From f1080f572236440d206be6bd39f67d577ca847b4 Mon Sep 17 00:00:00 2001
From: Laurentiu Soica <laurentiu@soica.ro>
Date: Sat, 22 Jun 2024 17:17:56 +0300
Subject: [PATCH] feat: allow rbac to pe externally provisioned (#1005)

* feat: allow rbac to pe externally provisioned

Signed-off-by: laurentiusoica <laurentiu.soica@spirent.com>

* fix: add new parameter in docs

Signed-off-by: laurentiusoica <laurentiu.soica@spirent.com>

---------

Signed-off-by: laurentiusoica <laurentiu.soica@spirent.com>
Co-authored-by: laurentiusoica <laurentiu.soica@spirent.com>
---
 charts/redis-operator/readme.md                      | 1 +
 charts/redis-operator/templates/role-binding.yaml    | 2 ++
 charts/redis-operator/templates/role.yaml            | 2 ++
 charts/redis-operator/templates/service-account.yaml | 2 ++
 charts/redis-operator/values.yaml                    | 2 ++
 5 files changed, 9 insertions(+)

diff --git a/charts/redis-operator/readme.md b/charts/redis-operator/readme.md
index 9490f52ab..63c12c6ca 100644
--- a/charts/redis-operator/readme.md
+++ b/charts/redis-operator/readme.md
@@ -92,6 +92,7 @@ kubectl create secret tls <webhook-server-cert> --key tls.key --cert tls.crt -n
 | `resources.requests.cpu`                      | CPU request                            | `500m`                                           |
 | `resources.requests.memory`                   | Memory request                         | `500Mi`                                          |
 | `replicas`                                    | Number of replicas                     | `1`                                              |
+| `rbac.enabled`                                | Feature flag for rbac resources        | `true`                                           |
 | `serviceAccountName`                          | Service account name                   | `redis-operator`                                 |
 | `serviceAccount.automountServiceAccountToken` | Automount service account token        | `true`                                           |
 | `certificate.name`                            | Certificate name                       | `serving-cert`                                   |
diff --git a/charts/redis-operator/templates/role-binding.yaml b/charts/redis-operator/templates/role-binding.yaml
index a1aaa585d..1ea08b001 100644
--- a/charts/redis-operator/templates/role-binding.yaml
+++ b/charts/redis-operator/templates/role-binding.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.rbac.enabled }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -19,3 +20,4 @@ roleRef:
   kind: ClusterRole
   name: {{ .Values.redisOperator.name }}
   apiGroup: rbac.authorization.k8s.io
+{{- end }}
diff --git a/charts/redis-operator/templates/role.yaml b/charts/redis-operator/templates/role.yaml
index 600e1be8b..61b89710b 100644
--- a/charts/redis-operator/templates/role.yaml
+++ b/charts/redis-operator/templates/role.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.rbac.enabled }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -124,3 +125,4 @@ rules:
   - patch
   - update
   - watch
+{{- end }}
diff --git a/charts/redis-operator/templates/service-account.yaml b/charts/redis-operator/templates/service-account.yaml
index 085089e06..024f7ec2d 100644
--- a/charts/redis-operator/templates/service-account.yaml
+++ b/charts/redis-operator/templates/service-account.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.rbac.enabled }}
 ---
 apiVersion: v1
 kind: ServiceAccount
@@ -13,3 +14,4 @@ metadata:
     app.kubernetes.io/version : {{ .Chart.AppVersion }}
     app.kubernetes.io/component: service-account
     app.kubernetes.io/part-of : {{ .Release.Name }}
+{{- end }}
diff --git a/charts/redis-operator/values.yaml b/charts/redis-operator/values.yaml
index bd65e00ee..47ef96d48 100644
--- a/charts/redis-operator/values.yaml
+++ b/charts/redis-operator/values.yaml
@@ -30,6 +30,8 @@ resources:
 
 replicas: 1
 
+rbac:
+  enabled: true
 serviceAccountName: redis-operator
 
 serviceAccount: