charts: coredns
diff --git a/charts/coredns/templates/clusterrole.yaml b/charts/coredns/templates/clusterrole.yaml
new file mode 100644
index 0000000..c33762c
--- /dev/null
+++ b/charts/coredns/templates/clusterrole.yaml
@@ -0,0 +1,36 @@
+{{- if and .Values.deployment.enabled .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "coredns.fullname" . }}
+ labels: {{- include "coredns.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - endpoints
+ - services
+ - pods
+ - namespaces
+ verbs:
+ - list
+ - watch
+- apiGroups:
+ - discovery.k8s.io
+ resources:
+ - endpointslices
+ verbs:
+ - list
+ - watch
+{{- if .Values.rbac.pspEnable }}
+- apiGroups:
+ - policy
+ - extensions
+ resources:
+ - podsecuritypolicies
+ verbs:
+ - use
+ resourceNames:
+ - {{ template "coredns.fullname" . }}
+{{- end }}
+{{- end }}