add rbac to gke-preemptible-notifier chart

charts/gke-preemptible-notifier/Chart.yaml

@@ -3,8 +3,8 @@ name: gke-preemptible-notifier
 description: |-
   Helm chart to deploy [gke-preemptible-notifier](https://github.com/slamdev/gke-preemptible-notifier/).
 type: application
-version: 0.0.1
-appVersion: "v0.0.2"
+version: 0.0.2
+appVersion: "v0.0.3"
 home: https://github.com/slamdev/helm-charts/tree/master/charts/gke-preemptible-notifier
 maintainers:
   - name: slamdev

charts/gke-preemptible-notifier/README.md

@@ -2,7 +2,7 @@ gke-preemptible-notifier
 ========================
 Helm chart to deploy [gke-preemptible-notifier](https://github.com/slamdev/gke-preemptible-notifier/).
 
-Current chart version is `0.0.1`
+Current chart version is `0.0.2`
 
 Source code can be found [here](https://github.com/slamdev/helm-charts/tree/master/charts/gke-preemptible-notifier)
 
@@ -26,8 +26,7 @@ Source code can be found [here](https://github.com/slamdev/helm-charts/tree/mast
 | resources | object | `{}` | custom resource configuration |
 | securityContext | object | `{}` | specifies security settings for a container |
 | serviceAccount.annotations | object | `{}` | annotations to add to the service account |
-| serviceAccount.create | bool | `false` | specifies whether a service account should be created |
-| serviceAccount.name | string | `nil` | the name of the service account to use; if not set and create is true, a name is generated using the fullname template |
+| serviceAccount.name | string | `nil` | the name of the service account to use; if not set, a name is generated using the fullname template |
 | tolerations | list | `[]` | tolerations for scheduler pod assignment |
 | volumeMounts | list | `[]` | additional volume mounts |
 | volumes | list | `[]` | volumes |

charts/gke-preemptible-notifier/templates/_helpers.tpl

@@ -55,11 +55,7 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 Create the name of the service account to use
 */}}
 {{- define "gke-preemptible-notifier.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create -}}
     {{ default (include "gke-preemptible-notifier.fullname" .) .Values.serviceAccount.name }}
-{{- else -}}
-    {{ default "default" .Values.serviceAccount.name }}
-{{- end -}}
 {{- end -}}
 
 {{/*

charts/gke-preemptible-notifier/templates/rbac.yaml

@@ -0,0 +1,27 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "gke-preemptible-notifier.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+rules:
+  - apiGroups:
+      - ''
+    resources:
+      - pods
+      - nodes
+    verbs:
+      - get
+      - list
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "gke-preemptible-notifier.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "gke-preemptible-notifier.serviceAccountName" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "gke-preemptible-notifier.serviceAccountName" . }}

charts/gke-preemptible-notifier/templates/serviceaccount.yaml

@@ -1,4 +1,3 @@
-{{- if .Values.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@@ -10,4 +9,3 @@ metadata:
   annotations:
     {{- toYaml . | nindent 4 }}
   {{- end }}
-{{- end -}}

charts/gke-preemptible-notifier/values.yaml

@@ -14,11 +14,9 @@ nameOverride: ""
 fullnameOverride: ""
 
 serviceAccount:
-  # serviceAccount.create -- specifies whether a service account should be created
-  create: false
   # serviceAccount.annotations -- annotations to add to the service account
   annotations: {}
-  # serviceAccount.name -- the name of the service account to use; if not set and create is true, a name is generated using the fullname template
+  # serviceAccount.name -- the name of the service account to use; if not set, a name is generated using the fullname template
   name:
 
 # podSecurityContext -- specifies security settings for a pod