 func (in VirtualCluster) GetValues() (map[string]interface{}, error) {
 	var values map[string]interface{}
 	if in.Spec.Values != nil {
-		err := json.Unmarshal(in.Spec.Values.Raw, &values)
-		if err != nil {
-			return nil, err
+		// For raw JSON values
+		if err := json.Unmarshal(in.Spec.Values.Raw, &values); err != nil {
+			// If raw JSON unmarshal fails, try YAML unmarshal
+			if yamlErr := yaml.Unmarshal(in.Spec.Values.Raw, &values); yamlErr != nil {
+				return nil, fmt.Errorf("failed to unmarshal values as JSON or YAML: %v, %v", err, yamlErr)
+			}
 		}
 	}
 	// Initialize an empty map if values is nil

config/rbac/role.yaml

@@ -2,32 +2,79 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: manager-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: openvirtualcluster-operator
+    app.kubernetes.io/part-of: openvirtualcluster-operator
+    app.kubernetes.io/managed-by: kustomize
   name: manager-role
 rules:
+- apiGroups:
+  - core.openvc.dev
+  resources:
+  - virtualclusters
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - core.openvc.dev
+  resources:
+  - virtualclusters/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - core.openvc.dev
+  resources:
+  - virtualclusters/status
+  verbs:
+  - get
+  - patch
+  - update
 - apiGroups:
   - ""
   resources:
-  - configmaps
+  - namespaces
   - pods
-  - secrets
   - services
+  - serviceaccounts
+  - configmaps
+  - secrets
+  - events
+  - endpoints
+  - persistentvolumeclaims
+  - pods/attach
+  - pods/exec
+  - pods/log
+  - pods/portforward
+  - pods/status
+  - pods/ephemeralcontainers
   verbs:
   - create
   - delete
   - get
   - list
+  - patch
   - update
   - watch
 - apiGroups:
   - apps
   resources:
   - deployments
   - statefulsets
+  - replicasets
   verbs:
   - create
   - delete
   - get
   - list
+  - patch
   - update
   - watch
 - apiGroups:
@@ -39,12 +86,13 @@ rules:
   - delete
   - get
   - list
+  - patch
   - update
   - watch
 - apiGroups:
-  - core.openvc.dev
+  - networking.k8s.io
   resources:
-  - virtualclusters
+  - ingresses
   verbs:
   - create
   - delete
@@ -54,27 +102,17 @@ rules:
   - update
   - watch
 - apiGroups:
-  - core.openvc.dev
+  - rbac.authorization.k8s.io
   resources:
-  - virtualclusters/finalizers
-  verbs:
-  - update
-- apiGroups:
-  - core.openvc.dev
-  resources:
-  - virtualclusters/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - networking.k8s.io
-  resources:
-  - ingresses
+  - roles
+  - rolebindings
+  - clusterroles
+  - clusterrolebindings
   verbs:
   - create
   - delete
   - get
   - list
+  - patch
   - update
   - watch

examples/basic-virtualcluster.yaml

@@ -0,0 +1,83 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: openvc-default-namespace-role
+  namespace: default
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts
+  - configmaps
+  - pods
+  - services
+  - secrets
+  - events
+  - endpoints
+  - persistentvolumeclaims
+  - pods/attach
+  - pods/exec
+  - pods/log
+  - pods/portforward
+  - pods/status
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  - statefulsets
+  - replicasets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - batch
+  resources:
+  - jobs
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - roles
+  - rolebindings
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: openvc-default-namespace-rolebinding
+  namespace: default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: openvc-default-namespace-role
+subjects:
+- kind: ServiceAccount
+  name: openvc-openvirtualcluster-operator
+  namespace: openvc-system