From 1df83d09babdf1e93adb3f3a32b77898245dbf34 Mon Sep 17 00:00:00 2001
From: Jorge Tudela <jtudelag@redhat.com>
Date: Fri, 5 Aug 2022 10:31:23 +0200
Subject: [PATCH] Parametrize ipa namespace

---
 tooling/charts/tl500-base/templates/tl500-rbac.yaml | 11 +++++------
 tooling/charts/tl500-base/values.yaml               |  8 ++++----
 2 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/tooling/charts/tl500-base/templates/tl500-rbac.yaml b/tooling/charts/tl500-base/templates/tl500-rbac.yaml
index 9c1b19f..6c6d6e6 100644
--- a/tooling/charts/tl500-base/templates/tl500-rbac.yaml
+++ b/tooling/charts/tl500-base/templates/tl500-rbac.yaml
@@ -119,14 +119,13 @@ subjects:
   kind: Group
   name: {{ .Values.group_name }}
 ---
-# to view tl500 IPA namespaces
-# Only if IPA namespace is there
-{{ if (lookup "v1" "Namespace" "" "ipa") }}
+{{- if .Values.ipa_namespace -}}
+# to view tl500 IPA namespaces. Only if IPA namespace exists.
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: tl500-ipa-view
-  namespace: ipa
+  namespace: {{ .Values.ipa_namespace }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -135,7 +134,7 @@ subjects:
 - apiGroup: rbac.authorization.k8s.io
   kind: Group
   name: {{ .Values.group_name }}
-{{- end }}
+{{- end -}}
 ---
 # to edit/view monotoring
 apiVersion: rbac.authorization.k8s.io/v1
@@ -163,4 +162,4 @@ subjects:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: 'system:image-puller'
+  name: 'system:image-puller'
\ No newline at end of file
diff --git a/tooling/charts/tl500-base/values.yaml b/tooling/charts/tl500-base/values.yaml
index 4a89a47..f5c683d 100644
--- a/tooling/charts/tl500-base/values.yaml
+++ b/tooling/charts/tl500-base/values.yaml
@@ -4,9 +4,11 @@ gitlab_app_name: "gitlab-ce"
 # Create a helper to create a prefix if one isn't provided? Would help if we moved to shared clusters
 prefix: ""
 
-# Group name in LDAP / IdM (FreeIPA) for attendees 
+# Group name in LDAP / IdM (FreeIPA) for attendees.
 group_name: student
 
+# Namespace where IDM runs, in case is deployed in OCP. Otherwise leave it empty or blank.
+ipa_namespace: ipa
 
 namespaces:
   - name: tl500-workspaces
@@ -75,7 +77,6 @@ operators:
      operatorgroup:
        create: false
 
-
 logging:
   # Might be needed with clusters that have an infra plane
   # nodeSelector:
@@ -134,5 +135,4 @@ gitops-operator:
   ignoreHelmHooks: false
 
 tl500-teamsters:
-  enabled: true
-
+  enabled: true
\ No newline at end of file