X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fcommon%2FserviceAccount%2Ftemplates%2Frole-binding.yaml;h=11593ccccbd5902a34becd5bf9969d490345bb3f;hb=refs%2Fheads%2Fmaster;hp=2082f8466b6665b5d00aa0bd51f0fe90d5650354;hpb=4534881264e8a125c7eed68992fe4ef32b204caf;p=oom.git

diff --git a/kubernetes/common/serviceAccount/templates/role-binding.yaml b/kubernetes/common/serviceAccount/templates/role-binding.yaml
index 2082f8466b..11593ccccb 100644
--- a/kubernetes/common/serviceAccount/templates/role-binding.yaml
+++ b/kubernetes/common/serviceAccount/templates/role-binding.yaml
@@ -1,5 +1,6 @@
 {{/*
 # Copyright © 2020 Orange
+# Modifications Copyright © 2023 Deutsche Telekom AG
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -16,18 +17,23 @@
 
 {{- $dot := . -}}
 {{- range $role_type := $dot.Values.roles }}
+{{/* retrieve the names for generic roles */}}
+{{ $name := printf "%s-%s" (include "common.release" $dot) $role_type }}
+{{- if or (not (has $role_type $dot.Values.defaultRoles)) ($dot.Values.global.createDefaultRoles) ($dot.Values.createDefaultRoles) }}
+{{ $name = include "common.fullname" (dict "suffix" $role_type "dot" $dot ) }}
+{{- end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 # This cluster role binding allows anyone in the "manager" group to read secrets in any namespace.
 kind: RoleBinding
 metadata:
-  name: {{ include "common.fullname" (dict "suffix" $role_type "dot" $dot )}}
+  name: {{ include "common.fullname" (dict "suffix" $role_type "dot" $dot ) }}
   namespace: {{ include "common.namespace" $dot }}
 subjects:
 - kind: ServiceAccount
-  name: {{ include "common.fullname" (dict "suffix" $role_type "dot" $dot )}}
+  name: {{ include "common.fullname" (dict "suffix" $role_type "dot" $dot ) }}
 roleRef:
   kind: Role
-  name: {{ include "common.fullname" (dict "suffix" $role_type "dot" $dot )}}
+  name: {{ $name }}
   apiGroup: rbac.authorization.k8s.io
 {{- end }}