{{ if .Values.serviceAccount.create }} {{- $fullName := include "chart.fullname" . -}} {{- $data := dict "Chart" .Chart "Release" .Release "Values" .Values -}} apiVersion: v1 kind: ServiceAccount metadata: name: {{ $fullName }} labels: {{- include "chart.labels" $data | nindent 4 }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{ $fullName }} labels: {{- include "chart.labels" $data | nindent 4 }} rules: - apiGroups: - databases.spotahome.com resources: - redisfailovers - redisfailovers/finalizers verbs: - create - delete - get - list - patch - update - watch - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - create - delete - get - list - patch - update - watch - apiGroups: - coordination.k8s.io resources: - leases verbs: - create - get - list - update - apiGroups: - "" resources: - pods - services - endpoints - events - configmaps - persistentvolumeclaims - persistentvolumeclaims/finalizers verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - secrets verbs: - "get" - apiGroups: - apps resources: - deployments - statefulsets verbs: - create - delete - get - list - patch - update - watch - apiGroups: - policy resources: - poddisruptionbudgets verbs: - create - delete - get - list - patch - update - watch --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ $fullName }} subjects: - kind: ServiceAccount name: {{ $fullName }} namespace: {{ .Release.Namespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: {{ $fullName }} {{- end }}