make ClusterRole opt-in

Signed-off-by: Willem Monsuwe <[email protected]>
tinkerbell · Sep 2, 2024 · 14cfec7 · 14cfec7
1 parent 306bd65
commit 14cfec7
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 3 deletions.
diff --git a/tinkerbell/hegel/templates/deployment.yaml b/tinkerbell/hegel/templates/deployment.yaml
@@ -32,6 +32,9 @@ spec:
         - args:
           - --backend=kubernetes
           - --http-addr=:{{ .Values.deployment.port }}
+          {{- if not .Values.allNamespaces }}
+          - --kubernetes-namespace={{ .Release.Namespace }}
+          {{- end }}
           {{- range .Values.args }}
           - {{ . }}
           {{- end }}

diff --git a/tinkerbell/hegel/templates/role.yaml b/tinkerbell/hegel/templates/role.yaml
@@ -1,6 +1,7 @@
 {{- if .Values.deploy }}
+{{- $roleKind := .Values.allNamespaces | ternary "ClusterRole" "Role" }}
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
+kind: {{ $roleKind }}
 metadata:
   name: {{ .Values.roleName }}
 rules:

diff --git a/tinkerbell/hegel/templates/rolebinding.yaml b/tinkerbell/hegel/templates/rolebinding.yaml
@@ -1,11 +1,12 @@
 {{- if .Values.deploy }}
+{{- $roleKind := .Values.allNamespaces | ternary "ClusterRole" "Role" }}
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
+kind: {{ $roleKind }}Binding
 metadata:
   name: {{ .Values.roleBindingName }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
+  kind: {{ $roleKind }}
   name: {{ .Values.roleName }}
 subjects:
   - kind: ServiceAccount

diff --git a/tinkerbell/hegel/values.yaml b/tinkerbell/hegel/values.yaml
@@ -27,3 +27,5 @@ trustedProxies: []
 singleNodeClusterConfig:
   controlPlaneTolerationsEnabled: false
   nodeAffinityWeight: 1
+
+allNamespaces: false