{{- if .Values.clustered }}
{{- $service_account := tpl .Values.templates.service_account . }}
{{- $role := tpl .Values.templates.k8s_role . }}
{{- $rolebinding := tpl .Values.templates.k8s_rolebinding . }}
{{- with $app := .Values.application.name }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: {{ $service_account }}
  labels:
    app: {{ $app }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: {{ $role }}
  labels:
    app: {{ $app }}
rules:
- apiGroups:
  - ""
  resources:
  - endpoints
  verbs:
  - create
  - delete
  - deletecollection
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - ""
  resources:
  - namespaces
  verbs:
  - get
  - list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: {{ $rolebinding }}
  labels:
    app: {{ $app }}
subjects:
  - kind: ServiceAccount
    name: {{ $service_account }}
roleRef:
  kind: Role
  name: {{ $role }}
  apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end }}