Create clusterRole only on request

Author: zeisss

README.md

@@ -132,6 +132,6 @@ kubectl create secret generic cb-ingestion-token \
   --from-literal=INGESTION_API_TOKEN=hahaha \
   -n cloudbolt-collector
 
-helm upgrade --install cloudbolt-collector ./ -f values.yaml --namespace cloudbolt-collector --create-namespace --set INGESTION_API_URL=$INGESTION_API_URL --set prometheusBaseUrl=$PROMETHEUS_BASE_URL --set coreapiBaseUrl=$COREAPI_BASE_URL --set DEBUG=true
+helm upgrade --install cloudbolt-collector ./ -f values.yaml --namespace cloudbolt-collector --create-namespace --set INGESTION_API_URL=$INGESTION_API_URL --set prometheusBaseUrl=$PROMETHEUS_BASE_URL --set coreapiBaseUrl=$COREAPI_BASE_URL --set DEBUG=true --set clusterRole.create=true
 
 helm upgrade --install cloudbolt-collector ./ -f values.yaml --namespace cloudbolt-collector --create-namespace --set INGESTION_API_URL="https://c1i3z7ha68.execute-api.us-west-2.amazonaws.com/v1/data-ingest-api-dev-v1" --set DEBUG=true

templates/clusterrole-nodes.yml

@@ -1,4 +1,27 @@
+{{/* ClusterRoles don't seem to be required on OpenShift */}}
+{{- if .Values.clusterRole.create -}}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "cloudbolt-collector-helm.fullname" . }}-nodes-access
+rules:
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "cloudbolt-collector-helm.fullname" . }}-pv-access
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list"]
+{{ end }}
+
 {{- if .Values.serviceAccount.create -}}
+---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:

templates/clusterrole-pv.yml

@@ -10,6 +10,9 @@ INGESTION_API_URL: ""
 prometheusBaseUrl: ""
 coreapiBaseUrl: ""
 
+clusterRole:
+  # Set to true to create a ClusterRoles for the collector
+  create: false
 image:
   repository: cloudboltsoftware/cloudbolt-collector
   pullPolicy: Always