From c3cb96d4d13a0296f4ae4627bb66c1313f2b197d Mon Sep 17 00:00:00 2001
From: Jeremy Rickard <jeremy.rickard@microsoft.com>
Date: Mon, 30 Jul 2018 13:51:07 -0600
Subject: [PATCH] Update VK AKS chart to have RBAC. RBAC default = true

---
 charts/virtual-kubelet-for-aks-0.1.5.tgz      | Bin 0 -> 1946 bytes
 charts/virtual-kubelet-for-aks-latest.tgz     | Bin 1661 -> 1946 bytes
 charts/virtual-kubelet-for-aks/Chart.yaml     |   2 +-
 .../templates/clusterrolebinding.yaml         |  14 ++++++++++++++
 .../templates/deployment.yaml                 |   3 +++
 .../templates/serviceaccount.yaml             |   6 ++++++
 charts/virtual-kubelet-for-aks/values.yaml    |   8 ++++++++
 7 files changed, 32 insertions(+), 1 deletion(-)
 create mode 100644 charts/virtual-kubelet-for-aks-0.1.5.tgz
 create mode 100644 charts/virtual-kubelet-for-aks/templates/clusterrolebinding.yaml
 create mode 100644 charts/virtual-kubelet-for-aks/templates/serviceaccount.yaml

diff --git a/charts/virtual-kubelet-for-aks-0.1.5.tgz b/charts/virtual-kubelet-for-aks-0.1.5.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..30a8e85ade034836d5bb32edcabc87dad281df23
GIT binary patch
literal 1946
zcmV;L2W9vliwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI<9Z{kQ2p3nXjCFWMzT@A)0Avsx!bQ!|Vq2xkj$eeCZC)C&l
z^rY?fbhnu>8UFjJ+Zg;p0!dcMu0(yY-R^$+t?KEj>KPR(A*_CzjF6$KkGZImTiIw&
ziBR^OgzVjm#c>?xq}4J{$8pL}=kVlk^=`_Wt=8emJ9v4|J4hlG5$_!5r8wou{Y4}|
z=?fYw$|DyD{1aISzTSIK9B3pJVGNc^0!t+U8Ucym?4l1`z*)NwK1-xRVOt@gks>rg
zAziBu7!t}{_>x3lD1QG(NPWR2A1mAEp#>0;5MA*2XhacypOR=|r9}^Dr6qYHd^FHg
zrDEwe8WXCf$w&h>O0CM@)(nL-^K|T{-Ll?#>Hie+kp0gHOHlqX1hCEiPnt(%`#(83
z+S~tY2o1>uT?;^9%q3M^%w1U7X~l#96q&fdh(f8q;)Jnl&Zs|k;f#GFb7^5T(|F{2
zBCyRUMyeaQP%OE?`MPL;5h+&cC!-ZBW#vBgFg5>Af+z91aAHhavk4FI%FxI1W1z`s
z_0^Mud7S<vF_kE0DB37gu_PN=$RoWN7-&Qp6CYj6dJo+tBc9`!Bus(#@vIGkGn7E0
z07f(lXf%<Q7!hBu!jeH<P$EGK;Qjlw35h8z=_u{}bH+`x<_HyO>blTQY1MQ90>>yY
z@->Vu@Nn#A#9JppNTcWM|3mh#FpSMEH?DevPTy8{>e)KB_55!-CHp@)ICS>*{~9uw
zV)b~JFhQkgG=TtP#^)FSk6_Ldu|Dao0oNK#$8%6qqADO$B0(>$!r%jlByuea%uio2
zsMn*+tWNLm!S;|Lk!Y`s4HgSM28ekeq0XR2;#k+r)DmjrgfR_L0~;2L+FP&VUsbl-
z|8R;dMj>q#KhqW1V*gFYDV_fZPV?YkZ~w0$_xFuoVMaq2Bq|tFhH4(;X{eXQpP~!D
zHWmv@*Rncyu|DI}6piB!d~DuLv|wAydUXhJOe2I^YMk|TsW~w1G_cf$4)*8N$<#G_
zGZcab2tV{u8ToL0XkKa9PsU?<2etYd45Prjr{ii1)Qmt@eQ0W!!`Fl`I;I!^iDNTj
z+xj=A=%&7cgCjF~2_y7LA`v7H5iXJuiU<|Tbe?01ERaA10;3^S80gqYO{s*RM{~0V
z=U07QS2L!J(f?(`a;*6(o5kM@x_i3&+GH(bK_fMW+E23nldKi#a|!#DWqfNL+{@d^
zcK%<U_}b-My0=e_3b*-x$4;xn{|ARBd;jlM<o+J$c*Qn4Y_YSf&thTa1CyHhNfI^X
zf_^7DHnVU4E^W#i+J(y_tea`q%(|sf;AX*$#~FT1^~efQk$@=Tu5v+-xOkRKMqkiZ
zCi{~@_EF5Jk7vHmlSu6ZlGaHBI(W$Sw6gdrjm?$;=Y#Xtj%|60`N0&{W(f_3gAD~Q
z7H_!!+wDIM0YZ$Poeth&|3^m$2W9{7xOKR<|JRVbh2x#VNWaQPmW4?5`h2AVPc_*X
z{bh2AQJ+W`nij08>puW_L@kVrkjd;z8(_T6qye&ywD^3Tf=)~7I}t-FX+jKYIlDDQ
z_BufZi-lYHt;ocXT><AhmmaIMSm)02{V&sJ#erYkeC%9y2E*%~H(31yFiBb$YE9>$
z<<u&z&f5K9+v}Wnt_Iz+%i(3OeKzR!uBreHRDOf_vSG4s_7`cgQYEn8Z@kWM(78Ih
z8VtMVRgm2LFq+wg)LwpqMZo^e$9~)EUh9GF3|q_(J`CQz>~@|o+ALeS6|moFd!5Qg
z{3dwl<_ZBM`U2Gj&X;FNUUt{WRBmzZf^SCHH?SMFyF2tc{oak&?hHS9y_@Up(=KII
zH_qI^e%h!w_xG#drS=V_N^~?*#-F5qKo$79+wXXvJKnI}@dn$}vwXSZqfmB?;UlmY
zo&P))^%mzFK|il8@O;><ENpe_P0+Yu+fDg3QBxPBA}Wz~%!3@@jI$)fe`$Y4R(Ze|
z7+|C*VKRps>e?x0ZPTo(%s_luUt>K6Rb+)VlF!4C=(FL!wQ_I&TT{1~NL`~|j|HF6
z07dNs)C`<{$z=g+9}2ou)S_xG9)7^rge&c<r8qo5V>v~b^2iFP*>yn<3k(>SC74SZ
zC3n@v>4idhDEjD8C4h7ReI7Q5Ppd%Yo+5{nEnun(l~Zh!5~NI%SGKg|YDbpYq8L*y
zQ?1B#5F0HqN^-l(m~1*h0F=3S`HdR4Sj*#4M>c`HbHD3ERzCIeTd!{)8TyKg_2{*8
zW3NZ8V;C-7V0xq9+9P{i+3x?Riu97J;BE1L%c=PP&BNop|Nk0Nyn3{<xY{@vPxJLt
zBk#rJYl2qREIXx5)1Oy_IJjYh8;AA0Z>Ogvk0F0G`%8`#E#m?`59<QwC8)e3<vw!s
z6z{Cz2aJx7F!J+YZ@q&rlU?lJ@Gwbv_&GGN&HkGw&652$TTW|l|F0pt=l^o-P{_JH
gjV1mJIj_C!WiNZ#%e!~~4*&rF|3+=yApkA_02$83ZvX%Q

literal 0
HcmV?d00001

diff --git a/charts/virtual-kubelet-for-aks-latest.tgz b/charts/virtual-kubelet-for-aks-latest.tgz
index 16d1008d81c5a9bb2f72222b03f0ce9c27b216c9..30a8e85ade034836d5bb32edcabc87dad281df23 100644
GIT binary patch
delta 1905
zcmV-%2afpt44My+K7Zm!5}wcg6(#0Y+FcFCBq2FjigX#m&Y|Q&WXPOuPbbva1@xrt
z_H?(IFd6>)soNO*LIO!v$*x3wvEA-|`mO5es_GdPDj}?Xn~ad5s*ky-lUvznPl-_W
zoP_M%i^Xvq=cLs#Psee}Pv`LDaP@A=o2}O2$vb#?&pSvW6@L-$9OtDt<;nd;BtYp4
z8Y{{p7YO_lSqQ$~dr%x`Bo$!{mP!IkB>@@%iQw#_4_v@myAM7~q(Wg^A)%2XG(sU=
zs}2|v%3S!8L|-U=|3^rD!6hFn+vlML5RnjF@c3v%5q_VNXkw*B4``(&c_Mr?&{L&i
z={6b@s;0?E1AjJ3t;*ll423lFbnK?xvfg^>{}l3&{m%$XQ2sFlu+9EYnnz{(KRG$t
z+y83_4ao#u3qWAZB~@I^U0B&^#e@J9nYh4+LaD#vgt2SRs6Th%jC~_>X<;<ec;tH`
zu+1n&svEdaEV;n>x@dqADOTzyqZKP<<v#T=HUCe7Cx7v}aAHhavk4FI%FxI1W1z`s
z_0^Mud7S<vF_kE0DB37gu_PN=$RoWN7-&Qp6CYj6dJo+tBc9`!Bus(#@vIGkGn7E0
z07f(lXf%<Q7!hBu!jeH<P$EGK;Qjlw35h8z=_u{}bH+`x<_HyO>blTQY1MQ90>>yY
z@->Vu@PBaZX2e@3K}e(L?EgdduP}_wE;p`vgHGR8ck0<Xw)OmPIwku*IXHCo_Wv3(
zm}2#KmoP!4Xf%NUW5(wg0FPkK6R|$&tpV2>OviIjQ=%#$QzAhxt-{~~h$M0?3(QYn
zF{sz0%&boD@4@zvA(3dWj13kGJqCz*Afe8nMt|a1*UZ!sYU6}44N?Oe7K_?juj5};
zw%h-3iY!JUZ52P$71(0`O~)yn{|8R<;9zh6uOavMjbC9#Ll-0}7*mF79^+}Km&Ko=
z3%@oN3rp9sI(M-?<J1(5;|_dm-c7V%Tg!TN2yjdzgj#Bx^>wK^Fzqz3)P@fB=hVs6
zHGg|E6oLi_KlD)<`EYz_UTN4*#$$R1wfY(iqrkkU<7x}kj6ha>Xlj_l*Mu-SrWgQ;
zV>4pg`ZuQNroMuMBQtslBlJlk5hM>0E|L+72o=h7o@0tEkU#_iqajro=-5b2sf3?L
zbF&8LSAAVqGp3Bu|7F8+tobUN#or9Ndw;t7+GH(bK_fMW+E23nldKi#a|!#DWqfNL
z+{@d^cK%<U_}b-My0=e_3b*-x$4;xn{|ARBd;jlM<o+J$c*Qn4Y_YSf&thTa1CyHh
zNfI^Xf_^7DHnVU4E^W#i+J(y_tea`q%(|sf;AX*$#~FT1^~efQk$@=Tu5v+-xPN$-
zOh#YOS0?+DLiSP2sE=p9&yz^)1d`TC13Gxf^|Z41DviyS0q2AB*N$y@iuu75)@BI}
zhJy_SFBWgO|J&_94FN)oo}CWfV*f`+2M1;U@3?iixBu6WyoKYP!brc$MwW$0_4<6J
z0#7yB82x2(iBX?O7n&BVs_Q=hd4EJLjEs=U>`NP9yv?KmvW~R)e4T<$OX@ojLn>)P
z3~D*MHAVJ1K?aM3TluZX#E@M9=Q@`jtF&0>&hq^)(`UtjU)+4`Ty_S->z+4Q{RA*c
zS{G_f=b+`(Dy`1i{bAedoOiAU-LuQ#Wv_iU==QFv01Z@rgZQ#xvTybmX@9a(C9vOb
zyv}gYxjMTV47=x5klg$*n%RZaUVef_!2Zq0e%tF_>w)bITg(qW4Bo!%cAhZWEL*u1
zu-|EWoytc1CV1%P3IQbg0@Vf1muE>{cGt*MZgK8{Z${WRup73!JM=pJ-i_Dp3_p3j
zo9pe<E@f3W&fLI$+Ne19_kXM4rS=V_N^~?*#-F5qKo$79+wXXvJKnI}@dn$}vwXSZ
zqfmB?;UlmYo&P))^%mzFK|il8@O;><ENpe_P0+Yu+fDg3QBxPBA}Wz~%!3@@jI$)f
ze`$Y4R(Ze|7+|C*VKRps>e?x0ZPTo(%s_luUt>K6Rb+)VlF!4C=zp`}zqN92|65bH
zm`GitUXKNz(Evs51Jn$he#vD4Yaa@_RMetsE*^fs*MuwWtED(RKw~*YnDWR9sM&Qv
z4hswzmnE1>8YOqt#_5GZc_{kmQ6+$M0ev1eh)=6P=AI&llPzGX3zbuBlM<v%lUKI1
z<Z4Hj*`gRzE>o?@b$<{WEip=RyULhsIza%Gxp?`F8n;-><55R8fxL6S>qJ&Q_3~S<
zZyy=@ii`E=wR2;yN3CNRE?r=Hqu<&idtKS?|EG%dlB?it@qf#y`2Wqr<Gug?8dAJ^
zw6eI`I2cd!^;0A7#pG*(R@N*#rA^bHSA;mYVS^io^}KJVr)njSA%8XdOO6yR;{rVo
z>jLK`sJtWPK63OF@2uemjE;{m^7CMCy@M~4UF_fRFiCm%IW(}%{+lPwlKnSZPHS)f
ruOYkV|8ne5$htj^CH@RKuf6PLFMHX`yLbN&00960Ms3|804@LkY(c!s

delta 1618
zcmV-Y2Cey;5B&^~K7ZRd67FaHih*zo>@I3qPT~d-5a6<owr3<42e#A0?cre1(%5E0
zkt#{K@uvRo2U32~iyNouA=zDczE~QO58q}U&Wz_&>Wr|)T{cFBx-k*5LGDzuGb2)a
z3zD!m-z~oH`={-;{q=pn`s*K`9&etlzSV9YpT2?bANdKADSu7m8{hw4oa*BKBod>F
zBuzCHJOBd!K$bvc&K|S?%9SRJ!OBQrWh6j35Dw>;0}v9<I|GPVrZh^=NeJbdP>xas
zP6IF@lm+lH;~y#h{`Z7NQYbOeUL+C+fRh9R=!@}~BK$TZeCp(?uUMs{L?$D&&@-)5
z6*QYus%P2Q0Dm?sy{hld9Hp}B^u3mM;=K0O{~_dS{y!%yL-qe5fPMad(mtvB|LJM_
z;QucnG$B(A8~}-_P*e-K2w>x<H5UTVWEub?8kKoVGsbQNqtPOObM~1ml!JV3@W}6(
z#15m#bvF*6thvO+Ry9OU%8druc*9C-eMI}1yZ?JBvVU}|oLZMQY$9U3w)C-j85%O$
zy!F&@k>(#sN)^gE$_`3h)~sii2yQk5V}qzt5@GO{B#f{5zs4lBr`){m4a0$_@Ab3C
z*n9uC{EGjd9v%A!|9=S?&ai&HE106zluseXl!*n#AUG^UCbu`eGZZjKNhb@?GoouC
zGorw3t$)V&Ey#=qjsx~%q!~0CeC<|e4-eq=ks(p&ZJZ63OEU*ZMXaE~z$IyFTCU9!
z+)2im0dc{D<<foaef+b^e*YiMkfkV<r_*PK0(<<w<@=TU|HyA09Uc7tCFJ3u`7_LE
z5`aPt6UtC8Qanq{wnQ@w;OFLY>6lhdc%Kp;gMXf(4ctLY?6b`lJZIIe0WnS}M{slJ
zY;3h8V;a0Xu{4ej-iJKMG%b5`l#<2>UqH)@NAT|0KGI~6O(ygn+{P9Rd2FBad37Wj
zMj)Fp3^gp^Q$`q_P>g}3shzRs{0nn*+g`)biJiTIF-9a)2udUfm)RI4M~y09=Y%4Q
z6@L(kz-U4>#wIt?GpgXn@xt!G#r43nHH@iJjDFg&9b3Lyui|eOJve*%-mH73l5#x(
z_XpMZLAho6T)}?JHomqE9_008KmX?;K!W_)<)A(Me{$6JtNj12ec=BW5t7mm>#_*m
zYvkrpHRr7{YSMD<D31fU*qDHmpe8ZVB!AeHZyt%t97Bey<dV^dr~q0fg<Lf^UjT}T
zMi?0*Q|mXAnx&5qVj8UnG7^bx2`bk#o-oz*aCt%ut_e$59BftIHbI8vGN^slWNPBj
zGR{pQJ+AfG=FY|OSLt(k;+MC-gjeBkbkpk(Hy;6PktP7Q<sY?ux7O>tGZ=OH;eSPV
zJ?x%ejjno~^I^AlT?c5Qj+!J=O`CmtAC=&Bu-|U`;b<6MpI;A0-HSR%VSUKwUMaON
zF0c$Zxcz0&>346;#GVXWt`B@2ymQqJzhSoPYQ<i_LD=bswS)LoiX<o~0Tf0O^(8L)
zI4OU5iu07)-{B&F$j)$JVRsyNcYo9m2ff>VCmg-+_ik_YFS}Az*|~BH`+le4JUncI
z7xyzNotbE)ia(`-?*zW-4#NJ2us`aA{oy|ItQL18l-f%%c?9+{{P(w_-r-^==!dNb
zUW~f6jjbQO4H|bGyVc(iJqt{BtTW}MA}#>V1<Mlrr^vWgbsmT$#>h1#On(({6Vp1!
zba$<)&I}|{jV;z=P-RxwB1Ixeh`Ag7<5oxe@0PmdRGAiyMk>Xe#wgvl;95BIP^bd9
zZ%ejRwxW714!*#rOlXAVGRF}yTF)uNRA*K~U6%_BSYW|~s=!=Pp550w=LN;;RLs?*
zD**WhMj~mFh}MB@ow9(l-haT{7HYTHE+fd9rf6)r=K6^&v&S%ILgiLb7$CJ)VvXc(
zlQHeOK>)NZy#7iVu9Rlg17sL!A-9+&<nXpw9u-ZY0$^tQUpr3vtIGcPKR2ZB`73B&
z{kQEO)#^XT?+)?*OGq*PpReQnRe<qrv3~C4y_9^)&{=m|-_o}0k4qau9Nx0wt<QS>
z&u3?qh@tq`%ufYUbZiLpJgiGxRG^B1RPe~vQ~u8izQFk13G%22_Sz?Skb@lLAkUNk
Q1pom5|KLwHg8(J~0BKMxzyJUM

diff --git a/charts/virtual-kubelet-for-aks/Chart.yaml b/charts/virtual-kubelet-for-aks/Chart.yaml
index e88317184..75338af14 100644
--- a/charts/virtual-kubelet-for-aks/Chart.yaml
+++ b/charts/virtual-kubelet-for-aks/Chart.yaml
@@ -1,5 +1,5 @@
 name: virtual-kubelet-for-aks
-version: 0.1.4
+version: 0.1.5
 description: a Helm chart to install virtual kubelet in an AKS or ACS cluster.
 sources:
   - https://github.com/virtual-kubelet/virtual-kubelet
diff --git a/charts/virtual-kubelet-for-aks/templates/clusterrolebinding.yaml b/charts/virtual-kubelet-for-aks/templates/clusterrolebinding.yaml
new file mode 100644
index 000000000..620072e25
--- /dev/null
+++ b/charts/virtual-kubelet-for-aks/templates/clusterrolebinding.yaml
@@ -0,0 +1,14 @@
+{{ if .Values.rbac.install }}
+apiVersion: "rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }}"
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "fullname" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ template "fullname" . }}
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.rbac.roleRef }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/virtual-kubelet-for-aks/templates/deployment.yaml b/charts/virtual-kubelet-for-aks/templates/deployment.yaml
index e7c2269bc..9b88283b3 100644
--- a/charts/virtual-kubelet-for-aks/templates/deployment.yaml
+++ b/charts/virtual-kubelet-for-aks/templates/deployment.yaml
@@ -56,5 +56,8 @@ spec:
         hostPath:
           path: /etc/kubernetes/azure.json
           type: File
+      {{ if .Values.rbac.install }}
+      serviceAccountName: {{ template "fullname" . }}
+      {{ end }}
       nodeSelector:
         beta.kubernetes.io/os: linux
\ No newline at end of file
diff --git a/charts/virtual-kubelet-for-aks/templates/serviceaccount.yaml b/charts/virtual-kubelet-for-aks/templates/serviceaccount.yaml
new file mode 100644
index 000000000..31eb4650d
--- /dev/null
+++ b/charts/virtual-kubelet-for-aks/templates/serviceaccount.yaml
@@ -0,0 +1,6 @@
+{{ if .Values.rbac.install }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "fullname" . }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/virtual-kubelet-for-aks/values.yaml b/charts/virtual-kubelet-for-aks/values.yaml
index 7dd131fcb..e34f51a6f 100644
--- a/charts/virtual-kubelet-for-aks/values.yaml
+++ b/charts/virtual-kubelet-for-aks/values.yaml
@@ -15,3 +15,11 @@ env:
   apiserverCert: 
   apiserverKey: 
   monitoredNamespace:
+
+# Install Default RBAC roles and bindings
+rbac:
+  install: true
+  ## RBAC api version
+  apiVersion: v1beta1
+  # Cluster role reference
+  roleRef: cluster-admin
\ No newline at end of file