break(helm/v2-alpha): Add support to install solution as namespaced scope

Author: camilamacedo86

docs/book/src/cronjob-tutorial/testdata/project/dist/chart/templates/rbac/cronjob-admin-role.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.rbacHelpers.enable }}
+{{- if .Values.rbac.helpers.create }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:

docs/book/src/cronjob-tutorial/testdata/project/dist/chart/templates/rbac/cronjob-editor-role.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.rbacHelpers.enable }}
+{{- if .Values.rbac.helpers.create }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:

docs/book/src/cronjob-tutorial/testdata/project/dist/chart/templates/rbac/cronjob-viewer-role.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.rbacHelpers.enable }}
+{{- if .Values.rbac.helpers.create }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:

docs/book/src/cronjob-tutorial/testdata/project/dist/chart/templates/rbac/manager-role.yaml

@@ -1,6 +1,13 @@
 apiVersion: rbac.authorization.k8s.io/v1
+{{- if .Values.rbac.namespaced }}
+kind: Role
+{{- else }}
 kind: ClusterRole
+{{- end }}
 metadata:
+{{- if .Values.rbac.namespaced }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}
   name: {{ include "project.resourceName" (dict "suffix" "manager-role" "context" $) }}
 rules:
 - apiGroups:

docs/book/src/cronjob-tutorial/testdata/project/dist/chart/templates/rbac/manager-rolebinding.yaml

@@ -1,6 +1,13 @@
 apiVersion: rbac.authorization.k8s.io/v1
+{{- if .Values.rbac.namespaced }}
+kind: RoleBinding
+{{- else }}
 kind: ClusterRoleBinding
+{{- end }}
 metadata:
+{{- if .Values.rbac.namespaced }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}
   labels:
     app.kubernetes.io/managed-by: {{ .Release.Service }}
     app.kubernetes.io/name: {{ include "project.name" . }}
@@ -9,7 +16,11 @@ metadata:
   name: {{ include "project.resourceName" (dict "suffix" "manager-rolebinding" "context" $) }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
+  {{- if .Values.rbac.namespaced }}
+  kind: Role
+  {{- else }}
   kind: ClusterRole
+  {{- end }}
   name: {{ include "project.resourceName" (dict "suffix" "manager-role" "context" $) }}
 subjects:
 - kind: ServiceAccount

docs/book/src/cronjob-tutorial/testdata/project/dist/chart/values.yaml

@@ -72,11 +72,22 @@ manager:
   ##
   tolerations: []
 
-## Helper RBAC roles for managing custom resources
+## RBAC configuration
 ##
-rbacHelpers:
-  # Install convenience admin/editor/viewer roles for CRDs
-  enable: false
+rbac:
+  # Operator RBAC scope
+  #
+  # - false (default): ClusterRole/ClusterRoleBinding (all namespaces)
+  # - true: Role/RoleBinding (release namespace only)
+  #
+  # Note: metrics-auth-role is always a ClusterRole
+  # (requires TokenReview and SubjectAccessReview APIs).
+  namespaced: false
+
+  # Helper roles for CRD management (admin/editor/viewer)
+  helpers:
+    # Install convenience admin/editor/viewer roles for CRDs
+    create: false
 
 ## Custom Resource Definitions
 ##

docs/book/src/getting-started/testdata/project/dist/chart/templates/rbac/manager-role.yaml

@@ -1,6 +1,13 @@
 apiVersion: rbac.authorization.k8s.io/v1
+{{- if .Values.rbac.namespaced }}
+kind: Role
+{{- else }}
 kind: ClusterRole
+{{- end }}
 metadata:
+{{- if .Values.rbac.namespaced }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}
   name: {{ include "project.resourceName" (dict "suffix" "manager-role" "context" $) }}
 rules:
 - apiGroups:

docs/book/src/getting-started/testdata/project/dist/chart/templates/rbac/manager-rolebinding.yaml

@@ -1,6 +1,13 @@
 apiVersion: rbac.authorization.k8s.io/v1
+{{- if .Values.rbac.namespaced }}
+kind: RoleBinding
+{{- else }}
 kind: ClusterRoleBinding
+{{- end }}
 metadata:
+{{- if .Values.rbac.namespaced }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}
   labels:
     app.kubernetes.io/managed-by: {{ .Release.Service }}
     app.kubernetes.io/name: {{ include "project.name" . }}
@@ -9,7 +16,11 @@ metadata:
   name: {{ include "project.resourceName" (dict "suffix" "manager-rolebinding" "context" $) }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
+  {{- if .Values.rbac.namespaced }}
+  kind: Role
+  {{- else }}
   kind: ClusterRole
+  {{- end }}
   name: {{ include "project.resourceName" (dict "suffix" "manager-role" "context" $) }}
 subjects:
 - kind: ServiceAccount

docs/book/src/getting-started/testdata/project/dist/chart/templates/rbac/memcached-admin-role.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.rbacHelpers.enable }}
+{{- if .Values.rbac.helpers.create }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:

docs/book/src/getting-started/testdata/project/dist/chart/templates/rbac/memcached-editor-role.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.rbacHelpers.enable }}
+{{- if .Values.rbac.helpers.create }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata: