From a6cd75765c7c94b7de6805c1de4c2d7e88e0b95c Mon Sep 17 00:00:00 2001
From: Thuan Vo <thuan.votann@gmail.com>
Date: Sun, 21 Apr 2024 01:26:02 -0700
Subject: [PATCH] chore(rbac): rbac should only be generated when necessary

---
 charts/cryostat/templates/clusterrole.yaml | 4 ++--
 charts/cryostat/templates/rolebinding.yaml | 8 +++-----
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/charts/cryostat/templates/clusterrole.yaml b/charts/cryostat/templates/clusterrole.yaml
index e20d7b96..4aeed87c 100644
--- a/charts/cryostat/templates/clusterrole.yaml
+++ b/charts/cryostat/templates/clusterrole.yaml
@@ -1,8 +1,8 @@
-{{- if .Values.rbac.create -}}
+{{- if and .Values.rbac.create .Values.core.discovery.kubernetes.enabled -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: {{ include "cryostat.fullname" . }}
+  name: {{ include "cryostat.fullname" . }}-namespaced
   labels:
     {{- include "cryostat.labels" . | nindent 4 }}
 rules:
diff --git a/charts/cryostat/templates/rolebinding.yaml b/charts/cryostat/templates/rolebinding.yaml
index be445520..d3f7107c 100644
--- a/charts/cryostat/templates/rolebinding.yaml
+++ b/charts/cryostat/templates/rolebinding.yaml
@@ -12,7 +12,7 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: {{ include "cryostat.fullname" . }}
+  name: {{ include "cryostat.fullname" . }}-namespaced
 subjects:
 - kind: ServiceAccount
   name: {{ include "cryostat.serviceAccountName" . }}
@@ -20,13 +20,11 @@ subjects:
 {{- end -}}
 {{- end -}}
 
-{{- if .Values.rbac.create -}}
-{{- $ := . -}}
+{{- if and .Values.rbac.create .Values.core.discovery.kubernetes.enabled -}}
 {{- $watchNs := list -}}
-{{- $ownNs := .Release.Namespace -}}
 {{- range .Values.core.discovery.kubernetes.namespaces -}}
 {{- if eq . "." -}}
-{{- $watchNs = append $watchNs $ownNs -}}
+{{- $watchNs = append $watchNs $.Release.Namespace -}}
 {{- else -}}
 {{- $watchNs = append $watchNs . -}}
 {{- end -}}