Merge pull request #8 from minrk/rbac

add ClusterRole to chart via rbac.create

kbatch/templates/rbac.yaml

@@ -0,0 +1,59 @@
+{{- if .Values.rbac.create }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "kbatch-proxy.fullname" . }}
+rules:
+  - apiGroups:
+      - batch
+    resources:
+      - jobs
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+      - pods/log
+      - configmaps
+      - secrets
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "kbatch-proxy.fullname" . }}
+subjects:
+  - kind: User
+    name: {{ include "kbatch-proxy.serviceAccountName" . }}
+    apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: ClusterRole
+  name: {{ include "kbatch-proxy.fullname" . }}
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}

kbatch/values.yaml

@@ -16,6 +16,9 @@ imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
 
+rbac:
+  create: true
+
 serviceAccount:
   # Specifies whether a service account should be created
   create: true