Make cluster role creation optional

[day1118]

Is your feature request related to a problem? Please describe. I want to limit the scope of secrets-generator to a single namespace & remove the need to create a cluster role

Describe the solution you'd like Add a variable such as rbac.create & rbac.clusterRole which disable the role and clusterRole respectively. Both would default to true for backwards compatibility.

If rbac.clusterRole is false, then watchNamespace should default to {{ .Release.Namespace }} as the generator will not have permissions to access other namespaces.

Describe alternatives you've considered WATCH_NAMESPACE could be updated to include the tpl function so that it can be set to {{ .Release.Namespace }} via the values file, but this doesn't remove the clusterRole

env:
  - name: WATCH_NAMESPACE
    value: {{ tpl .Values.watchNamespace . }}

Additional context I can raise a PR for these changes if you are happy with the variable names. Concept modelled from bitnami/external-dns

[mittwald-machine]

There has not been any activity to this issue in the last 30 days. It will automatically be closed after 7 more days. Remove the stale label to prevent this.

[day1118]

Are you able to review the PR please @YannikBramkamp ?

[mittwald-machine]

There has not been any activity to this issue in the last 30 days. It will automatically be closed after 7 more days. Remove the stale label to prevent this.

[day1118]

@YannikBramkamp @martin-helmich Can you please cut a release with this change included? Thanks

[YannikBramkamp]

Done @day1118

[day1118]

Thanks @YannikBramkamp - there was no helm release generated for v3.3.0 - Can you please trigger this?

[YannikBramkamp]

@day1118 Sorry for the delay, Should be available now