{{ if not .Values.yugaware.serviceAccount }}
apiVersion: v1
kind: ServiceAccount
metadata:
  name: {{ .Release.Name }}
  labels:
    k8s-app: yugaware
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
{{- if .Values.yugaware.serviceAccountAnnotations }}
  annotations:
{{ toYaml .Values.yugaware.serviceAccountAnnotations | indent 4 }}
{{- end }}
{{ end }}
{{- if .Values.rbac.create }}
{{- if .Values.ocpCompatibility.enabled }}
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: {{ .Release.Name }}-cluster-monitoring-view
  labels:
    app: yugaware
subjects:
- kind: ServiceAccount
  name: {{ .Values.yugaware.serviceAccount | default .Release.Name }}
  namespace: {{ .Release.Namespace }}
roleRef:
  kind: ClusterRole
  name: cluster-monitoring-view
  apiGroup: rbac.authorization.k8s.io
{{- else }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: {{ .Release.Name }}
rules:
- apiGroups: ["policy"]
  resources:
  - poddisruptionbudgets
  verbs: ["get", "create", "delete", "patch"]
- apiGroups: [""]
  resources:
  - services
  verbs: ["get", "delete", "create", "patch", "list", "watch"]
- apiGroups: ["apps"]
  resources:
  - statefulsets
  verbs: ["get", "delete", "create", "patch", "scale"]
- apiGroups: [""]
  resources:
  - secrets
  verbs: ["create", "list", "get", "delete", "update", "patch"]
- apiGroups: ["cert-manager.io"]
  resources:
  - certificates
  verbs: ["create", "delete", "get", "patch"]
- apiGroups: [""]
  resources:
  - nodes
  - nodes/proxy
  - services
  - endpoints
  - pods
  - pods/exec
  - configmaps      # added configmaps resource
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]   # added all verbs for configmaps
- apiGroups:
  - extensions
  resources:
  - ingresses
  verbs: ["get", "list", "watch"]
- nonResourceURLs: ["/metrics"]
  verbs: ["get"]
- apiGroups: [""]
  resources:
  - namespaces
  - secrets
  - pods/portforward
  - events          # added events resource
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]  # added all verbs for events
- apiGroups: ["", "extensions"]
  resources:
  - deployments
  - services
  verbs: ["create", "get", "list", "watch", "update", "delete"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: {{ .Release.Name }}
  labels:
    k8s-app: yugaware
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
subjects:
- kind: ServiceAccount
  name: {{ .Values.yugaware.serviceAccount | default .Release.Name }}
  namespace: {{ .Release.Namespace }}
roleRef:
  kind: ClusterRole
  name: {{ .Release.Name }}
  apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end }}