Add explicit enabled for script pod clusterrole (#496)

Author: eddymoulton

.changeset/easy-sides-care.md

@@ -0,0 +1,5 @@
+---
+"kubernetes-agent": minor
+---
+
+Add explicit cluster role enabled value

charts/kubernetes-agent/templates/pod-clusterbinding.yaml

@@ -1,4 +1,4 @@
-{{- if  and (empty (include "kubernetes-agent.targetNamespaces" . | fromJsonArray)) (not .Values.agent.worker.enabled) (not .Values.scriptPods.serviceAccount.useNamespacedRoles) }}
+{{- if  and .Values.scriptPods.serviceAccount.clusterRole.enabled (empty (include "kubernetes-agent.targetNamespaces" . | fromJsonArray)) (not .Values.agent.worker.enabled) (not .Values.scriptPods.serviceAccount.useNamespacedRoles) }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:

charts/kubernetes-agent/templates/pod-clusterroles.yaml

@@ -1,4 +1,4 @@
-{{- if not .Values.scriptPods.serviceAccount.useNamespacedRoles }}
+{{- if and .Values.scriptPods.serviceAccount.clusterRole.enabled (not .Values.scriptPods.serviceAccount.useNamespacedRoles)}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:

charts/kubernetes-agent/values.yaml

@@ -233,6 +233,7 @@ scriptPods:
     # @section -- Script pod values
     # @default -- `[{"apiGroups":["*"],"resources":["*"],"verbs":["*"]},{"nonResourceURLs":["*"],"verbs":["*"]}]`
     clusterRole:
+      enabled: true
       rules: []
 
     # -- if defined, overrides the default Role rules when using namespace-scoped roles