Merge pull request #2413 from haines/helm-chart-cluster-role-permissions

Only add cluster role permissions for enabled sources

charts/external-dns/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: external-dns
 description: ExternalDNS synchronizes exposed Kubernetes Services and Ingresses with DNS providers.
 type: application
-version: 1.4.1
+version: 1.5.0
 appVersion: 0.10.1
 keywords:
   - kubernetes
@@ -18,4 +18,4 @@ maintainers:
 annotations:
   artifacthub.io/changes: |
     - kind: changed
-      description: "Update image to v0.10.1"
+      description: "Cluster role permissions are now only added for enabled sources"

charts/external-dns/templates/clusterrole.yaml

@@ -6,20 +6,36 @@ metadata:
   labels:
     {{- include "external-dns.labels" . | nindent 4 }}
 rules:
+{{- if or (has "node" .Values.sources) (has "pod" .Values.sources) (has "service" .Values.sources) }}
   - apiGroups: [""]
-    resources: ["services","endpoints","pods"]
+    resources: ["nodes"]
+    verbs: ["list","watch"]
+{{- end }}
+
+{{- if or (has "pod" .Values.sources) (has "service" .Values.sources) }}
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["get","watch","list"]
+{{- end }}
+
+{{- if has "service" .Values.sources }}
+  - apiGroups: [""]
+    resources: ["services","endpoints"]
     verbs: ["get","watch","list"]
+{{- end }}
+
+{{- if has "ingress" .Values.sources }}
   - apiGroups: ["extensions","networking.k8s.io"]
     resources: ["ingresses"]
     verbs: ["get","watch","list"]
-  - apiGroups: [""]
-    resources: ["nodes"]
-    verbs: ["list","watch"]
+{{- end }}
+
 {{- if has "istio-gateway" .Values.sources }}
   - apiGroups: ["networking.istio.io"]
     resources: ["gateways"]
     verbs: ["get","watch","list"]
 {{- end }}
+
 {{- if has "istio-virtualservice" .Values.sources }}
   - apiGroups: ["networking.istio.io"]
     resources: ["virtualservices"]