Multi-namespace RBAC support (#60)

Signed-off-by: Jeff Fouchard <jeff.fouchard@fullscript.com>

charts/argo-events/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 description: A Helm chart to install Argo-Events in k8s Cluster
 name: argo-events
-version: 0.4.0
+version: 0.4.1
 keywords:
 - argo-events
 - sensor-controller

charts/argo-events/templates/argo-events-cluster-roles.yaml

@@ -10,6 +10,13 @@ subjects:
   - kind: ServiceAccount
     name: argo-events-sa
     namespace: {{ .Release.Namespace }}
+  {{- if .Values.additionalSaNamespaces }}
+  {{- range $namespace := .Values.additionalSaNamespaces }}
+  - kind: ServiceAccount
+    name: argo-events-sa
+    namespace: {{ $namespace }}
+  {{- end }}
+  {{- end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole

charts/argo-events/templates/argo-events-sa.yaml

@@ -5,3 +5,13 @@ kind: ServiceAccount
 metadata:
   name: argo-events-sa
   namespace: {{ .Release.Namespace }}
+{{- if .Values.additionalSaNamespaces }}
+{{- range $namespace := .Values.additionalSaNamespaces }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: argo-events-sa
+  namespace: {{ $namespace }}
+{{- end }}
+{{- end }}

charts/argo-events/values.yaml

@@ -6,11 +6,13 @@ imagePullPolicy: Always
 
 # ServiceAccount to use for running controller.
 serviceAccount: argo-events-sa
+# Create service accounts in additional namespaces specified
+# The SA will always be created in the release namespaces
+additionalSaNamespaces: []
+  # - argo-prod
 
 instanceID: argo-events
 
-
-
 # set `singleNamespace` to false to have the controllers 
 # listen on all namespaces.  Otherwise the controllers will listen
 # on the namespace provided