feat(lacework-agent) Optionally create clusterAgent templated resources

When using clusterAgent.enable make optional creating the rbac resources by setting clusterAgent.createRoleBinding: to create the ClusterRoleBinding clusterAgent.createRole: to create the ClusterRole clusterAgent.createServiceAccount: to create the ServiceAccount
lacework · Sep 24, 2024 · ad04999 · ad04999
1 parent daa191f
commit ad04999
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 3 deletions.
diff --git a/lacework-agent/templates/cluster-role-binding.yaml b/lacework-agent/templates/cluster-role-binding.yaml
@@ -1,4 +1,4 @@
-{{- if (.Values.clusterAgent).enable -}}
+{{- if (and (.Values.clusterAgent).enable (.Values.clusterAgent).createRoleBinding) -}}
 apiVersion: rbac.authorization.k8s.io/v1
 # This cluster role binding allows anyone in the "manager" group to read secrets in any namespace.
 kind: ClusterRoleBinding

diff --git a/lacework-agent/templates/cluster-role.yaml b/lacework-agent/templates/cluster-role.yaml
@@ -1,4 +1,4 @@
-{{- if (.Values.clusterAgent).enable -}}
+{{- if (and (.Values.clusterAgent).enable (.Values.clusterAgent).createRole) -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:

diff --git a/lacework-agent/templates/service-account.yaml b/lacework-agent/templates/service-account.yaml
@@ -1,4 +1,4 @@
-{{- if (.Values.clusterAgent).enable -}}
+{{- if (and (.Values.clusterAgent).enable (.Values.clusterAgent).createServiceAccount) -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:

diff --git a/lacework-agent/values.yaml b/lacework-agent/values.yaml
@@ -38,6 +38,9 @@ clusterAgent:
   # https://docs.lacework.net/onboarding/restricted/configure-agent-behavior-in-configjson-file#proxyurl-propert
   proxyUrl:
   hostNetworkAccess: false
+  createRoleBinding: true
+  createRole: true
+  createServiceAccount: true
   image:
     registry: docker.io
     repository: lacework/k8scollector