Add kustomization for resource list extension

Add kustomization resources for the new Deployment, Service, APIService
and cert-manager configuration for the resource list extension.

Author: cmurphy

config/apiextension/apiextension.yaml

@@ -0,0 +1,120 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: resourcelist
+rules:
+- apiGroups:
+  - "*"
+  resources:
+  - "*"
+  verbs:
+  - get
+  - list
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: resourcelist
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: resourcelist
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: hnc-system
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: resourcelist
+  name: resourcelist
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: resourcelist
+  template:
+    metadata:
+      labels:
+        app: resourcelist
+    spec:
+      securityContext:
+        fsGroup: 2000
+        runAsNonRoot: true
+        runAsUser: 1000
+      containers:
+      - image: controller:latest # this is usually overridden by kustomize
+        name: resourcelist
+        command:
+        - /apiextension
+        args:
+        - "--cert=/certs/tls.crt"
+        - "--key=/certs/tls.key"
+        imagePullPolicy: IfNotPresent
+        volumeMounts:
+        - name: certs
+          mountPath: /certs
+        securityContext:
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          seccompProfile:
+            type: RuntimeDefault
+          capabilities:
+            drop: ["ALL"]
+        ports:
+        - containerPort: 7443
+          name: server
+          protocol: TCP
+      volumes:
+      - secret:
+          defaultMode: 420
+          secretName: hnc-resourcelist
+        name: certs
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: resourcelist
+  name: resourcelist
+spec:
+  ports:
+  - port: 7443
+    protocol: TCP
+    targetPort: 7443
+  selector:
+    app: resourcelist
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: resourcelist
+spec:
+  dnsNames:
+  - hnc-resourcelist.hnc-system.svc
+  - hnc-resourcelist.hnc-system.svc.cluster.local
+  issuerRef:
+    kind: Issuer
+    name: selfsigned-issuer
+  secretName: hnc-resourcelist
+---
+apiVersion: apiregistration.k8s.io/v1
+kind: APIService
+metadata:
+  name: v1alpha2.resources.hnc.x-k8s.io
+  annotations:
+    cert-manager.io/inject-ca-from: hnc-system/hnc-resourcelist
+spec:
+  group: resources.hnc.x-k8s.io
+  version: v1alpha2
+  groupPriorityMinimum: 10
+  versionPriority: 10
+  service:
+    namespace: hnc-system
+    name: resourcelist
+    port: 7443

config/apiextension/kustomization.yaml

@@ -0,0 +1,2 @@
+resources:
+- apiextension.yaml

config/variants/default-cc/kustomization.yaml

@@ -14,6 +14,7 @@ bases:
 - ../../manager
 - ../../rbac
 - ../../webhook
+- ../../apiextension
 
 patches:
 - patch: |-

config/variants/default-cm/kustomization.yaml

@@ -14,6 +14,7 @@ bases:
 - ../../manager
 - ../../rbac
 - ../../webhook
+- ../../apiextension
 
 patchesStrategicMerge:
 - webhookcainjection_patch.yaml

config/variants/hrq/kustomization.yaml

@@ -14,6 +14,7 @@ bases:
 - ../../manager
 - ../../rbac
 - ../../webhook
+- ../../apiextension
 
 patchesStrategicMerge:
 - webhook_patch.yaml