allow to pass multiple gameservers namespaces and creates RBAC requir…

…ements in each namespace.

build/Makefile

@@ -123,7 +123,7 @@ install: IMAGE_PULL_POLICY := "Always"
 install: ensure-build-image
 	docker run --rm $(common_mounts) $(DOCKER_RUN_ARGS) $(build_tag) \
 		helm upgrade --install --namespace=default \
-		--set image.tag=$(VERSION),image.registry=$(REGISTRY),image.controller.pullPolicy=$(IMAGE_PULL_POLICY),image.sdk.alwaysPull=$(ALWAYS_PULL_SIDECAR) \
+		--set agones.image.tag=$(VERSION),agones.image.registry=$(REGISTRY),agones.image.controller.pullPolicy=$(IMAGE_PULL_POLICY),agones.image.sdk.alwaysPull=$(ALWAYS_PULL_SIDECAR) \
 		agones $(mount_path)/install/helm/agones/
 
 # Build a static binary for the gameserver controller

install/helm/README.md

@@ -27,6 +27,26 @@ The command deploys Agones on the Kubernetes cluster with the default configurat
 
 > **Tip**: List all releases using `helm list`
 
+## Namespaces
+
+By default Agones is configured to work with game servers deployed in the `default` namespace. If you are planning to use other namespace you can configure Agones via the parameter `gameservers.namespaces`.
+
+For example to use `default` **and** `xbox` namespaces:
+
+```bash
+$ kubectl create namespace xbox
+$ helm install --set "gameservers.namespaces={default,xbox}"--name my-release agones
+```
+
+> You need to create your namespaces before installing Agones.
+
+If you want to add a new namespace afterward simply upgrade your release:
+
+```bash
+$ kubectl create namespace ps4
+$ helm upgrade --set "gameservers.namespaces={default,xbox,ps4}" my-release agones
+```
+
 ## Uninstalling the Chart
 
 To uninstall/delete the `my-release` deployment:
@@ -43,28 +63,30 @@ The following tables lists the configurable parameters of the Agones chart and t
 
 | Parameter                            | Description                                                     | Default                    |
 | ------------------------------------ | ----------------------------------------------------------------| ---------------------------|
-| `namespace`                          | Namespace to use for Agones                                     | `agones-system`            |
-| `serviceaccount.controller`          | Service account name for the controller                         | `agones-controller`        |
-| `serviceaccount.sdk`                 | Service account name for the sdk                                | `agones-sdk`               |
-| `image.registry`                     | Global image registry for all images                            | `gcr.io/agones-images`     |
-| `image.tag`                          | Global image tag for all images                                 | `0.2`                      |
-| `image.controller.name`              | Image name for the controller                                   | `agones-controller`        |
-| `image.controller.pullPolicy`        | Image pull policy for the controller                            | `IfNotPresent`             |
-| `image.sdk.name`                     | Image name for the sdk                                          | `agones-sdk`               |
-| `image.sdk.alwaysPull`               | Tells if the sdk image should always be pulled                  | `false`                    |
-| `minPort`                            | Minimum port to use for dynamic port allocation                 | `7000`                     |
-| `maxPort`                            | Maximum port to use for dynamic port allocation                 | `8000`                     |
-| `healthCheck.http.port`              | Port to use for liveness probe service                          | `8080`                     |
-| `healthCheck.initialDelaySeconds`    | Initial delay before performing the first probe (in seconds)    | `3`                        |
-| `healthCheck.periodSeconds`          | Seconds between every liveness probe (in seconds)               | `3`                        |
-| `healthCheck.failureThreshold`       | Number of times before giving up (in seconds)                   | `3`                        |
-| `healthCheck.timeoutSeconds`         | Number of seconds after which the probe times out (in seconds)  | `1`                        |
+| `agones.namespace`                          | Namespace to use to deploy Agones                                     | `agones-system`            |
+| `agones.serviceaccount.controller`          | Service account name for the controller                         | `agones-controller`        |
+| `agones.serviceaccount.sdk`                 | Service account name for the sdk                                | `agones-sdk`               |
+| `agones.image.registry`                     | Global image registry for all images                            | `gcr.io/agones-images`     |
+| `agones.image.tag`                          | Global image tag for all images                                 | `0.2`                      |
+| `agones.image.controller.name`              | Image name for the controller                                   | `agones-controller`        |
+| `agones.image.controller.pullPolicy`        | Image pull policy for the controller                            | `IfNotPresent`             |
+| `agones.image.sdk.name`                     | Image name for the sdk                                          | `agones-sdk`               |
+| `agones.image.sdk.alwaysPull`               | Tells if the sdk image should always be pulled                  | `false`                    |
+| `agones.controller.healthCheck.http.port`              | Port to use for liveness probe service                          | `8080`                     |
+| `agones.controller.healthCheck.initialDelaySeconds`    | Initial delay before performing the first probe (in seconds)    | `3`                        |
+| `agones.controller.healthCheck.periodSeconds`          | Seconds between every liveness probe (in seconds)               | `3`                        |
+| `agones.controller.healthCheck.failureThreshold`       | Number of times before giving up (in seconds)                   | `3`                        |
+| `agones.controller.healthCheck.timeoutSeconds`         | Number of seconds after which the probe times out (in seconds)  | `1`                        |
+| `agones.controller.resources`  | Controller resource requests/limit | `{}`
+| `gameservers.namespaces`                         | a list of namespaces you are planning to use to deploy game servers | `["defaut"]` |
+| `gameservers.minPort`                            | Minimum port to use for dynamic port allocation                 | `7000`                     |
+| `gameservers.maxPort`                            | Maximum port to use for dynamic port allocation                 | `8000`                     |
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
 
 ```bash
 $ helm install --name my-release \
-  --set namespace=mynamespace,minPort=1000,maxPort=5000 agones
+  --set agones.namespace=mynamespace,gameservers.minPort=1000,gamesevers.maxPort=5000 agones
 ```
 
 The above command sets the namespace where Agones is deployed to `mynamespace`. Additionally Agones will use a dynamic port allocation range of 1000-5000.

install/helm/agones/templates/NOTES.txt

@@ -1,6 +1,6 @@
-The Agones controller has been installed in the namespace {{ .Values.namespace }}.
+The Agones controller has been installed in the namespace {{ .Values.agones.namespace }}.
 
-You can watch the status by running 'kubectl --namespace {{ .Values.namespace }} get pods -o wide -w {{ .Values.serviceaccount.controller }}'
+You can watch the status by running 'kubectl --namespace {{ .Values.agones.namespace }} get pods -o wide -w {{ .Values.agones.serviceaccount.controller }}'
 
 Once ready you can create your first GameServer using our examples:
 

install/helm/agones/templates/controller.yaml

@@ -16,7 +16,7 @@ apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
   name: agones-controller
-  namespace: {{ .Values.namespace}}
+  namespace: {{ .Values.agones.namespace}}
   labels:
     component: controller
     app: {{ template "agones.name" . }}
@@ -36,27 +36,31 @@ spec:
         release: {{ .Release.Name }}
         heritage: {{ .Release.Service }}
     spec:
-      serviceAccountName: {{ .Values.serviceaccount.controller }}
+      serviceAccountName: {{ .Values.agones.serviceaccount.controller }}
       containers:
       - name: agones-controller
-        image: "{{ .Values.image.registry }}/{{ .Values.image.controller.name}}:{{ .Values.image.tag }}"
-        imagePullPolicy: {{ .Values.image.controller.pullPolicy }}
+        image: "{{ .Values.agones.image.registry }}/{{ .Values.agones.image.controller.name}}:{{ .Values.agones.image.tag }}"
+        imagePullPolicy: {{ .Values.agones.image.controller.pullPolicy }}
         env:
         - name: ALWAYS_PULL_SIDECAR # set the sidecar imagePullPolicy to Always
-          value: {{ .Values.image.sdk.alwaysPull | quote }}
+          value: {{ .Values.agones.image.sdk.alwaysPull | quote }}
         # minimum port that can be exposed to GameServer traffic
         - name: MIN_PORT
-          value: {{ .Values.minPort | quote }} 
+          value: {{ .Values.gameservers.minPort | quote }} 
         # maximum port that can be exposed to GameServer traffic
         - name: MAX_PORT
-          value: {{ .Values.maxPort | quote }}
+          value: {{ .Values.gameservers.maxPort | quote }}
         - name: SIDECAR # overwrite the GameServer sidecar image that is used
-          value: "{{ .Values.image.registry }}/{{ .Values.image.sdk.name}}:{{ .Values.image.tag }}"
+          value: "{{ .Values.agones.image.registry }}/{{ .Values.agones.image.sdk.name}}:{{ .Values.agones.image.tag }}"
         livenessProbe:
           httpGet:
             path: /live
-            port: {{ .Values.healthCheck.http.port }}
-          initialDelaySeconds: {{ .Values.healthCheck.initialDelaySeconds }}
-          periodSeconds: {{ .Values.healthCheck.periodSeconds }}
-          failureThreshold: {{ .Values.healthCheck.failureThreshold }}
-          timeoutSeconds: {{ .Values.healthCheck.timeoutSeconds }}
+            port: {{ .Values.agones.controller.healthCheck.http.port }}
+          initialDelaySeconds: {{ .Values.agones.controller.healthCheck.initialDelaySeconds }}
+          periodSeconds: {{ .Values.agones.controller.healthCheck.periodSeconds }}
+          failureThreshold: {{ .Values.agones.controller.healthCheck.failureThreshold }}
+          timeoutSeconds: {{ .Values.agones.controller.healthCheck.timeoutSeconds }}
+{{- if .Values.agones.controller.resources }}
+        resources:
+{{ toYaml .Values.agones.controller.resources | indent 10 }}
+{{- end }}

install/helm/agones/templates/crds/fleet.yaml

@@ -16,6 +16,12 @@ apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
   name: fleets.stable.agones.dev
+  labels:
+    component: crd
+    app: {{ template "agones.name" . }}
+    chart: {{ template "agones.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
 spec:
   group: stable.agones.dev
   version: v1alpha1

install/helm/agones/templates/mutatingwebhook.yaml

@@ -16,7 +16,7 @@ apiVersion: admissionregistration.k8s.io/v1beta1
 kind: MutatingWebhookConfiguration
 metadata:
   name: agones-mutation-webhook
-  namespace: {{ .Values.namespace }}
+  namespace: {{ .Values.agones.namespace }}
   labels:
     component: controller
     app: {{ template "agones.name" . }}
@@ -29,7 +29,7 @@ webhooks:
     clientConfig:
       service:
         name: agones-controller-service
-        namespace: {{ .Values.namespace }}
+        namespace: {{ .Values.agones.namespace }}
         path: /mutate
       caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVLVENDQXhHZ0F3SUJBZ0lKQU9KUDY0MTB3dkdTTUEwR0NTcUdTSWIzRFFFQkN3VUFNSUdxTVFzd0NRWUQKVlFRR0V3SlZVekVUTUJFR0ExVUVDQXdLVTI5dFpTMVRkR0YwWlRFUE1BMEdBMVVFQ2d3R1FXZHZibVZ6TVE4dwpEUVlEVlFRTERBWkJaMjl1WlhNeE5EQXlCZ05WQkFNTUsyRm5iMjVsY3kxamIyNTBjbTlzYkdWeUxYTmxjblpwClkyVXVZV2R2Ym1WekxYTjVjM1JsYlM1emRtTXhMakFzQmdrcWhraUc5dzBCQ1FFV0gyRm5iMjVsY3kxa2FYTmoKZFhOelFHZHZiMmRzWldkeWIzVndjeTVqYjIwd0hoY05NVGd3TWpFME1EUTBORFEyV2hjTk1qZ3dNakV5TURRMApORFEyV2pDQnFqRUxNQWtHQTFVRUJoTUNWVk14RXpBUkJnTlZCQWdNQ2xOdmJXVXRVM1JoZEdVeER6QU5CZ05WCkJBb01Ca0ZuYjI1bGN6RVBNQTBHQTFVRUN3d0dRV2R2Ym1Wek1UUXdNZ1lEVlFRRERDdGhaMjl1WlhNdFkyOXUKZEhKdmJHeGxjaTF6WlhKMmFXTmxMbUZuYjI1bGN5MXplWE4wWlcwdWMzWmpNUzR3TEFZSktvWklodmNOQVFrQgpGaDloWjI5dVpYTXRaR2x6WTNWemMwQm5iMjluYkdWbmNtOTFjSE11WTI5dE1JSUJJakFOQmdrcWhraUc5dzBCCkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXpnVlQ5MGVqeE5ud0NvL09qTUQyNmZVNGRya1NlZndkUWd3aWJpZmEKbDhyazZZMFZ2T0lWMUgrbFJvd2UwNm1XTnVSNUZPWEZBMGZYbHZ4Q0tLWVZRcFNQRUsyWVN5aC9hU25KUUw2cQpvOGVBWVRKQmtPWUxCNUNiekl6aVdlb1FmT1lOOE1sRW44YlhKZGllSmhISDhVbnlqdHlvVGx4emhabVgrcGZ0CmhVZGVhM1Zrek8yMW40K1FFM1JYNWYxMzJGVEZjdXFYT1VBL3BpOGNjQU5HYzN6akxlWkp2QTlvZFBFaEdmN2cKQzhleUE2OFNWY3NoK1BqejBsdzk1QVB2bE12MWptcVVSRldjRVNUTGFRMEZ4NUt3UnlWMHppWm1VdkFBRjJaeApEWmhIVWNvRlBIQXdUbDc1TkFobkhwTWxMTnA1TDd0Y1ZkeVQ4QjJHUnMrc2xRSURBUUFCbzFBd1RqQWRCZ05WCkhRNEVGZ1FVZ3YxblRQYVFKU04zTHFtNWpJalc0eEhtZEcwd0h3WURWUjBqQkJnd0ZvQVVndjFuVFBhUUpTTjMKTHFtNWpJalc0eEhtZEcwd0RBWURWUjBUQkFVd0F3RUIvekFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBSEtFQwprdEVqWU5VQ0ErbXlzejRvclc3cFJVdmhCSERWU2dzWTZlRVZSTHpmLzF5SVpFMHU2NTZrcEs2T1Q3TWhKR2xVCkt3R1NTb1VCQnpWZ1VzWmpEbTdQZ2JrNGlZem40TTF4THpiTFFCcjNNYzV6WEhlZlB2YmltaEQ1NWNMenBWRnUKVlFtQm1aVjJOalU1RHVTZFJuZGxjUGFOY2cvdU9jdlpLNEtZMUtDQkEzRW9BUUlrcHpIWDJpVU1veGlSdlpWTgpORXdnRlR0SUdCWW4wSGZML3ZnT3NIOGZWck1Va3VHMnZoR2RlWEJwWmlxL0JaSmJaZU4yckNmMmdhWDFRSXYwCkVLYmN1RnFNOThXVDVaVlpSdFgxWTNSd2V2ZzRteFlKWEN1SDZGRjlXOS9TejI5NEZ5Mk9CS0I4SkFWYUV4OW4KMS9pNmZJZmZHbkhUWFdIc1ZRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
     rules:

install/helm/agones/templates/namespace.yaml

@@ -15,7 +15,7 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: {{ .Values.namespace }}
+  name: {{ .Values.agones.namespace }}
   labels:
     app: {{ template "agones.name" . }}
     chart: {{ template "agones.chart" . }}

install/helm/agones/templates/service.yaml

@@ -16,7 +16,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: agones-controller-service
-  namespace: {{ .Values.namespace }}
+  namespace: {{ .Values.agones.namespace }}
   labels:
     component: controller
     app: {{ template "agones.name" . }}

install/helm/agones/templates/serviceaccounts/controller.yaml

@@ -15,8 +15,8 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ .Values.serviceaccount.controller }}
-  namespace: {{ .Values.namespace }}
+  name: {{ .Values.agones.serviceaccount.controller }}
+  namespace: {{ .Values.agones.namespace }}
   labels:
     app: {{ template "agones.name" . }}
     chart: {{ template "agones.chart" . }}
@@ -26,8 +26,8 @@ metadata:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: {{ .Values.serviceaccount.controller }}
-  namespace: {{ .Values.namespace }}
+  name: {{ .Values.agones.serviceaccount.controller }}
+  namespace: {{ .Values.agones.namespace }}
   labels:
     app: {{ template "agones.name" . }}
     chart: {{ template "agones.chart" . }}
@@ -56,18 +56,18 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: {{ .Values.serviceaccount.controller }}-access
-  namespace: {{ .Values.namespace }}
+  name: {{ .Values.agones.serviceaccount.controller }}-access
+  namespace: {{ .Values.agones.namespace }}
   labels:
     app: {{ template "agones.name" . }}
     chart: {{ template "agones.chart" . }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
 subjects:
 - kind: User
-  name: system:serviceaccount:{{ .Values.namespace }}:{{ .Values.serviceaccount.controller }}
+  name: system:serviceaccount:{{ .Values.agones.namespace }}:{{ .Values.agones.serviceaccount.controller }}
   apiGroup: rbac.authorization.k8s.io
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: {{ .Values.serviceaccount.controller }}
+  name: {{ .Values.agones.serviceaccount.controller }}

install/helm/agones/templates/serviceaccounts/sdk.yaml

@@ -11,22 +11,24 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
+{{- range .Values.gameservers.namespaces }}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ .Values.serviceaccount.sdk }}
+  name: {{ $.Values.agones.serviceaccount.sdk }}
+  namespace: {{ . }}
   labels:
-    app: {{ template "agones.name" . }}
-    chart: {{ template "agones.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
+    app: {{ template "agones.name" $ }}
+    chart: {{ template "agones.chart" $ }}
+    release: {{ $.Release.Name }}
+    heritage: {{ $.Release.Service }}
 ---
+{{- end }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: {{ .Values.serviceaccount.sdk }}
-  namespace: {{ .Values.namespace }}
+  name: {{ .Values.agones.serviceaccount.sdk }}
+  namespace: {{ .Values.agones.namespace }}
   labels:
     app: {{ template "agones.name" . }}
     chart: {{ template "agones.chart" . }}
@@ -37,21 +39,24 @@ rules:
   resources: ["gameservers"]
   verbs: ["get", "update"]
 ---
+{{- range .Values.gameservers.namespaces }}
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
+kind: RoleBinding
 metadata:
-  name: {{ .Values.serviceaccount.sdk }}-access
-  namespace: {{ .Values.namespace }}
+  name: {{ $.Values.agones.serviceaccount.sdk }}-access
+  namespace: {{ . }}
   labels:
-    app: {{ template "agones.name" . }}
-    chart: {{ template "agones.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
+    app: {{ template "agones.name" $ }}
+    chart: {{ template "agones.chart" $ }}
+    release: {{ $.Release.Name }}
+    heritage: {{ $.Release.Service }}
 subjects:
 - kind: User
-  name: system:serviceaccount:default:{{ .Values.serviceaccount.sdk }}
+  name: system:serviceaccount:{{ . }}:{{ $.Values.agones.serviceaccount.sdk }}
   apiGroup: rbac.authorization.k8s.io
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: {{ .Values.serviceaccount.sdk }}
+  name: {{ $.Values.agones.serviceaccount.sdk }}
+---
+{{- end }}