From 0de4b723359549e6bdff13eed6b88237d3158725 Mon Sep 17 00:00:00 2001
From: Nick Lyubenko <nicklyubenko@gmail.com>
Date: Thu, 14 Nov 2024 11:12:28 -0600
Subject: [PATCH] add cluster role binding and cluster role and tags

---
 dkron/templates/agent-deployment.yaml     |  3 +++
 dkron/templates/cluster-role-binding.yaml | 13 +++++++++++++
 dkron/templates/clusterrole.yaml          | 12 ++++++++++++
 dkron/values.yaml                         |  2 ++
 4 files changed, 30 insertions(+)
 create mode 100644 dkron/templates/cluster-role-binding.yaml
 create mode 100644 dkron/templates/clusterrole.yaml

diff --git a/dkron/templates/agent-deployment.yaml b/dkron/templates/agent-deployment.yaml
index 59d8cbd..f943b34 100644
--- a/dkron/templates/agent-deployment.yaml
+++ b/dkron/templates/agent-deployment.yaml
@@ -48,6 +48,9 @@ spec:
               - "--retry-join=\"provider=k8s label_selector=\"\"app.kubernetes.io/instance={{ .Release.Name }}\"\" namespace=\"\"{{ .Release.Namespace }}\"\"\""
               - "--log-level={{ .Values.agent.log.level }}"
               - "--tag=\"agent=true\""
+              {{- range .Values.agent.tags }}
+              - "--tag=\"{{ . }}\""
+              {{- end }}
           ports:
             -   name: serf
                 containerPort: 8946
diff --git a/dkron/templates/cluster-role-binding.yaml b/dkron/templates/cluster-role-binding.yaml
new file mode 100644
index 0000000..033ce21
--- /dev/null
+++ b/dkron/templates/cluster-role-binding.yaml
@@ -0,0 +1,13 @@
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "dkron.fullname" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "dkron.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ include "dkron.fullname" . }}
+  apiGroup: rbac.authorization.k8s.io
diff --git a/dkron/templates/clusterrole.yaml b/dkron/templates/clusterrole.yaml
new file mode 100644
index 0000000..17919d7
--- /dev/null
+++ b/dkron/templates/clusterrole.yaml
@@ -0,0 +1,12 @@
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "dkron.fullname" . }}
+rules:
+  - apiGroups: [""]
+    resources: ["pods", "pods/log"]
+    verbs: ["list", "patch", "get"]
+  - apiGroups: [""]
+    resources: ["pods/exec"]
+    verbs: ["create"]
diff --git a/dkron/values.yaml b/dkron/values.yaml
index 8993ce6..0f18eb4 100644
--- a/dkron/values.yaml
+++ b/dkron/values.yaml
@@ -81,6 +81,8 @@ agent:
 
   log:
     level: "info"
+    
+  tags:
 
   deploymentAnnotations: {}