diff --git a/chart/templates/replicated-clusterrolebinding.yaml b/chart/templates/replicated-clusterrolebinding.yaml new file mode 100644 index 0000000..66d2e29 --- /dev/null +++ b/chart/templates/replicated-clusterrolebinding.yaml @@ -0,0 +1,17 @@ +{{ if and .Values.clusterRole (not .Values.serviceAccountName) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "replicated.labels" . | nindent 4 }} + name: {{ include "replicated.roleBindingName" . }} + namespace: {{ include "replicated.namespace" . | quote }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Values.clusterRole }} +subjects: +- kind: ServiceAccount + name: {{ include "replicated.serviceAccountName" . }} + namespace: {{ include "replicated.namespace" . | quote }} +{{ end }} \ No newline at end of file diff --git a/chart/templates/replicated-role.yaml b/chart/templates/replicated-role.yaml index 452f680..52b6993 100644 --- a/chart/templates/replicated-role.yaml +++ b/chart/templates/replicated-role.yaml @@ -1,4 +1,4 @@ -{{ if not .Values.serviceAccountName }} +{{ if and (not .Values.serviceAccountName) (not .Values.clusterRole) }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: diff --git a/chart/templates/replicated-rolebinding.yaml b/chart/templates/replicated-rolebinding.yaml index 861de25..5685512 100644 --- a/chart/templates/replicated-rolebinding.yaml +++ b/chart/templates/replicated-rolebinding.yaml @@ -1,4 +1,4 @@ -{{ if not .Values.serviceAccountName }} +{{ if and (not .Values.serviceAccountName) (not .Values.clusterRole) }} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: diff --git a/chart/values.yaml.tmpl b/chart/values.yaml.tmpl index 170abbc..28c842d 100644 --- a/chart/values.yaml.tmpl +++ b/chart/values.yaml.tmpl @@ -34,6 +34,7 @@ statusInformers: null replicatedAppEndpoint: "" serviceAccountName: "" +clusterRole: "" imagePullSecrets: [] nameOverride: "" namespaceOverride: ""