fix(charts): Adding clusterroles for RBAC support

Author: Cryptophobia

charts/workflow-manager/templates/_helpers.tmpl

@@ -0,0 +1,12 @@
+{{/*
+Set apiVersion based on Kubernetes version
+*/}}
+{{- define "rbacAPIVersion" -}}
+{{- if (lt (int (.Capabilities.KubeVersion.Minor)) 6) -}}
+rbac.authorization.k8s.io/v1alpha1
+{{- else if (and (ge (int (.Capabilities.KubeVersion.Minor)) 6) (le (int (.Capabilities.KubeVersion.Minor)) 7)) -}}
+rbac.authorization.k8s.io/v1beta1
+{{- else -}}
+rbac.authorization.k8s.io/v1
+{{- end -}}
+{{- end -}}

charts/workflow-manager/templates/workflow-manager-clusterrole.yaml

@@ -0,0 +1,21 @@
+{{- if (.Values.global.use_rbac) -}}
+{{- if (.Capabilities.APIVersions.Has (include "rbacAPIVersion" .)) -}}
+kind: ClusterRole
+apiVersion: {{ template "rbacAPIVersion" . }}
+metadata:
+  name: deis:deis-workflow-manager
+  labels:
+    app: deis-workflow-manager
+    heritage: deis
+rules:
+- apiGroups: ["extensions", "apps"]
+  resources: ["deployments", "daemonsets"]
+  verbs: ["get", "list"]
+- apiGroups: [""]
+  resources: ["namespaces", "replicationcontrollers"]
+  verbs: ["get", "list"]
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["get", "list", "create", "delete", "update"]
+{{- end -}}
+{{- end -}}

charts/workflow-manager/templates/workflow-manager-clusterrolebinding.yaml

@@ -0,0 +1,19 @@
+{{- if (.Values.global.use_rbac) -}}
+{{- if (.Capabilities.APIVersions.Has (include "rbacAPIVersion" .)) -}}
+kind: ClusterRoleBinding
+apiVersion: {{ template "rbacAPIVersion" . }}
+metadata:
+  name: deis:deis-workflow-manager
+  labels:
+    app: deis-workflow-manager
+    heritage: deis
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: deis:deis-workflow-manager
+subjects:
+- kind: ServiceAccount
+  name: deis-workflow-manager
+  namespace: {{ .Release.Namespace }}
+{{- end -}}
+{{- end -}}