From 78f6ce5e77de192870464078c42bbcf1ac1a7911 Mon Sep 17 00:00:00 2001
From: Valeriano Manassero
 <14011549+valeriano-manassero@users.noreply.github.com>
Date: Tue, 7 Mar 2023 10:41:34 +0100
Subject: [PATCH] Added: external rb and crb support

---
 .../templates/agentk8sglue-rbac.yaml          | 30 +++++++++++++++++++
 charts/clearml-agent/values.yaml              |  6 ++++
 2 files changed, 36 insertions(+)

diff --git a/charts/clearml-agent/templates/agentk8sglue-rbac.yaml b/charts/clearml-agent/templates/agentk8sglue-rbac.yaml
index f1693ca..8e6503c 100644
--- a/charts/clearml-agent/templates/agentk8sglue-rbac.yaml
+++ b/charts/clearml-agent/templates/agentk8sglue-rbac.yaml
@@ -86,3 +86,33 @@ roleRef:
   kind: Role
   name: {{ include "clearmlAgent.name" . }}-kpa
 {{- end }}
+{{- range .Values.agentk8sglue.additionalClusterRoleBindings }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "clearmlAgent.name" $ }}-kpa-{{ . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "clearmlAgent.serviceAccountName" $ }}
+    namespace: {{ $.Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ . }}
+{{- end }}
+{{- range .Values.agentk8sglue.additionalRoleBindings }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "clearmlAgent.name" $ }}-kpa-{{ . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "clearmlAgent.serviceAccountName" $ }}
+    namespace: {{ $.Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ . }}
+{{- end }}
diff --git a/charts/clearml-agent/values.yaml b/charts/clearml-agent/values.yaml
index 30e05de..659f0ad 100644
--- a/charts/clearml-agent/values.yaml
+++ b/charts/clearml-agent/values.yaml
@@ -81,6 +81,12 @@ agentk8sglue:
   securityContext: {}
     #  runAsUser: 1001
     #  fsGroup: 1001
+  # -- additional existing ClusterRoleBindings
+  additionalClusterRoleBindings: []
+    # - privileged
+  # -- additional existing RoleBindings
+  additionalRoleBindings: []
+    # - privileged
   # -- nodeSelector setup for Agent pod (example in values.yaml comments)
   nodeSelector: {}
     # fleet: agent-nodes