From 8a70fad76a490c5f477062da140b181d9930e172 Mon Sep 17 00:00:00 2001
From: dunemask <elijah@dunemask.net>
Date: Wed, 24 Jan 2024 17:25:43 +0000
Subject: [PATCH] [FEATURE] Cluster Wide Helm Value Toggle (#10)

Co-authored-by: Dunemask <dunemask@gmail.com>
Reviewed-on: https://gitea.dunemask.dev/elysium/minecluster/pulls/10
---
 templates/clusterrole-binding.yaml | 14 ++++++++++++++
 templates/clusterrole.yaml         | 27 +++++++++++++++++++++++++++
 values.yaml                        |  1 +
 3 files changed, 42 insertions(+)
 create mode 100644 templates/clusterrole-binding.yaml
 create mode 100644 templates/clusterrole.yaml

diff --git a/templates/clusterrole-binding.yaml b/templates/clusterrole-binding.yaml
new file mode 100644
index 0000000..0a5e7d4
--- /dev/null
+++ b/templates/clusterrole-binding.yaml
@@ -0,0 +1,14 @@
+{{- if and (.Values.serviceAccount.create) (.Values.serviceAccount.clusterWide) -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "minecluster.serviceAccountName" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "minecluster.serviceAccountName" . }}
+  namespace: {{ .Values.mcl.deploymentNamespace | default .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ include "minecluster.serviceAccountName" . }}
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
diff --git a/templates/clusterrole.yaml b/templates/clusterrole.yaml
new file mode 100644
index 0000000..a0fb3e5
--- /dev/null
+++ b/templates/clusterrole.yaml
@@ -0,0 +1,27 @@
+{{- if and (.Values.serviceAccount.create) (.Values.serviceAccount.clusterWide) -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "minecluster.serviceAccountName" . }}
+rules:
+- apiGroups: ["apps"]
+  resources:
+  - deployments
+  verbs: ["get", "list", "watch", "create", "patch", "update", "delete"]
+- apiGroups: [""]
+  resources:
+  - nodes
+  verbs: ["list"]
+- apiGroups: [""]
+  resources:
+  - services
+  - pods
+  - pods/log
+  - containers
+  - persistentvolumeclaims
+  - secrets
+  verbs: ["get", "list", "watch", "create", "patch", "update", "delete"]
+- apiGroups: ["metrics.k8s.io"]
+  resources: ["pods"]
+  verbs: ["list"]
+{{- end }}
diff --git a/values.yaml b/values.yaml
index 2339df8..922fb54 100644
--- a/values.yaml
+++ b/values.yaml
@@ -15,6 +15,7 @@ nameOverride: ""
 fullnameOverride: ""
 
 serviceAccount:
+  clusterWide: false
   # Specifies whether a service account should be created
   create: true
   # Annotations to add to the service account