Allow specifying ClusterRole when deploying Replicated SDK (#218)

Author: divolgin

chart/templates/replicated-clusterrolebinding.yaml

@@ -0,0 +1,17 @@
+{{ if and .Values.clusterRole (not .Values.serviceAccountName) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    {{- include "replicated.labels" . | nindent 4 }}
+  name: {{ include "replicated.roleBindingName" . }}
+  namespace: {{ include "replicated.namespace" . | quote }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.clusterRole }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "replicated.serviceAccountName" . }}
+  namespace: {{ include "replicated.namespace" . | quote }}
+{{ end }}

chart/templates/replicated-role.yaml

@@ -1,4 +1,4 @@
-{{ if not .Values.serviceAccountName }}
+{{ if and (not .Values.serviceAccountName) (not .Values.clusterRole) }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:

chart/templates/replicated-rolebinding.yaml

@@ -1,4 +1,4 @@
-{{ if not .Values.serviceAccountName }}
+{{ if and (not .Values.serviceAccountName) (not .Values.clusterRole) }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:

chart/values.yaml.tmpl

@@ -34,6 +34,7 @@ statusInformers: null
 replicatedAppEndpoint: ""
 
 serviceAccountName: ""
+clusterRole: ""
 imagePullSecrets: []
 nameOverride: ""
 namespaceOverride: ""