From 03cda3e452fd77b4964a330978eb48b8ae57b0cc Mon Sep 17 00:00:00 2001 From: divolgin Date: Wed, 16 Oct 2024 13:31:40 -0700 Subject: [PATCH] Allow specifying ClusterRole when deploying Replicated SDK --- .../replicated-clusterrolebinding.yaml | 17 +++++++++++++++++ chart/templates/replicated-role.yaml | 2 +- chart/templates/replicated-rolebinding.yaml | 2 +- chart/values.yaml.tmpl | 1 + 4 files changed, 20 insertions(+), 2 deletions(-) create mode 100644 chart/templates/replicated-clusterrolebinding.yaml diff --git a/chart/templates/replicated-clusterrolebinding.yaml b/chart/templates/replicated-clusterrolebinding.yaml new file mode 100644 index 00000000..66d2e29a --- /dev/null +++ b/chart/templates/replicated-clusterrolebinding.yaml @@ -0,0 +1,17 @@ +{{ if and .Values.clusterRole (not .Values.serviceAccountName) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "replicated.labels" . | nindent 4 }} + name: {{ include "replicated.roleBindingName" . }} + namespace: {{ include "replicated.namespace" . | quote }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Values.clusterRole }} +subjects: +- kind: ServiceAccount + name: {{ include "replicated.serviceAccountName" . }} + namespace: {{ include "replicated.namespace" . | quote }} +{{ end }} \ No newline at end of file diff --git a/chart/templates/replicated-role.yaml b/chart/templates/replicated-role.yaml index 452f680a..52b69933 100644 --- a/chart/templates/replicated-role.yaml +++ b/chart/templates/replicated-role.yaml @@ -1,4 +1,4 @@ -{{ if not .Values.serviceAccountName }} +{{ if and (not .Values.serviceAccountName) (not .Values.clusterRole) }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: diff --git a/chart/templates/replicated-rolebinding.yaml b/chart/templates/replicated-rolebinding.yaml index 861de25c..5685512a 100644 --- a/chart/templates/replicated-rolebinding.yaml +++ b/chart/templates/replicated-rolebinding.yaml @@ -1,4 +1,4 @@ -{{ if not .Values.serviceAccountName }} +{{ if and (not .Values.serviceAccountName) (not .Values.clusterRole) }} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: diff --git a/chart/values.yaml.tmpl b/chart/values.yaml.tmpl index 170abbc2..28c842de 100644 --- a/chart/values.yaml.tmpl +++ b/chart/values.yaml.tmpl @@ -34,6 +34,7 @@ statusInformers: null replicatedAppEndpoint: "" serviceAccountName: "" +clusterRole: "" imagePullSecrets: [] nameOverride: "" namespaceOverride: ""