From 94d6e2899ea48deec8d8750d935729abfd731315 Mon Sep 17 00:00:00 2001
From: Steve Wilkerson <wilkers.steve@gmail.com>
Date: Fri, 23 Feb 2018 10:51:34 -0600
Subject: [PATCH] Add clusterrolebinding and clusterrole for
 elasticsearch-master

The template for elasticsearch-master was missing the clusterrole
and clusterrolebinding. This adds them to bring it in line with
the other templates

Change-Id: I34bc7e889018411b3791c1b7f24d150e1f6a24e5
---
 .../templates/deployment-master.yaml          | 35 +++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/elasticsearch/templates/deployment-master.yaml b/elasticsearch/templates/deployment-master.yaml
index 8b02bcb60..8cc348723 100644
--- a/elasticsearch/templates/deployment-master.yaml
+++ b/elasticsearch/templates/deployment-master.yaml
@@ -28,6 +28,41 @@ limitations under the License.
 {{- $serviceAccountName := "elasticsearch-master"}}
 {{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: run-elasticsearch-master
+subjects:
+  - kind: ServiceAccount
+    name: {{ $serviceAccountName }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ $serviceAccountName }}
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  name: {{ $serviceAccountName }}
+rules:
+  - nonResourceURLs:
+    - /
+    verbs:
+    - get
+  - apiGroups:
+    - ""
+    resources:
+    - endpoints
+    verbs:
+    - get
+  - apiGroups:
+    - apps
+    resources:
+    - statefulsets/status
+    verbs:
+    - get
+---
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata: