diff --git a/charts/linkerd2-multicluster/README.md b/charts/linkerd2-multicluster/README.md index 04c9c1e48..6f418054f 100644 --- a/charts/linkerd2-multicluster/README.md +++ b/charts/linkerd2-multicluster/README.md @@ -32,7 +32,7 @@ linkerd2-multicluster chart and their default values. |`linkerdVersion` | Control plane version | latest version | |`namespace` | Service Mirror component namespace |`linkerd-multicluster` | |`proxyOutboundPort` | The port on which the proxy accepts outbound traffic |`4140` | -|`remoteMirrorServiceAccountName` | The name of the service account used to allow remote clusters to mirror local services |`linkerd-service-mirror-remote-access-default`| +|`remoteMirrorServiceAccountName` | The name (or list of names) of the service account(s) used to allow remote clusters to mirror local services |`linkerd-service-mirror-remote-access-default`| |`remoteMirrorServiceAccount` | If the remote mirror service account should be installed |`true` | |`serviceMirror` | If the service mirror component should be installed |`true` | |`logLevel` | Log level for the Multicluster components |`info` | diff --git a/charts/linkerd2-multicluster/templates/remote-access-service-mirror-rbac.yaml b/charts/linkerd2-multicluster/templates/remote-access-service-mirror-rbac.yaml index 6492b8cc2..e19326b9d 100644 --- a/charts/linkerd2-multicluster/templates/remote-access-service-mirror-rbac.yaml +++ b/charts/linkerd2-multicluster/templates/remote-access-service-mirror-rbac.yaml @@ -1,12 +1,17 @@ {{if .Values.remoteMirrorServiceAccount -}} +{{- $names := .Values.remoteMirrorServiceAccountName -}} +{{- if not (kindIs "slice" .Values.remoteMirrorServiceAccountName) -}} + {{- $names = splitList "," .Values.remoteMirrorServiceAccountName -}} +{{- end -}} +{{- range $names -}} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{.Values.remoteMirrorServiceAccountName}} - namespace: {{.Values.namespace}} + name: {{.}} + namespace: {{$.Values.namespace}} annotations: - {{.Values.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.linkerdVersion) .Values.cliVersion}} + {{$.Values.createdByAnnotation}}: {{default (printf "linkerd/helm %s" $.Values.linkerdVersion) $.Values.cliVersion}} rules: - apiGroups: [""] resources: ["services"] @@ -19,25 +24,25 @@ rules: apiVersion: v1 kind: ServiceAccount metadata: - name: {{.Values.remoteMirrorServiceAccountName}} - namespace: {{.Values.namespace}} + name: {{.}} + namespace: {{$.Values.namespace}} annotations: - {{.Values.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.linkerdVersion) .Values.cliVersion}} + {{$.Values.createdByAnnotation}}: {{default (printf "linkerd/helm %s" $.Values.linkerdVersion) $.Values.cliVersion}} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{.Values.remoteMirrorServiceAccountName}} - namespace: {{.Values.namespace}} + name: {{.}} + namespace: {{$.Values.namespace}} annotations: - {{.Values.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.linkerdVersion) .Values.cliVersion}} + {{$.Values.createdByAnnotation}}: {{default (printf "linkerd/helm %s" $.Values.linkerdVersion) $.Values.cliVersion}} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{.Values.remoteMirrorServiceAccountName}} + name: {{.}} subjects: - kind: ServiceAccount - name: {{.Values.remoteMirrorServiceAccountName}} - namespace: {{.Values.namespace}} + name: {{.}} + namespace: {{$.Values.namespace}} +{{end -}} {{end -}} -