Add LeaderElection role to helm chart template

a-hilaly · a-hilaly · commit e5904430e90d · 2023-09-06T14:02:33.000-05:00
diff --git a/pkg/generate/ack/release.go b/pkg/generate/ack/release.go
@@ -33,6 +33,8 @@ var (
 		"helm/templates/role-reader.yaml.tpl",
 		"helm/templates/role-writer.yaml.tpl",
 		"helm/templates/_controller-role-kind-patch.yaml.tpl",
+		"helm/templates/leader_election_role.yaml.tpl",
+		"helm/templates/leader_election_role_binding.yaml.tpl",
 	}
 	releaseIncludePaths = []string{
 		"config/controller/kustomization_def.yaml.tpl",
diff --git a/templates/config/rbac/leader_election_role.yaml.tpl b/templates/config/rbac/leader_election_role.yaml.tpl
@@ -3,19 +3,8 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: {{.ServicePackageName}}-leader-election-role
+  namespace: default
 rules:
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
 - apiGroups:
   - coordination.k8s.io
   resources:
@@ -34,4 +23,4 @@ rules:
   - events
   verbs:
   - create
-  - patch
+  - patch
diff --git a/templates/helm/templates/leader_election_role.yaml.tpl b/templates/helm/templates/leader_election_role.yaml.tpl
@@ -0,0 +1,32 @@
+
+{{- "{{ if .Values.leaderElection.enabled }}" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{.ServicePackageName}}-leader-election-role
+{{- "{{ if .Values.leaderElection.namespace }}" }}
+  namespace: {{ "{{ .Values.leaderElection.namespace }}" }}
+{{- "{{ else }}" }}
+  namespace: {{ "{{ .Release.Namespace }}" }}
+{{- "{{ end }}" }}
+rules:
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+{{- "{{- end }}" }}
diff --git a/templates/helm/templates/leader_election_role_binding.yaml.tpl b/templates/helm/templates/leader_election_role_binding.yaml.tpl
@@ -0,0 +1,19 @@
+{{- "{{ if .Values.leaderElection.enabled }}" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{.ServicePackageName}}-leader-election-rolebinding
+{{- "{{ if .Values.leaderElection.namespace }}" }}
+  namespace: {{ "{{ .Values.leaderElection.namespace }}" }}
+{{- "{{ else }}" }}
+  namespace: {{ "{{ .Release.Namespace }}" }}
+{{- "{{ end }}" }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{.ServicePackageName}}-leader-election-role
+subjects:
+- kind: ServiceAccount
+  name: {{.ServiceAccountName}}
+  namespace: {{ "{{ .Release.Namespace }}" }}
+{{- "{{- end }}" }}
diff --git a/templates/helm/values.schema.json b/templates/helm/values.schema.json
@@ -236,6 +236,9 @@
       "properties": {
         "enabled": {
           "type": "boolean"
+        },
+        "namespace": {
+          "type": "string"
         }
       },
       "type": "object"

Original file line number	Diff line number	Diff line change
`@@ -33,6 +33,8 @@ var (`
`33`	`33`	`"helm/templates/role-reader.yaml.tpl",`
`34`	`34`	`"helm/templates/role-writer.yaml.tpl",`
`35`	`35`	`"helm/templates/_controller-role-kind-patch.yaml.tpl",`
	`36`	`+ "helm/templates/leader_election_role.yaml.tpl",`
	`37`	`+ "helm/templates/leader_election_role_binding.yaml.tpl",`
`36`	`38`	`}`
`37`	`39`	`releaseIncludePaths = []string{`
`38`	`40`	`"config/controller/kustomization_def.yaml.tpl",`