{{- if .Values.deploy.restapi }}
{{- if eq "true" (include "unmodificableWebapiAdminClusterRoleBinding" .) }}
---
apiVersion: batch/v1
kind: Job
metadata:
  namespace: {{ .Release.Namespace }}
  name: "{{ .Release.Name }}-delete-webapi-admin-clusterrolebinding"
  labels:
    app: stackgres-operator-init
    job: delete-webapi-admin-clusterrolebinding
  annotations:
    "helm.sh/hook": pre-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
    "helm.sh/hook-weight": "10"
    {{- with .Values.jobs.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
spec:
  ttlSecondsAfterFinished: 3600
  template:
    metadata:
      labels:
        app: stackgres-operator-init
        job: delete-webapi-admin-clusterrolebinding
    spec:
      serviceAccountName: {{ .Release.Name }}-init
      restartPolicy: OnFailure
      terminationGracePeriodSeconds: 0
      {{- with .Values.jobs.affinity}}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end}}
      {{- with .Values.jobs.nodeSelector}}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.jobs.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      containers:
      - name: "delete-webapi-admin-clusterrolebinding"
        image: {{ template "kubectl-image" . }}
        imagePullPolicy: "IfNotPresent"
        {{- with .Values.jobs.resources }}
        resources:
          {{- toYaml . | nindent 10 }}
        {{- end }}
        command:
          - "/bin/bash"
          - "-ecx"
          - |
            kubectl delete clusterrolebinding stackgres-restapi-admin --ignore-not-found
{{- end }}
{{- $allowedNamespaces := regexSplit " " (include "allowedNamespaces" .) -1 }}
{{- range $index, $namespace := $allowedNamespaces }}
{{- if and (eq $index 0) (or (eq $namespace "_all_namespaces_placeholder") (not $.Values.disableClusterRole)) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: stackgres-restapi-admin
{{- with $.Values.clusterOwnerRefereces }}
  ownerReferences:
    {{- toYaml . | nindent 4 }}
{{- end }}
subjects:
- kind: User
  name: {{ $.Values.authentication.user | quote }}
roleRef:
  kind: ClusterRole
  name: stackgres-restapi-admin
  apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- if not (eq $namespace "_all_namespaces_placeholder") }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  namespace: {{ $namespace }}
  name: stackgres-restapi-admin
subjects:
- kind: User
  name: {{ $.Values.authentication.user | quote }}
roleRef:
  kind: Role
  name: stackgres-restapi-admin
  apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end }}
{{- end }}