From 1d3fdfec0f8806a490d23113794e53e63316da29 Mon Sep 17 00:00:00 2001
From: Alexander Andryashin <aandryashin@gmail.com>
Date: Wed, 22 Sep 2021 22:30:02 +0300
Subject: [PATCH] Add resourcequota control.

---
 moon/templates/moon.yaml | 26 ++++++++++++++++++++++++++
 moon/values.yaml         |  5 +++++
 2 files changed, 31 insertions(+)

diff --git a/moon/templates/moon.yaml b/moon/templates/moon.yaml
index d224d9b..4b70327 100644
--- a/moon/templates/moon.yaml
+++ b/moon/templates/moon.yaml
@@ -17,6 +17,7 @@ metadata:
   namespace: {{ .Release.Namespace }}
   name: {{ .Release.Name }}
 rules:
+{{- if .Values.moon.resourcequotacontrol }}
 - apiGroups:
   - ""
   resources:
@@ -33,6 +34,31 @@ rules:
   - update
   - patch
   - delete
+{{- else }}
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - pods/log
+  - configmaps
+  - secrets
+  verbs:
+  - get
+  - watch
+  - list
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - resourcequotas
+  verbs:
+  - get
+  - watch
+  - list
+{{- end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
diff --git a/moon/values.yaml b/moon/values.yaml
index 3bc0023..886b193 100644
--- a/moon/values.yaml
+++ b/moon/values.yaml
@@ -6,6 +6,11 @@ moon:
   enabled:
     resources: true
 
+  ##
+  ## Global flag to enable/disable resource quota control pod limits (by default Moon has permissions to update resourcequota)
+  ##
+  resourcequotacontrol: true
+
   ##
   ## Optionally add annotations to the service account generated byt the chart
   ## This is necessary if you intend to use the moon service account for