helm · KlavsKlavsen · Jul 22, 2020 · Jul 22, 2020 · Jul 23, 2020 · Jul 23, 2020
diff --git a/stable/grafana/Chart.yaml b/stable/grafana/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v1
 name: grafana
-version: 5.5.1
+version: 5.6.1
 appVersion: 7.0.5
 kubeVersion: "^1.8.0-0"
 description: The leading tool for querying and visualizing time series and metrics.

diff --git a/stable/grafana/README.md b/stable/grafana/README.md
@@ -160,6 +160,7 @@ You have to add --force to your helm upgrade command as the labels of the chart
 | `serviceAccount.nameTest`                 | Service account name to use for test, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `` |
 | `rbac.create`                             | Create and use RBAC resources                 | `true`                                                  |
 | `rbac.namespaced`                         | Creates Role and Rolebinding instead of the default ClusterRole and ClusteRoleBindings for the grafana instance  | `false` |
+| `rbac.useExistingRole`                    | Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to the rolename set here. | `nil` |
 | `rbac.pspEnabled`                         | Create PodSecurityPolicy (with `rbac.create`, grant roles permissions as well) | `true`                 |
 | `rbac.pspUseAppArmor`                     | Enforce AppArmor in created PodSecurityPolicy (requires `rbac.pspEnabled`)  | `true`                    |
 | `rbac.extraRoleRules`                     | Additional rules to add to the Role           | []                                                      |

diff --git a/stable/grafana/templates/clusterrole.yaml b/stable/grafana/templates/clusterrole.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.rbac.create (not .Values.rbac.namespaced) }}
+{{- if and .Values.rbac.create (not .Values.rbac.namespaced) (not .Values.rbac.useExistingRole) }}
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:

diff --git a/stable/grafana/templates/clusterrolebinding.yaml b/stable/grafana/templates/clusterrolebinding.yaml
@@ -15,6 +15,10 @@ subjects:
     namespace: {{ template "grafana.namespace" . }}
 roleRef:
   kind: ClusterRole
+{{- if (not .Values.rbac.useExistingRole) }}
   name: {{ template "grafana.fullname" . }}-clusterrole
+{{- else }}
+  name: {{ .Values.rbac.useExistingRole }}
+{{- end }}
   apiGroup: rbac.authorization.k8s.io
 {{- end -}}
diff --git a/stable/grafana/templates/role.yaml b/stable/grafana/templates/role.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.rbac.create -}}
+{{- if and .Values.rbac.create (not .Values.rbac.useExistingRole) -}}
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: Role
 metadata:

diff --git a/stable/grafana/templates/rolebinding.yaml b/stable/grafana/templates/rolebinding.yaml
@@ -13,7 +13,11 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
+{{- if (not .Values.rbac.useExistingRole) }}
   name: {{ template "grafana.fullname" . }}
+{{- else }}
+  name: {{ .Values.rbac.useExistingRole }}
+{{- end }}
 subjects:
 - kind: ServiceAccount
   name: {{ template "grafana.serviceAccountName" . }}