From c7ab6b6b7d147d4be9b2b359adce4f01bf42a82e Mon Sep 17 00:00:00 2001
From: Dinar Valeev <dinar.valeev@absa.africa>
Date: Fri, 15 Oct 2021 09:07:01 +0200
Subject: [PATCH] Don't install extdns rbac by default

external-dns rbac is not protected by ns1, r53 option enablement.
This leads to external-dns rbac installed eitherway. This commit fixes
it.

Signed-off-by: Dinar Valeev <dinar.valeev@absa.africa>
---
 chart/k8gb/templates/external-dns/rbac.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/chart/k8gb/templates/external-dns/rbac.yaml b/chart/k8gb/templates/external-dns/rbac.yaml
index 285d0f34f..ee5081572 100644
--- a/chart/k8gb/templates/external-dns/rbac.yaml
+++ b/chart/k8gb/templates/external-dns/rbac.yaml
@@ -1,4 +1,5 @@
 ---
+{{- if or .Values.ns1.enabled .Values.route53.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@@ -10,7 +11,9 @@ rules:
 - apiGroups: ["externaldns.k8s.io"]
   resources: ["dnsendpoints/status"]
   verbs: ["*"]
+{{- end }}
 ---
+{{- if or .Values.ns1.enabled .Values.route53.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@@ -23,7 +26,9 @@ subjects:
 - kind: ServiceAccount
   name: k8gb-external-dns
   namespace: {{ .Release.Namespace }}
+{{- end }}
 ---
+{{- if or .Values.ns1.enabled .Values.route53.enabled }}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@@ -33,3 +38,4 @@ metadata:
   annotations:
     eks.amazonaws.com/role-arn: {{ .Values.route53.irsaRole }}
 {{- end }}
+{{- end }}