{{- if and .Values.rbac.create (or (not .Values.rbac.namespaced) .Values.rbac.extraClusterRoleRules) (not .Values.rbac.useExistingClusterRole) }} kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: labels: {{- include "grafana.labels" . | nindent 4 }} {{- with .Values.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "grafana.fullname" . }}-clusterrole {{- if or .Values.sidecar.dashboards.enabled .Values.rbac.extraClusterRoleRules .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled .Values.sidecar.alerts.enabled }} rules: {{- if or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled .Values.sidecar.alerts.enabled }} - apiGroups: [""] # "" indicates the core API group resources: ["configmaps", "secrets"] verbs: ["get", "watch", "list"] {{- end}} {{- with .Values.rbac.extraClusterRoleRules }} {{- toYaml . | nindent 2 }} {{- end}} {{- else }} rules: [] {{- end}} {{- end}}