What motivated this proposal?

We use a CICD user in our kubernetes cluster to automate deployments.
This CICD user has a namespaced admin role attached to it.

The jetstream-controller-role role doesn't have the rbac.authorization.k8s.io/aggregate-to-admin: "true" label on it, which means we would have to either manually modify the role with the label or attach the role to our CICD user.

What is the proposed change?

Add the ability to add custom labels to the jetstream-controller-role role to be able to set rbac.authorization.k8s.io/aggregate-to-admin: "true"

# helm/charts/nack/templates/rbac-jetstream-controller.yml
apiVersion: rbac.authorization.k8s.io/v1
kind: {{ $kind }}
metadata:
  name: {{ template "jsc.serviceAccountName" . }}-{{ $kindSuffix }}
  namespace: {{ include "jsc.namespace" . }}
+ labels:
+   {{- tpl (toYaml .Values.rbacLabels) . | nindent 4 }}
{{ tpl .Values.rbacRules . }}

Who benefits from this change?

No response

What alternatives have you evaluated?

• Manually modifying the jetstream-controller-role role
• Manually attaching the role to users
• Attach cluster-admin Cluster Role to CICD user with a Namespaced RoleBinding