feat: add clusterrole/binding support in the chart

Author: rasta-rocket

README.md

@@ -219,6 +219,7 @@ helm delete --namespace test my-application
 | rbac.serviceAccount.additionalLabels | object | `nil` | Additional labels for Service Account. |
 | rbac.serviceAccount.annotations | object | `nil` | Annotations for Service Account. |
 | rbac.roles | list | `nil` | Namespaced Roles. |
+| rbac.clusterRoles | list | `nil` | ClusterRoles (Clusterwide) |
 
 ### ConfigMap Parameters
 

application/templates/clusterrole.yaml

@@ -0,0 +1,20 @@
+{{- if and .Values.rbac.enabled .Values.rbac.clusterRoles }}
+{{- range .Values.rbac.clusterRoles }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+  {{- include "application.labels" $ | nindent 4 }}
+{{- if $.Values.rbac.additionalLabels }}
+{{ toYaml $.Values.rbac.additionalLabels | indent 4 }}
+{{- end }}
+{{- if $.Values.rbac.annotations }}
+  annotations:
+{{ toYaml $.Values.rbac.annotations | indent 4 }}
+{{- end }}
+  name: {{ template "application.name" $ }}-clusterrole-{{ .name }}
+rules:
+{{ toYaml .rules | indent 2 }}
+---
+{{- end }}
+{{- end }}

application/templates/clusterrolebinding.yaml

@@ -0,0 +1,30 @@
+{{- if and .Values.rbac.enabled .Values.rbac.clusterRoles }}
+{{- range .Values.rbac.clusterRoles }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+  {{- include "application.labels" $ | nindent 4 }}
+{{- if $.Values.rbac.additionalLabels }}
+{{ toYaml $.Values.rbac.additionalLabels | indent 4 }}
+{{- end }}
+{{- if $.Values.rbac.annotations }}
+  annotations:
+{{ toYaml $.Values.rbac.annotations | indent 4 }}
+{{- end }}
+  name: {{ template "application.name" $ }}-clusterrolebinding-{{ .name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "application.name" $ }}-clusterrole-{{ .name }}
+subjects:
+  - kind: ServiceAccount
+  {{- if $.Values.rbac.serviceAccount.name }}
+    name: {{ $.Values.rbac.serviceAccount.name }}
+  {{- else }}
+    name: {{ template "application.name" $ }}
+  {{- end }}
+    namespace: {{ $.Release.Namespace }}
+---
+{{- end }}
+{{- end }}

application/values.yaml

@@ -719,6 +719,28 @@ rbac:
   #     verbs:
   #     - get
 
+  # -- (list) ClusterRoles (Clusterwide)
+  # @section -- RBAC Parameters
+  clusterRoles:
+  # - name: configmaps
+  #   rules:
+  #   - apiGroups:
+  #     - ""
+  #     resources:
+  #     - configmaps
+  #     verbs:
+  #     - get
+  # - name: pods
+  #   rules:
+  #   - apiGroups:
+  #     - ""
+  #     resources:
+  #     - pods
+  #     verbs:
+  #     - get
+  #     - list
+  #     - watch
+
 configMap:
   # -- (bool) Deploy additional ConfigMaps.
   # @section -- ConfigMap Parameters