From 90e6b9e7cfec9fd00c04f4d94971f9aee2a107cc Mon Sep 17 00:00:00 2001
From: Bernd Schorgers <me@bjw-s.dev>
Date: Fri, 4 Oct 2024 15:50:55 +0200
Subject: [PATCH] feat(common): Release 3.5.0 (#357)

Co-authored-by: Lawrence Gil <lawrence.gil@assemblyglobal.com>
---
 .../configMapsFolder/test_2/helm.binary.jpg   | Bin 0 -> 26157 bytes
 .../tests/_values/rbac_values.yaml            |  19 ++
 .../tests/pod/field_serviceAccount_test.yaml  |  73 ++++++-
 .../common-test/tests/rbac/metadata_test.yaml |  60 ++++++
 .../common-test/tests/rbac/names_test.yaml    |  58 ++++++
 .../tests/rbac/validations_test.yaml          |  44 ++++
 .../common-test/tests/rbac/values_test.yaml   |  52 +++++
 .../tests/service/values_test.yaml            |  16 ++
 .../serviceAccount/serviceaccount_test.yaml   | 126 +++++++++++-
 charts/library/common/Chart.yaml              |  15 +-
 charts/library/common/README.md               |   4 +-
 charts/library/common/schemas/configmap.json  |  11 +-
 .../library/common/schemas/controllers.json   | 190 ++++++++++++++----
 charts/library/common/schemas/service.json    |   4 +
 .../common/schemas/serviceAccount.json        |  22 ++
 .../common/templates/classes/_configmap.tpl   |   8 +-
 .../common/templates/classes/_role.tpl        |  40 ++++
 .../common/templates/classes/_rolebinding.tpl |  68 +++++++
 .../common/templates/classes/_service.tpl     |   3 +
 .../templates/classes/_serviceAccount.tpl     |   2 +-
 .../{configMap => common}/_valuesToObject.tpl |  14 +-
 .../lib/configMap/_getByIdentifier.tpl        |   2 +-
 .../templates/lib/configMap/_validate.tpl     |   4 +
 .../lib/pod/fields/_serviceAccountName.tpl    |  18 +-
 .../lib/rawResource/_valuesToObject.tpl       |  27 ---
 .../templates/lib/role/_getByIdentifier.tpl   |  12 ++
 .../common/templates/lib/role/_validate.tpl   |  18 ++
 .../lib/rolebinding/_getByIdentifier.tpl      |  12 ++
 .../templates/lib/rolebinding/_validate.tpl   |  32 +++
 .../templates/lib/secret/_getByIdentifier.tpl |   2 +-
 .../templates/lib/secret/_valuesToObject.tpl  |  27 ---
 .../lib/serviceAccount/_getByIdentifier.tpl   |  17 ++
 .../lib/serviceAccount/_valuesToObject.tpl    |  18 +-
 .../common/templates/loader/_generate.tpl     |   1 +
 .../common/templates/render/_configmaps.tpl   |  12 +-
 .../common/templates/render/_controllers.tpl  |  36 ++--
 .../common/templates/render/_rawResources.tpl |   6 +-
 .../library/common/templates/render/_rbac.tpl |  67 ++++++
 .../common/templates/render/_secrets.tpl      |   4 +-
 .../templates/render/_serviceaccount.tpl      |  33 ++-
 charts/library/common/values.schema.json      |  13 +-
 charts/library/common/values.yaml             |  66 +++++-
 42 files changed, 1092 insertions(+), 164 deletions(-)
 create mode 100644 charts/library/common-test/ci/configMapsFolder/test_2/helm.binary.jpg
 create mode 100644 charts/library/common-test/tests/_values/rbac_values.yaml
 create mode 100644 charts/library/common-test/tests/rbac/metadata_test.yaml
 create mode 100644 charts/library/common-test/tests/rbac/names_test.yaml
 create mode 100644 charts/library/common-test/tests/rbac/validations_test.yaml
 create mode 100644 charts/library/common-test/tests/rbac/values_test.yaml
 create mode 100644 charts/library/common/templates/classes/_role.tpl
 create mode 100644 charts/library/common/templates/classes/_rolebinding.tpl
 rename charts/library/common/templates/lib/{configMap => common}/_valuesToObject.tpl (69%)
 delete mode 100644 charts/library/common/templates/lib/rawResource/_valuesToObject.tpl
 create mode 100644 charts/library/common/templates/lib/role/_getByIdentifier.tpl
 create mode 100644 charts/library/common/templates/lib/role/_validate.tpl
 create mode 100644 charts/library/common/templates/lib/rolebinding/_getByIdentifier.tpl
 create mode 100644 charts/library/common/templates/lib/rolebinding/_validate.tpl
 delete mode 100644 charts/library/common/templates/lib/secret/_valuesToObject.tpl
 create mode 100644 charts/library/common/templates/lib/serviceAccount/_getByIdentifier.tpl
 create mode 100644 charts/library/common/templates/render/_rbac.tpl

diff --git a/charts/library/common-test/ci/configMapsFolder/test_2/helm.binary.jpg b/charts/library/common-test/ci/configMapsFolder/test_2/helm.binary.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..83dda637b741d345e6c464019e1d9aaee3b36964
GIT binary patch
literal 26157
zcmeFZ2Ut_vwl*9@MCnzELR3URL=*+2Mn#N(ihvMliHbB45RhJiND)LLAfPBjnsg#a
zks9fs6agX9tMrmUfROqvb~$_NKKI;v&wuav&-XkZJ}YaPHCLH)j`5Cnlo`f1#u$i4
z_oB{45EBy!#02~UG3X#QEko^d*Yyom57^$3yL;c-_JGI9<0lSCySv#t*&fi*g&xqo
zrVTydp`;*l?0}2=t$X$lybov`ICFxHF$mHE?b^w*i)H7oT`ap;S$FMb<6&dlvxiN9
zi<^T-NI+OvNMP??Q87ud=st=4d-onVc0l5Yl*~~X5wP3|Iq4IU(lXN9H(_FBWo6sV
z#?QvaFD<%PRQkXD$M^{1-Mu4%`8G4tA<zz9CT3nHMgs^8bdrVXmp{;Ne@r`=f%j$I
zy@!n*Xi&lf+QG!kykjRb3(L-(Kx=>CJZL8`3*W($=XUWM++scCBB1avI%T)S`NCR3
z!!G>cQ@34%_OR_05*87aJR&76bM&;LlJXf9Rjmu!7onGQbd9bXo4{_Enpxekwz0Ld
zzw7qE-NVz%+vibmNNCvO@Q9e$=W+1~FJ305rln`R&CJTqDSBUAQd;(*yrQnYp|PpC
zrS(&H&)42Q+_(OL@rlW)@6$80bMu7NHRAflCTWYj-7h8(^RL|kK7Z}lPyONr`n6-{
zPUfAg+x=qN;R$TaygOMAp4`QE&Vcon3;!X7hr0#NN2e6l?vXfUh!?!=+Qqi_@ab_$
z!gkkw>Dhm+V?qB^&;Hi2Kl(KQ;$UV1CXbmH1ObuX#>B@2?v0Rsv*Z75|8ETbpA7sj
z%fOk`K)whwX;5l}G$=hIHIPmEKi>G_Bcz#R?Ed2hY`Vame!j~uS4sbNYrd$jC6f$L
zaYED-9uvZUxyNR8{fg0pThFOo7c?o{=UoN-^)npKN9KOLK3OS%K3XYDJxijckerPY
zu68?uZ&U;?#dRC(*B$<NZ$J7?bG1EHfz+Eq8d!fYm*OvPj9kCpHXe_-<D}sKSiB$e
zL<WCFvWn2oT<qFZ+x2xUdw&q8zgnxEuck2;Nn%wljqB_-lMN!tP8v)icbdaHKGV{i
z0y;g?=sw&N4A4Uka040Ui;y#UoqeUwJS{^lHwEbao7;w6+8_agUpGlPfon`UdfK4v
zgB=Fj2Li>v9&9)H<+S$iXMS%Y@cg$Xf4k_Hw%Zr}a_{Za+XvgXVgj!IS8O1MaSRGB
z;mqfEx%Z9^yIDW>+n88TCMPP_3G&oGbHY*k0g`JzF?LKYBkw($#1>1FT`RJO+o#8y
z$Vn91SPjL-!s*(&t8vgCEw;`Jp$6K5#7vbXL{Zt}K|R7^#f1Xxn%q6ts;j=TJg1vC
zPslFJQ&;c-Ib^8_;?t`N=SnJ~jH1R)v`{Z<2ZTwmUi);;P+|89LN=-UdtT1*+*MV(
z%3QA02-!xZe<Y*-x1Cd8*$AqpaMx-0Kf0B1A=r00`W)>Pf)n=*TVh%JWc+^Qes5gY
z!Of30^f*GVKU`<ut-)mmsAW2zz#?D(uYC-gMFg%Oi>vtGjMyG=5Vk<OK7!;2_`rsd
zJEWAsd(=-ax@woB=vy9$Ik>p*zV67X_N?WOjR<MX3)S=gx1j6$l4|G6U-C73^F{~0
z4aNp;@&)fCbF4#jyD%XE%3g058o@jzutXaNHI?MPK6Pr&W0z+dIy=$%o;OeE3mG(R
z=($R1UiS}A_u8yWY^<w&OL}xU+2hQO_;Ib18?3P;*cC+L*x1y5(RFa>sHnR3_?|<h
zm2oAO2X5~39z6bt7B;ULCNT$(l8|_AJo|}$xkIrM?a*a0^N?zt=7qatPUD)rl(yrB
zdH6x+<)RHTQ6o1E!*>7qzR0*l<*Vb`0@ni#v;{yvZA=r8k{aZ=#T*?y;KBgSmdj3=
zQP?*M0zc#Hq?jLLCfrE5s0D;L4tJ-M_G-GrY?KF3sRa=h|9Xl#KLf;utly$9V#$gN
z<MWivvBO8WgW>y(YEPVEfJO~Z(n}_6u^&;GSzx+7i3Zw!h26g+){lD&&j#nmW>SH~
zam`#MN;%UB(+0Q0*sxp6Ub&f9jSr`>cr*-`*xtMZiVb9O9Y8hcv(Djmv3K&>yR>n!
zv4`Bw92IGvL>%<fA{9>Pi?$#36gu+xvefsY(%ZSHjZPB?TqDGL-M3glsdquQv*=`;
zQ}gU{LiUaMK6}rM;lU9z>~Q=Z=4`6AIp!(E1|?`Qi{)`FPCJFPoi7i)6h7GodVXsq
z8r4+u86z(i?4?_kP%&%2$4xdwz`(*9_&5uw!M}bJNsRzW|F+4l)i;$c*-vu1j+_gN
zAm4#JN~CdP!jX2v9J8Z>ic-dh_TkH-U*GrSP^PPkR<}ji8$VaWv@{iU&%Ef;7F=gN
zSvJN13EZvW?MvxBtryE#cmI>O4y@wcGN(TV|9)cct4SJ%#Q-lS^#FVBdDpJ8taYPr
zxZ0Aku~GhcO<vqmiQ^&1*oJ^R5RdE2k!p|NP7tR3*PV)E`stC~{NITXExQ7TaR%rK
zkpbH0<uq#2vu|IGX^PZz=(%2f(xzZHuDOFR`1PH<uD+zY2<hx!sK7QIX#Z_w#T_Zy
zrnL9td&?ij2Wy{TfC5{}0gU2-%_1X<YxBMIOnWYM4lGFq`|I*>&qPoO*3ykPcs`Cj
z8mK`ZN}AIZL(eck9Bw9NZzTc9ngbw9xjt8ZafQjt=S!q;-oc%|iz1kyDwRx4%mk<M
z)yGaT%hP8-43Kvqy@V{o;lQD@-)eV+AoPvkT0fB(tYKQsQVG@;fOUxd)hr4&_?Z&c
z(ShoxH)EC(uDz16y{E6Bsfyl!?nJ*?fn9x_(|Vq5DZEnlz4D}d<34$ieez{-%Z|$X
z>4Ss(b=)i1REj6Hg;bB|b6%&JO&azt!>3n0hE`Q*phea<={R@aC0~>Buj}TaAF4k1
zuU={<iU&T}kp=6&dH+P6R#o!i)a#)afSQh+8>I4;`eGtRL@tr@2U-Fm*uh_5BZ{l?
zi|ACvO_Wo~Ma0ltX)}6bYU?cZ5#4yb*Du-AK#wQ2LLw((6F_Fn{;$&QzghmoQ$NE;
z;$QtE=F`71lHc_k5Yk_H-T&7;W)Ce-{rEsa$gz?IyU$nNUNXFg>=gRgN<M+0%;GAI
zHLR|d_7ZceRkwD=ml>Q^kXg<<;ov9dc|Py%@!(cBS@7!zCM!|u%I@Rx0`sDZvuaD}
z2lq#MKlX-!4I=6=m66Z8pL^Ku`vPcGir8i?2HZI&FVL*^z9!c70_<5-fCYXG>Fq;P
zP{R$yd!85>&~mpwdc|2`k3=+=mW;?w*z}UW3PqMg>~xk2R#b62e75~&n@^?*3O}#$
zeh$v%5;TJ<3td3!lXej^o!!wFf%#dJI(yyeu+(>J<{_K(oW$fb>x==7z6?)i`+H~~
z)2ZEQgwx%Q{Y=OEu{GGu_I);VGICULvPO=U;wP7W`q?aD$U%txqg`0SUgW4c`lBcT
zE8rJEh<|5#OtP%|fCfvBHDP%P{e_KaXYG|(G4Q#QT>dIsz#r-D8h`EdW`f5C9%Cwb
zP$1wijx*m6frrPK+7QGt>QUpx7txT2selp!JU92QYIVJS&Zs5)vQO1&0wg;}ajv`N
z4K`esEK<>#s+rRZvDe_*C7WrV7&4-I`r&QXbtz(j83VNOvTr|nk+!Qza?vI(9rAWy
ziyW~OY8-;<FXzfbSy#|fsSZjP4D5NhH{`ydsow40oa>)QMusde3+SjnmDnjPA|=KA
zZu(7X#oVnq1N#1Zda=F$)SAaQdZ{5^)s09N_T}e~e@O0nlI~_}e?~%Tr}(MFO*yrV
z#PXe-di7nr!}-g*X}jqqYe|Bi5v)+26+>m~i%x1_i&=pB>xW==n-j4;-!@~I4xt)#
zAQ_&C;06TSLWs~+!tocY5cd73?<$%P5v)W^P*wrkOUXTcoS23#6My|~9?6?*Ey3dF
zb|l;z9Ys*4u@FDCNeC~=rM64))u1+bwf&AHcQ4m<y77XhAT8Z}@KChZ6aCV!Df>lk
z(b}-^dE`O3<GuJQ#Ycuz2&SsURHHM;qn!pIW6j+Qqo~)9mRY=UkLaho)EXKOUAbVt
z>G*I8ar=<|n|n);WQVS}N76^nu|9+PtmYUdNqsgjO?;bN2VnS%I)F)W(2%hAUmiGA
z8yUUOvUd=Pxv2T*-MZ8p@wYWRr07Z6(fwX;XN;>Q4@p^9iA)HGX^Yc3%N6I*B~qxX
z8M*Qyr~8p#7GG#g%1r1K*3ksOZ4}r;Sg*CPyfwF@;)+I90+l~8Z+S5YfCjq;>C{U7
zU^sVdQ;l+Ak8WYn#kJ*cNDf_Zuu&Z<Ut2diQ%L1rXxuO=6KT`Qt{fI1rsaM=L|zd_
zF%K0!crqBA0Kp$!_qlU2{p4W-=^I_=bD{#dg3t(7cy7L-G1#c|=%-q30TZo%7dEX9
z*?5g-cc6n2Jaf;MzdmTtbj_N+p^DCiW6$@lY6Qd<g&O8D8J;*N<}k^PVt}~z)g~WQ
z4SmH+ufw`_-E`TRblG+=TYOZPto~|WX74l&(lV3FU5t_f{E6AiJ211V`F$bzrgszl
zLe+A0Ol}MgiHCh7YBpsV=%n|)0H=!c;PR{V$Me-pizHerAM2E<d_#uoe^3F3KpFxL
zcKa!3mMoVeovrVwp3V<y?t+?V*43z!d<kL3c<3X{X-mxknYS@ka#cNiCLn10>gLoA
zm1cNJE$IoO*AJRiy;0_``290d;Av9Y7p_2Gwymr?F>$cArG0Zlv+l)f8k^1NV&Aft
z4r8Br(xNv88)xPV86ZO>8(yE6gt|eH8?V5*?|ao>DS|kN9EJz_v)t)|PlH*ZTv$&r
z-}RHvhsuD7tO);OHkqZEWA09=!c$JPDJdIrZ``t?$tcB-8Ko9q4at2Nn=$&30fMj4
z1x<WqbNy(k19pWp(kBK;Raa;6BOrh|f8z)RowX2tb)&Hv?QVA|2W=Il1aQ@3%FR_Q
zo=-M1HTA)`for=Zr&6hA6`p&E<;{YlAm;HTy{Y;hx8f`JO7La{X0o~3SG$T}Q5S38
z5>tO*C@NCqhEI@c1a+{W^COtg4?5=Eym6&Jrll1A$*=ed3Atxe7{e_Xa}mDIYTN(n
zV%Zwl2Pa9;Z;U3Ls#Oim(|r}9f3%;QpgSZ#ri#Alz&eg@;^roeelC`$CFSulK;p6Q
zwmNC2oSqUFmf&g>Q_`DJubAfg($#=TeN^XbuGJ4?;M7SvS@HY${ZsLhhFSTJh?MlV
z&z(?vDw54}UpgHZOHYIyUml9T?W&WNm0Hs>1q|#9Hm2J<f^^21Mr!(K=qeTlXt!<f
z&dsi+K1I3r7R-H$^xX^)NJn#u3_}I9LpY<#a-_o7AM0;eKYv*Q-LEfAmv=YXLZ@Kz
za;M+Fc0NU}(nL-@Fbo^G1u&gJr{8V*zr$WIZsO^#`i23)k=WexlEvj$^3<{yKW-dY
z<-FT<Rl&v6{2^Yxp_BQpCNn`G(VwJXt_km(;yBitj5QeYpyoznzBr4KwDbrC505A0
zX+MXYHpGmEP!!OJ83dOX15}rw$wAQQd+Mz&#JyMKPRK)!%(qbEGmA*_`udi~%|e5z
zga$15R7{4ZrAf02FgjT_zmAH@v10`#>@E5C<fhBZpD$fXIltWeg{d`txa1}*wYu{o
z1N6S8GUsuDpPp;tmE4;zV0>4hJ*o7=G})0VF??E`rXX*1RDxLJ0P=J1=*peWtWI_k
z6C5s~oC3W>>HJJ>x6-}5#auVarEWfflp`kbE#;3!yBysz;GGwH$3337uFp+x7tI?7
z!~60b1y;KT55{3nJ)|zoUpsL^#-SxY35Kq<qaVqMG?_u!Vc+9|7Ej>Pu6?y|Uz-`g
z#xPMAihDHok(4jjzQ>Qe*ge~Q_OJxuUgClsM$@ZeT~h{IRU%L!n1Aosl7L)(e$`Pm
zs4(KY$q5Y^yS#lh-}gkYWzREFW$e;-xo?D|k7f%ESUzphxKKLJ0JXtnbNnRm$J6(9
z;+J0E8*Oy1;DfBhuy{T&d6sVo=1ANMPv2CRx1hc9Q+yy&oCGy^_lyXWRp9;@h%{Ss
z<_+jbmhGw6jCHZfxv0X1`F;txYjPcfu`3ubEjWT6z-DtjH{BYX;O1O_i=#i`PFH>w
zl474}xUNjeOrgpi!Cop@a$J!cVgGO_nN`^C``J(RL!zrl5h^o2xuQrfqxr~FuX6|U
z%O9h?I>DQ*g7aTG56a129I@-Tj?kJklkKkZ#9K8c^P3*m{7lQtEYSJzo@E1Nay4zC
zWfP-_v5B)YK`AOfxZPt8kQB4W*KMF2k;c!bc<!IeUS}W7zqqWIO9^*6ey3^6`gYql
zfZSj}#y&EpPJs7d1j3vrso+P}n#r?V;$oux4=X<~GeG-|Xp>|ve}&Fqz;RjE2hUr5
z=5|c0t6vg|tn$tADO+7Z-1V|L+f#Kab#Ts1qoURxRQIqK<sntB(eAYse<w@c_6lVb
zFxX}fwn}{W600?Fx;^=M4@idWdJlM;MLAduy7K{_Jk7E4eHOra&;C28^&js5KS-cV
zjNz;J?8L?6%+2FmPJeQhyN;r9L?tKr%ih!2GjSxl_O6VMwq-b>XYz1>uxYV8M@!7Y
zJ*D<D^>PKizSuG+dfcjI+nS|?jz$~mSa+dk^x&~J@59N{uOzBsPRE>5D<5iWJ{&vL
z<FJVLI&<sRXEE~o7&liRU<NJkuz>i^G9T{41y`NS^(wo8y7DDod}6%(_L)mKO4~39
zlTR0*3U^V3-;Lfqs3>>eZ^R9=JPskY>(hh1$uO={U_G|#CB*G<R*A*{QNLY%RhQn4
zdIi=*XOs#{$dfNT>en9@pIKETt~^rbf8(XpVm_<HTi0-F#yQaxGUAju*E3L|EBn3h
z2KigUirVq!%QsVjv2oe^#{m5i{r&wr!D%FK04K?zNmj1z{ONY%BJJLyhgA$vY4tv$
z=K9=oljpftBg?ZZPo7Smsm1bYijcxSzK_iw+#2vzlBf>c8(z&spWA?hI)r1oWh?FE
z<<iS4BUIkR=~lT)Ti^8M@xgU~_XdDKM|%C(G9#-J9l$gJ<c1MRyqD;8Y(i0vjjTz7
zjO|~`aJ=o;udU<4QM%U3+2AbDRS1I$TT5geAS#Oah8{FDzf@?UeK`79OQcBJ?X&l}
zwW99(=cr0EFJm9o$m1EH2zA*VULL}ES5kL>@4<mS1|)r53td@n_bl0(1fmrDcLVrv
zj_Z!1R)P)CIQ6_I!@{1sYQ{*mlljWc$>1wm`nSaDZXM4L-%3I1r_8WoXAlxEtyk+m
z4?u5VKh9?wz0xWGDAy;&Kd8t*$R_-QRK)-6^#u+SLQnGi_{X2*Bd)2Haz3knEs_p#
zXI&?P60^>A=$?e#+gI31eL#8%et7zvLuQc<1}?*MaHbU=dJ){>3DH9A9Ui*k=`Pp!
z6?1I0(EG4kyp7c1*ab6jY1|6+3dVAtocGqeGGS;WLhWeOM=lm?*uc#b26a7U1HSL0
z+@`l}ybF^huC6n5psaz@$T~}D;Lb6Y_JsmtNIzmlxoife$wfU`O?sHK@~pZv+zCLU
z1Fp@K@cCxq!YucI8Q0TWZ|s%GPO<mm`|cnA`jmCvUuW5&xy?;6j5e%cy@jk*%+!Ac
zD@+<g@3t4`=!(7CCD-7x9%C}C^NP~ui~izK5E>!--C9cNyOc*qdLAIwmstKmV2$<e
zpXNrr63CU*X(%_Fbo$yz6ymx9^a3?a-<>f9Ezma&R=R6c2wdS=UcRsoJ&I3kORECM
zqr(vAx$pam(u4~3O<?MiPEG83IyLlgR|Z?GgIDg_LHgXf(NKW#qV?A6EXAt@g;eaA
z$o0(j98I3ok}9L|C1@RaxG64guvqB+Yu^558>1nxSt}+d@_Afevo!1qeyzz2^^gkX
z%6+T!9efPWACjoPnn@OKDo>QT%KO^lPQi<w(#%=UV0CCF2~)q3SQ9J%(ouB=+_=xv
zMC`F*34+g$orIEl=y%~jm4_qOR-6-z?kyf<KwO#E466ASbYmt&GNgART1!@@<)#mh
z!{kYla&WeD(T3`{<{ixl=>ooOhj7Qg!&bF0VOzi359#Z8JR{el*707twlg2+o8&xy
zoyk><c4~2k$%BkeR+}TSUCHc#wZo+#zrfe%w0tnW-A9PVvI1Edz*QSqA_i_?W~BO?
z3&*g3oaoM6?0*wxI8ZWYvARRL1>>EHS~><>3ww{UQmZE`hJ_KIIG)le)ALnxA9$R$
zc6d`NTQN;ruwgK^^4LFP_FRyBHDY!nnnghxSIlIyxNcQE=A7p?)_g;Ty=H*w6=xAd
zApmr-4)Aqtcf%%JhWI7jmW18aX6iz85zKi8=uPzsjba8FPbA8d*+-D0B^aO7VtRKY
z@=Wz>U-7^7e-r4xPv=9wGa~|cqUc#{;s(3x1v!Pl7WD8YbIF6#CdP&CxzPCZg3ved
zfS(LIdG247qXQ_*za$s<@9`WLvz119Ry);_rkA-6CkIE(pGiJ$Jb3idPFEqZ-FXZU
z$x;&t6Q_jAQ`Y1G+hm@nXjAZpKCQ2?>?0>QgTPn#F)=_|9Ei<n1pP?f99Br3H~a41
zJ|(k7!(oe-cMU-zyJoBcRS-s6b$w<ZAmw2S%bw2-v~OPfB~xSJ{J7=_30j|6Tw(J*
z59;X4!!mL5Qo{}f6*j1rDf-8|m)^MB4ZG$+yghB%shwK2Ko`;vgv{Q0LZ^OafEvDT
zAcUx#{=Uxk4j668hSg&RZ$i(NzZm1LoVTZ$R8Y8=f$KWR5z={VzZf>zz)Dj6n7Lkd
zeu3g_jGaZ(!c=QLbCBjrz7_+-p7{|>JkiJi1z0mc6As8691@6aC0h>>&15^U;}1y8
z^iW~!N*k7X1^mZLP5?uI?sZ^*Bq%T3pyjj0uq0&N9G;cNaS}QD5=lyg{CK4?hKgFg
z)h<4h+68z2`Jr|UP)N@hH(B^Lplk{Z5aG1H33e42z|+3TPqbY%g-NJ!guq>7KY4Gy
z*zk0{RD59tH7&ap<XKQr^jh-Dz}?O^`^<Mh9G00)7ThR)xZ6+e?Gu{MlA|2^<A%t*
z(UTp!KvIPTdOr?h-@6o()T%=RME)3a;5ptn>Txs(`K4ZnMoM6S!qa|i-AnuBot`9W
z05eiVRmRxYNOq@vE!K;6x0X=IOVJHFS34Hy)0c6x=gIq_H>nXaf6CCgBp)OtjdOF&
zugxWP6pED))%;o_4NqDG);~*saHv3F#$bSLrR7RSd4Ct&3oSwgE$66f?LIvDBAt0{
z(2`cwWpQr*mrF5PheDxR&pr|lY-Xw&%TQe$dUx0_>Hv{7s~-tW`fWkIlOU!T{ktGD
z+0NyFlU`f{6PF|joHe9xx%Z+jiiigv=N>mX?Hp0V(O079sCKz;GI@1;Lt8lFTzRzu
zOt7-vM0c5MB+}w@`4BLyf&VJ|!ySsW<K8+ZF2Mj505PfA=NJvldD<Ju)H^Q}y`q@`
zN;Rz7s9D=X-R&daG7-Nhn?VAkRuWtXM5*~p8KACQi{1yL9N4KeF9f~LW0b6TcLB)-
zkJNJ`vH^k4Ks6xR^oBc}0kYTMk{u|cxrH%6+WFr8K4D8Tz<qp8fal%^o?C*E$5hlJ
zD|?8D=tf9*h?5sT9g5^ee!Doz0A0+#)i?7HIpvApqy;-NK*YO!y#cJVlI3I(0K8{r
z?gRSH1URrOTl*9-WZEkLG!$daMgUBS#sJ}TOh1-*%2bie2?^ORe?K+iXv6QU-<Nwa
zA9#z)NZj*Likv?Ru|MF`=<4-mn)ek3s0jCMebp34>1-9d9>4>z-WEl5+l>MSD8>p*
zLjwByrrOUJaVwyAboH_o@Dvi3D1<>dEVv>zonNUq_yINrR&d8ZgK`qtdZ-7x02ns%
z30yAhIlT?BdZ~DYyaJ&|D$e)fKa6fhB<C%K)d6EwV7NVCJGQqP30gX2s?Y&_2|_#%
z8;m1>mkt6i`^18L4wx3c>endRI5{BeQ(2vNlFw$Xexy(UN3w>zsr~UP^`$`7>TIbM
z`5ZE4LW3F_K{g{EgmVcBcD1EXETg)X6zDzI-vw=6{SY<L?asZwu+;b=QSolg0TP6u
ze+|#|=0Jk~NXV&aUyIe3^Msj{jaj4_<y3v*G<rhg(5O+@vf*@xOPu@C{O(1l3j+M~
zW9J?@_b2^H_Y-4I&!$F<Z<7NcznXJ5G30GrW~YDF5Y*9rM?#D#m*CmAam2G%+|*4<
zS3BK~YIEGR9PSW2I~4;2O(B!0rtqo@YqRjZapPT~hQ4v*1=VMX`ZL6dB27g<L?t1=
zEz#y#w;9Ptsc8h|3MD|^5D^U&Z!v!*^SB(3TvLZG4+bd6?RvI956l^_PuInUA{UmB
z(FKPpkwM5+V=9naM>tTQ`g}u=b#~D&x(tK8fbc&aYWGua|5qgWeJ1{+eN6lxS>#`P
z{Gb1yWV;avh*0eWguDQzhwH8l5akD$>3Xb>8K8wcBw13n(_!TV`eRrsHA=>*uEIGK
zv1(8Si1IBpXPRh98%_`ZnXaoG!T>Ew0jiK@Qc#BfKHE?RISULtiTT6!dyvo@&w*!D
z=OS@ukVG?F0xm0{8@&oEaVF1j)1R2Fk|}vYlxm3f)_x<>3zMHzOU%hj=+C<62pbCs
zGDoKXmNg*2lLe@F+SWA&XiIecPs(;2P`39!DBD9o+43P=cB%>CikFDPe7yx2OTA;d
zANfG7Q_o}-s?9g<054gV$pGQ@V2R8IkF(|spZCov@xnY#LB=nWDD;py><SS{H3s9~
z`uQ_J=ZT}6WC;Ce&G*zAXNoI!71K=ZKw0sRV@O7tngEgTai-9~43Hp{DuV_izf>#J
z=s+$Z0#k06_FMD%Zw*@s8-67B2@HqdS<%q)^j3S@4O59V(F+nTO{_b~u%7D%a1UAj
zW7lcveQ%>9B8mW@FOT?V6hG}J#mD{6D8AtjiZ5V*FmVm>7-gp)ny&%%R#A?enp=HG
zx$;VB@40!6eP8I_1xF$}GS2iq3GVF?_2>nsz}X4#xJfZSIeqO9e04*r;^Ie^^VCE~
zFrA|yFPsTpvotXjrTpo>RGAf}97oB6M9<4EIfrSgb^Cdz%55YZY3<oD(c3c0F5djr
zy>?|QV(VCd<uTdms6uM>)vW8&>#Com^T48B7+t(a`0>nqi`^-3URHTo4`Z=*@2)4W
z3?eFRUhSnq3+6`lcP%Sw-2N_?Hzs21H1m$RTqDHKih!JmPn)Ejtrw?U;o94__suE;
zw1my|eE`nxAf*uajR|zj%t$Ot@C908ySc3Jx@Mkl;)KI|(PH5(pyt5HGyp26`+7hQ
zz){T27TGeA6abotddT_)wgty)iLHff9i@u^cwIuj_^yEg+7*CWJ*t+rA}XC)vwP`B
zv;JR+ZA|~?I{){u;lG6gewSq(YRw`=p^>Mr=;Gg%7FUOQ>qaK!jJ@WfvNfibKEEFO
z<S<2wE-LhKbPZ>~0DUx~pT^?9)UYr>$rUL24m1Jt)D9y>5#pTLOr+R@t&#QTN&DzN
z^AHjnvMKh53l#|^0?6CrRdoDDx0-Wg&EX!ZDPac#bfcT&ZO5I+gV9Q5p8~}-Q$Hk1
zV+@lNud?y>+t~~c*OjRQ{+9$c47(`dybVn67Ti8!SJg<q^g1QL^eNiq;vr|Zapamb
zrn6%#HA0$stqd@ut4a=tb&4`Q)Zs`;6#}>gyaYh$_sChBA_t-<lI;w99G**2xanu!
zv&I0aA7OyLaC#f7Dtiq+aQZZobN{YG&qne0s~Z*Xq-@=Y39e*R$J5XA5LN0Z#j=x1
z1uVILq9)Fb0fO)&M{TOWi$cI5gqw7PKH5S%FoYceC+$n1)URRM8K9CO2B@=PbhAHg
z$rG|hP^N9z(QA=wYd~ZzNE~Q>aDRj>n&hMB#a?e6et535A$D|A&yvN94|ObY(FqW_
zZ0089-Ic8)CjnHWBFOBx=8_GeB})eAa1(?K)bKDs=X^*THD!_vkjK{h__A#(;xi2$
zK)e^C#>lDBD?5Rq<Mb)<)?WmM=J1oN06zkHJzEdYN3cI-fV{HjJHGiz0}}Op`{S1)
zCfNzdfEHbEZ#nT119U;szZ}6!?*^~lDCtZGlMl-Fw=h5>;LQ2RTtBIofVEq<mEN{?
zCY`}mdO2SDW?|R6j+?Q+AW7u3RQHD6cMy$usjcJMYPqZVn~!bt3TOLRxT3>w*WE9H
zPv2&LZaujF9%KkIvb1G8Ee|H)ObAV-<j_KS=0oi6kjjV1inOidx8;elD9(hgdYuk-
z7)eN`+^!B_HWNFx?dXq&*hO%V$`4op%s84%K}<Pt=;Li?8K6UH6`BNqag9ZN0mS5Q
z$;$u5W9D)6&sO*g_Aku1st&nB{K@K>48jTE?cO~5^9$v7?m)JzjIU634+8Vmo2NR2
zm#0S2#TlS?PqFl;W*wN1v|VKoEnwED)a7lQfvEWbf+1n^hq#+Jj;<;${H_hybD8+G
zkYzwZZUp^CLAbx5!qBS+yd3DY@uOrJhc^Yj<1^I9;-bJ)tjp*TX0r}!WbFRxtKYYs
zvlpErv|Q}e3xLKW2*_D^pce5PqQsLLD-3WAx;%|#VRC>xlt3H&TXEt`u-%XBbp1Qz
zC&~0Xu1uTA%vHOE2V5@M=fKCW6NCW>j6L8=n9X!^(|F=GzWYHbmyoTuahlJNfLmb;
zco<#*=p2Q7e6lUTjC)^aw2L;DXuz9l_g};rr8Bj(7`6#P^6k8u>jp5viscWgorW4!
zUGr3QVDDv?Wz>Ppuf*Gj01skE(u7Mk<r}~|=fqXI_UZRdY<=ZtsY8vN9mzo+iwdo3
zvw_UV-Au2>m8TzUd$|QT9PUV7KlWTNesc#g6OAs-E7hO4hudn>z7SiM$T%5zu#{-D
z;iHN>ijKm-sNH7!itl@r?Ui6!)=hM<{ZRR0OnNr0^5i0`n+cVFTn^S`Hf3h>glRkY
zx-U4y_q}-i)&`~|K$xo0UB#Tn?!dwi|HM>YWnKSiB>9sX_X6Alaw2rElG*37t;F-M
zq6yp)L{mSN2@Ngihqxn&9Y*XG95T0X;=Qq!=qAM0(PU}BIL$$lT;lpKUVShrRe32a
zjctj(hXHDZ;X7&mm{rAwAJ}d7Z&qx-Cv@aAkd@*c07T|*_3i(g$9|_MXOXQp31FH#
zK(sDocrW<~EinQ1_E7_Jy$?d;i<>Fge4#(4)fE60s5v57GM2B(iD(iPPx2BTv>d75
znR0cH$$c(vC(hfrD?jnt;+%ot#6`*Sb$RM3fT7NeUIWZp8eITcuL<x||8;IE8)O__
zsqF{D6+$}bYwu$;P=^?xP(MKJDDz;F0J086vh4&6S7%KMuoeJHmBrbmEqp`IAiZ3n
zg?P^<XU;h~Kj{%N-JbnWe_ix*KF#T^XZ)RCalG&piY~Gh-iuv$4I#@pd|p_*ALE*`
zM`ylUMY59ZC&jJ@G#{ww{zLWik5ak601mK11dHI-*3k9@1bBK?(l1s!(6Kgv`D(vo
zQuYKpb*~S*u;EPO=(`f|NPis4J|x@20NJvuIjls)pMVe6yX*<QZS|5ldyCtu(L2Pa
zY_Sy>S!aE~BJd+;cfD(>yfx$0cApfzj-wtTv(i9BEOjS}3P?{d;w<2uiUTo~z-S=S
zbI$<5yCgZZSOgfQaiK4eS=I~&XzVa@9Qx<$WN$}kq*sPKYq5$Fj*&L73I`c$3$wAF
zWxb`J8u1Xw>zx%pMS&q(Pon7937`}38V$@l>`%6Cy<DDB*8aMr<^X^VI0ema+6(Md
zwEgJ%2%xkMy}8Xun`*;4+_)xMuzfvGA$&&i@XPC{5%C6G76asD4<QN^0<#QcZAD4<
z?jic5GEF>cDOp{q@3Cd4(PXw8z<ZxZJ_QdZ>eE<`A@K(xP37g1-*OXAn|N+a#{$Mx
z4@}*yPsokO@eI{TmL{sCYKSXwa8JmbDXG|DCY}0><<F=Tj4Aukc4qjhfGPDvnn9d%
z@R}+>2=l%xRs9G&WHCfCd^h0i^Z;Z0E(A-DG^2515<6?o_?$|OYHK8Th8AP@+P$~;
z87}H{JTOMI8+<Rb2+jAiBp}8MG65oCJgDjPAo~R^kpK&2fUL0<Bf}Kfu)CH;_c8b3
z<C9l=^V2HcCwWvkDR5&8fl~BG%&25OlM#7$`o-9w=&g23=Xxa5{D^vANPPS&xyb`V
z!)MeEB9KNnX6ynyJ3FAm3`IRc7`y>LfFDY4aeDpe*ir72amzz^AD_t#f3a~0=Ujk5
z*UfICxpmOM!4A!}G7qaEwAn_Xcl8+~c;kpZejR{XVME7xBfQX~2k4!4E^`CwXJ&1Z
z!d8wrubiZ7y(x$Xl1(!zSFaj+-kZ~Hu7!vor*gc~=-70+dlSx<kU-bXjDReV^=B-s
z{ingCYd}<|UhdlusP(f?e(YD%f3W$1|0G}^YQ<9iMX_?$dPp%VHJ%%oXB;44L|s@i
zE+ya#K%ms243H%d+Ub&k`y#x9={q%qrd;$UZduCL%Wp}K06g+tQW;>{r*q%_5*6E5
z_qV7R%$(#(ylswta~%L=re83?PyZ)S`3m_dDCXbCP8-?g7ny_;{~4Va0O-Wdzegwj
z#GcK!+4W!egy5i`IKdJXM0In>n~%2m>>%JOAy<*BX?p+6VeUSF)n{M1{wTQgW>QjT
z0dhP;9q_2n4*Sxn+6+*$9RRS;@kko8`wE4?%>apEqO&lkDEm13Y17GlP#gr`oeX^a
z#;F<zZy#cSCX12vx?T|a!-`EB2_U~wxR$R5w5OqqfOAo#IgDp*(&r{kBIqsM_tq~t
z`MphWZ*$4H<&tdN+Nl{g=T2z;F+K<9vJMLsFO$^BbG~|2cM+gcYoGrK*Zg;rD7ewQ
z2te*(UtpdK0Q8uh!Gr_hqW(<!r47KISpuG8S0`M_o4#BPn`+OZLbCw+yc%{1)_^Py
zqsGg*&9TxS>r!0*9I4ZVy^m&qsv!EkA|@pLQveLkcNjU>f`R2v;0>NK;EqoaDJ5Iq
z$52~hr@1M+&4I@@V!jM)<xwWX(p07I)d7AhXy|utPm-FHr^e|EAaO)=$A^JMIuNaI
zy-tAAkUG?bNK8#Vu#RL~Vyr9wAw|dtr*qK2Q)iY@Rdzs_NTT@n`~Pq6|LW$FA5GYP
zOmb^XR_S%G)G)ddI<nLiuj09EaR_t95E5FBB-tSOkY8+pIcY&tulR@VJ5hf=QbJ}v
zh8ksR6zi;2yYLrng98SQqjN%^%rOhZrTBqdLOyagy%T<*%g;D%K6ZZK`m=t^#{09$
zHq*PuAB(`NjE&pwcW}z&2WNkxfG-2HO31vi9YiKT{u-9f(LCnI(^q9X`DECs*|6tL
zS(24;lp`hdE1O%0M2QOngm0rC24ubi5SeHQDUrN*{8m_q@I|BE!>*rRzw#01Hcw^&
zPL0-&Zt!jkKrX!eFRu&cqIZlO?51jE%=6zR8#UXz3oPbN-wC<jz@2~*%)i{sG0~mK
zmnpmG57FKcL8{N&o;d0f0SN>%akK!ybxlcZ#iW#U_IEa@hL#|`_hQoXJcal!=Zx5#
zwK>eZO6djvG_dKX_A5kOwVQhI{Ttp#b_6p1lBxq(&?G?L4<QMsk@crYvGhl(5c&lm
zO?4Mr{0`d@viM(VYe(+}fKZj&_IUH7E;!-mzNXPd&<$v!NEZN3fQIoyH{yl1zWAzm
zC_t>8w~hiSF1QhLv1CKTOTQNTNVWN)-)%*IErXur1AAAvT9lVRTd~G5m-v?WjX0PI
z=B^oenyAVgN!zX=^nM!_N&hJvzuXx~XRjuV1{>-06gV!u6_QcfS}S7{whFxJjR67{
zp|%7m+O7vkYB-SR!*yHV_#|NG`ZX@8ztfQO)9jxICjajaj6?UYy*;(zy6B}LxB~u3
z8vZh@_P3BptnU-7YG*NCKRq58ksqZvjiSd+oz-|<Db9^>ptnO-p~Xn@9E2X_v&#L`
zY%<|r)#2bAc)6%BfAv#C=EafST1lC1?>X);f59cZvXbsgO}h&7WPnbYU9+F}07lDi
z?!#Yz%%7BtS2HJ|qDsVEn~i#ImX-5{Y|Hw$-mCZ1-Obh&5{a`Wu33xu<TTanl9bi<
z|Fpx3M4<8jF$0AFU2gfAOYK9*lYBSa30yBRb7iaZfZRK{{aNnUS-e!54kdYO_js1H
z&uKTR0W=h@lJ#4#o(T{8(O)8BQJSEI5eY(kVV>E1g~c`a(CL;K?^n;oo7p2i{xsOQ
zZ(rK(cV!C9<VUy6eWHkS{}>vqX8lP_Ex7@#4fNRzt+GvbP&O-gd2Fv+xaFZW<rB4Y
zagBm&9H+B&kNOnXo&N5RN}B~hcJdb;{qF$m$$tUk`E`BrzrsHR)<FMWhVZX@=)a<4
z|Etfim_aSNzgpq6z=X;tcETdPpNT8AK=Dfc{=WN-&#QOqR5Gio%1-EEBH@tYiui$r
z>&Y?`t}z#9nPr)Sb~gefjXk#+LKKOmZz1p)1ck41KGMHPb1bz6fUl6=Ni>-Qa3lRN
zB!eGXrct=C?liwggA&VZveWXx5OF7L$;DTbPXaf}ICjD^&aRqw5vWqQvYyNyyM;rt
zO|{XXS~4vXeN|KwzPEcVN_f-nq!)w%;ghyst1o_A@aB;k_4RLJ@VhuL4g8Q%11bmt
z4)v(ZrFP~xz}Q*xwB|d8<DjnoGEK*?b`5bx$WH3>Q@siBjJzTJ3=6<TzG2HVn6)!!
zW5}gdG46+MVBji84(66dCzOV7vIqjs7WFu0Kj5s|=u^IL#{(?kDuAVKLvI3$AwnRF
zsx;jCs!%C(NC4If=B#oifSWa?%DVGP!efrDl%sD?2-kkEa0dcE2(z=v*JVUJTyu6!
ztH>=oJQ50y->ZAd9xHL_^Q-II6=Q$oZGY(7Z@Jum@ps&4h&?zY%rF!o=;br2TzK61
zO{CjVCi*+BMKv-i6CwwjQvn5W>u#BE1d}cfTv#K$s#ogou}G*ajYKwAiWj6&!agh!
z=ZL0PtxDK1U3B!+Efe$rG!S4)MCch<nIA8yOF4v^#NW`Z=aR~|SEj>s$-i3H*Iley
zw!tn>c6|JCn51@!LF|(X$faZQawY6%oEB}PCI+m5Wb-?qAU5b|qn{!^cj9f~*uE5j
zd(NkA?|rtGxUXT#jW3(^CF8z{?;;e0Pg<UU+j-tT4_dp4jK6_OlV6|p72VqJgfL=T
zsq$rjUiPv@K=lA`k?Gct(D@ux{CBk!4kMUPia#C8`d(CY=d1hBP4hIrXJ}L52Mo{y
zH{ya>SDI?~)Z2oF0kiiQ!b~I)xpTHN%fV==<H89kh0CME1~eZwQssnggP3{qK=Xh*
z>q*lKmrCDX+&TpAMY+*r_cbOT>8*n0wq`pdIJ>!0L0&g-l$>e-U$!Pp?nmpwx&nI#
z`OjazCqd;@SpZv>^1^tDU$?q%-P}=G@8PoiaSP~vhavQohW=fQwS&g`kW%UWDjffr
zOOxl~Z8SiF8;FnCkY^<DWlBI+^ydloblRl*-UT2l@|8?Zrm3=xH(OZ+hm5S;u{baV
zaKhkZruTU6(3lR5qWM!3dY=O!eULW{(49LENy+O#or#~dZcMI}N@b~ghV>nQ5}XB`
zkKf83Wu%$xe#<ZXcTCv-WLue{i!n`IEjhFG4ze6U+_z=EUSkEYORR=dCq)PHSY6f$
zp`+sa<hqE`NM2e6Qa)3k71K3rM((`Q<K(QUk{a|$K>k?F>!TPyTrGspU5wS3;J-c^
za!<5b&tuC<is@A)3!Mj9IXIZ%Z(<Oc4L{BgD?_ZQ<kZR;v;jc2BphNlt2&Y~PScgs
zx>%Liv3zQ^mEQ_4ks{t4(UBUftJ`@~Gn-^jIe+6WJ16QX&yA7$sT+!I3SbklYjmqQ
z_?o>N%l9hJy|GYrKF-#|_kLLyg_~Y-Pu@*>G@;MZvG2myJLayg8%0z+5V|93PO^?v
zsl)a5P`-+xok9tDeUX&a2z=+xfG$z4tisv}yTjebJ9ioHy0nLkdWqzLR{LJuUWs4&
z#QiPYe0Z=-=fE>nbOWrjuip60lA)54q2aeOpjL?mkhH(E#2yBjz=(Ju>q@6BeXo}m
zPaaZo>{jmDb%Snf5czgV(1Y{aEFjO~Qe9PY!0NbaB<E}9<rNiM&4{#ki0;;AGqO0i
zJ6x_x<n}FAROyJc-1?0zaB@K0nAvnmwgYa(H*eGeJ`6EE;@aTLeQxm##)>`mdiILR
zCTzm$XzM*+DIjW%8i@Z;G)Lz%eNe4Yl<#`=xTN?u%A>i?4;W5QTMy6M9nF&Atw&yI
z`-^cXs;hh3=L+jy-CiVO9wR7OrC>1x-N^<w6+R@rtn*P&OdyaVG3H!%MqT7yVrg;V
zkXO+4NwC5|HeFC-uouhJjJS!3t=U6${P1P!(FMYTRSSEmJ)DDnosP4@>vw3-o(OX3
zh~4smD7(X^hoZG4Qno9D{beUli5icaRt${Vep!6mW5x#v#!Nh*D*r?Ab)B>9KO)y(
zjpcvkyn&^@V199#kiy|>7cxemXN<2Y=xD~t`C%!Ssh5>K6}+HYXxes>7yq7Xv`z5p
zXU#`gtk}~B<0pz5uV0^BTRmcE06PQ3XOIFjgqpVl9tjeS;|sR50irSo<a?U04|j9E
zw}t?0@LC!h&$Xbg{f?!}09NE*5P(5bNU{y08;^YR?8pzw;!T_+UNnAYj>K1+GmA9&
z;8Z^uN4z`uu$DC|+bHst&Z62LZ2{xmvie%M62~1=7IqbJ!;#f(e9wp1nS(T*+8F3G
z>X^RKzyc0rv2A$qSm8oxX+^PC?qqAinn5w}%NUCDBVb?=_r9#0g0zj{<3_lS$1N{6
z?zB=rVxqDzs-;Guxfr=>NUrG7BIxWz)Fgz{K|24fLxp>-Q$!hiC4EZ@lHnY*yG2EC
ztMJQ|NomrArRNop{Xk!a9qT!ko;Ng3@3j_W4AMsq1{6vil^x$F|0F=I2&6S(-p5S$
zbxZ(?%XXFACM^+ISljb2GC(V)^)w!sTFU}4hKg*#IPxzg%1)#a7MiD!ErvtL!Pf}t
z6&QLF)gW^YJXm)ES#A%adDz6X5X5jJK!_t?Kx(i=V6D+vB*xoN8keia!c0)aTLaGM
z=sv^_DS~DekWWcAdVwW!z?6|Wh<WY`I(dGs+V<sZ`rFb_EoH(LB*Nu*#Vo3#WHfw)
zqf3B>ZBW|Rj6X|v3(!dfR)5jEeFSqV>_jb>sA+*~(Hyp;l>tFDhN+eIcb-e+4c<}h
z_7%^Zz(ysX#sx>4j~t1;OZE29D=7p5U|i;q^RjJDPDd(}rYjP4-nzxdTs+q1-@0I6
z08ct9Fq>->anZ5t1E3RGK@mrnQ5mBP$^=t;lUU2)mivY0Lja$eX+@_v?wdds<}F<~
zpwnQm*eoo{^vJVY30K35(&!Z@7Kr<O6UUJD$UWNQ*!|6(x165Y4?I6gNVgN@{la1m
zx(@-e0UvWi<E<{{J6o|LHA5;KW#6}CrADkAkOi{!ww+Jp#s{;i)Fxy;+x46<_XfUe
z&J_p1<v#i|<}xnS;KuC}_=a;m$&DAU9-pO28H$`UWJ^9LHs>(2(w{bQt5*(ImpHXm
zU4|fvSgakh%Hf}{u7-BkJj8@IjDHWynrmAC)+Kxa`uOnNe?=AlVVnJ3XSWNe{#2;?
z&mJq7@(CyF2p_X!KgAyinzv)_s8J;my})%`j{A}K5H|bHea!@)egPPJa9ac^)KuJ5
zT*ovSD*5uoRE$rILkX#VQbpZ)(&6*EhZ0XLOQLwt0k1RbR-Kbe7TW&F=E39=No4p6
z9V)5gww>$lI>i<<B63_RN|-l2{^IV(X_7BqgN~|hBKmzlhTXsoHVg!tzUz6lcRY+w
ze}QPw`4y#G&ksN2<CI<@D7>ZyK2Md!r+O)WBzwe$P;@h2xz;Cjm&t8C5dUZbZIBO!
zixA$#c<0yD<|tEZ%mVY8X(h9xD9v@C%(>y1_NA}xR<b%tuXFk|j}T^R^##4Ie^%ey
zY|@i}E;f^~VWwr#@l*wkg|<rvo}Jt2z6-0f@R*QUx3Y&+>6e(Cu;243nwaZ6tcNy)
zaxy?Wc2(yodG*EN+L6(bSsR*MsnwK5?0YAS{j}crQ(dw12U~*1ybb-CD49fzH~}2&
zcW%7gRI&ZgYA5Ty5ru2C{eGEv#igz$0}NFKv3BylgBwulS`c&oZ`|p34z<0%#?B+a
zr+>>56H>F+tGS`kT))dnq71S+GV3javMAj{Wy+hs9-`=7c`$vXnct*%kiGrtlH7v@
z)8zt-@!KKng;W-Q*>Udvg6_RhNWuC12hbw}ZTIw3+*+w1j5EG7q!_|J!0yj_xwPo=
z%@;j0&YLf&?WDw27m;33A47{yyyDZno0<-I?!~3tyBF0kdxtm`zOHT9J@)?Q!@mhz
z*X$(%>uAJMyv{c-R_sCx7DcbMKJC__uO;iR5(|PN@GfWOzoDPb4W<;|OnV1=<>!z0
zCU^!Oj~~z=KMf;W*09PI`+d^PMK`b!6S*}UlH*Jb6SKv-u2|ln;?xb``4lZL9ul;P
z+t+&Uu!NCKqFCDFDf($@2efblBZH|-F;mRWiSB=W#k3zV>}HSOza6!hOAIMlkId)n
zt$K3IP~P~aE2sY`KDQ~Ju7dY3$QCiKL=0OtaFffSh>z>yO*O2T>$D{5JwK^Qul(Z~
zgBf>29H(2y!4L`h&M^xA931WtOl~}GM>U}5+3Q;5Q4E0yJ4*Ers{7~Z`v2j$Dt04*
zV2WR<-#X@)KIof!veaTfulT8h)OT3mHy$cTlN)KcL1R+X1EPN)*+O==!Iw+*Zs1<%
zI6M@lHF%rPR}P7JnWSSTg#s{YBkX{Iw*D<!mn?X#y)}EMo7&^ar@KsF5J84c1Mig7
zImdzcsxT?O2in846{~b77JSSARkgIpI(=UaHxeND<zCgPaf+P8Wt4S(-YwQ#@kRgE
zR>dYNKgoqVuu9`qoQ`7UJJETAj?qhB$=qM*f^&kaB5&0ePJIun0~U1`yjC&(2E4}i
z#9uh4!i^Za0TqKg7ln`3A3$Yr^H}wUeVKSU#k~UXcz+}2Z~}Lo{?3KAZp&FEd>it6
z#@m}J>vcE54WesLoi}W{GmZ}&uk^mBKdkqn?;3=+7+15!Oj$*aUibcGXWXkN_BaFI
zPDj4v;`L3N%13P6Cs-F;MSH(RNYAP_g`>tULd?F)(>X}w&yrM)(>ZFj$6RgkCQ?Mq
z2la=vEyzmFZ@Z;X_s3Bi$U~OGX!ItWm0+2D2+6syCyD{GdWLFa`xvhr3X8gaCwh;G
ziSSYAHSK`M3uU}>W=B%8beAPc%3?gWDvxgepkCdw_wnVoACk)SWQ(Jk%cTzEfVgMo
z6GK;%!l##{qk*BBdztXS@hHXYYf29>*Zw%hrX@<ax$T?C87h<Ftf=S5PB2_>I4z?H
zJ&`<p67}&UB*TTy();Q>A^u6Wtl-{Fmr5R&=R?fg4Scdhf%EA*#9AOrFx1P*`Eg0X
zoq3eRo}l=d&u03IT?JQ)=PUZqch&NwSJ61Tg0*wB*XnXM#_JC4T86iJJ$GNDvv<-p
z;61-hhrw@qSh&&YhOZP4qSEz=3Sn_EynG1tjKJ)G*wd;f-H2oA=*>ZEtl6APL|6-W
zG?q?I`*l|!a@EK)wo*=(-{6Wi+nLS@x2st|In6Kjjj7G=BK|4*X_bs;Iy^9M(vRQj
zMF!YCY*q73A_>wUs<9Hbo?9({J-FWc?sqZ$S!kBTGk?y2Cpc8V7YGMy<O9r-zqlZM
z<h|Bv6la@NQWz~|aFy&UVxsm<ufLsw!P^+$YAZlRNoQU{?SHyIqGevU=w0njk3+Av
zt7AdW&av+FOpUnd-;dX8MB)?t)O#>T?r(nKE*kdP3UAW?>Iix28MlgEe1du9%rj3G
zDDbOn(QZ3S<O*X28#_}yYO*ko+oXLtE~J(Y`*nPBoqh_SN5P?g3kbn#&<~81rcGja
zEDH~RMxNq+yN2o!B=aKBqx=uTiy`2JKIPplhRe{)sH(`u=kx;+n?*;e(<$HTN?WF-
zQ_K7$#x)!o2V(l|loTvlsm_s5;dL8zCc3u&;q*7<>5Gwk<<a(z8sEQ~^gU};Y{=s~
zGilh?<^y6iBU8ro>n>5n?o~8Zit1t7&`0rgz5006Mz#K!+Kkb-P@SCo$7s3lt$H-~
z1Ws4j_s8P7!Wx>@`enN7Y+I4dr#D6`((vp4Kv9R7z}%n-;8l5r*8Uy-#EPc+)hGc!
zhNyL@v@b?5(09e%5OT<2+=l|*$o_DGdd#l28STpk_H%Nk#n+s{<hDxOQ}Z9)+TZ(2
z9ZLU6&?OZ?ve;PV=#u<yyM*!~+oI6({yOK-eOPse<&}pCyJp7aLzAL(2fdM-pMeak
zF5c}MeVK2Kj+O9HdtU+YpXsZCsei3RWd5iL@e`x>uTgcz&F?E7U>`O+0C=^ijju@L
zS5NZ#mStC(2h^}2ljTw^Yd1hknrcq^2^0}r5{$p7=W@ESytd-CKyP3xMwhso`>Gc!
z6*ue+^UI*$>M~^KQ7Gwr2(O)JW|*SPF~v%eyya)KepU{R>qLnm7t=UmbWBXew;44c
zDS=zcq?+Q_vOmVVG5dxYV!y(M74a*Jl(hC-s&UulOP4*IoW9>YV|=bDAip?3aZ}K*
z#tT>Ww5)8tBT)?iYPbwgE%?t8(f_&YVB7?u@vyKe@9&>;wGJzH9sgQccC(0S)^+!-
zb+GQTbZ(~M^^Epkm%7TO(mRrQ3P13Tc4o~V<+|YdiI*F9lXV?q*7d+&O{-8(<Ity(
zj$TzL8w=PdDs!lpEUWu1u>>1_q*i;oG(2zDf8@h^g)KQ<BDrOvEU!XnLXv(@5jO++
zcwTCXoE>x7o5GKrEP&+uArY3b$V$Kd&*l?AC1<tO0n7)aZIFH~1H}D*_WbuI;FSLL
z_3f+Q)i(r6)Cv43kXt5Rf6m?h+8&?JKLo%2mE0<O-VvClp7x<EAVo@F%<4z#WG?>k
zPRcdCYjy7%-=WZx@ujvQznipAezm{3|4_NPnz!}cpi@T0Pj$Lp*|oOS8)e^KvG!%s
z>cC5LW~m;vJ?H-rm@Z88nIgT}+Vc)YZhRi&b9>2TS)*$H1cr5+y0kUVg{q!4FEd#S
zjCoOI(pS9`vofCgYHUt_>)-r4{*Z1;<FtmO27gon>YcJ5dHv=3_-^{&?GM%#`yPvW
zb}r)b-?z&%|9p&}w?pB<hwN8In)jwGy!o&G!*SEpwZJlaeZdj!FWe93PQ3h2?nlv;
z9*H-K=dUbK|9Smjly1+gc^i`xIqs@ndCAoubOxB9E@o#0-MXitB++NevG@XGW4!Hr
ze-G!YvoAz%0xl@qSMXw}1RgQ&6!>J2{UE;U7js4WBeCtv-rg2Em)d>L{O9y97Jszg
z@A~=r+xid5_g-F`r?s(T%e3SZySeP2PPEsazfh(AK>O0Fn|6vp>rZ`~Hs7u-G`Zr=
z&mv%8ue0<I`8(Uj?$-Syzcp``N5Aa2o<DDPJLivg3jajEEv@8#bN#{b59gcex9Bf2
zd}Xy!*l5FH73X*QPrU07>|K3*^<!fnr}Z6WH#15v_kzyxs65t)rHWu2s$v26q7GJP
zny$U$ZMx?~@+5Ofo+SxQT3H%5_@~+_)SdgaciVE6e>@rMbySkVZe==o@^6b~Y~NS>
z=XLzU@Hc;pb5|Z-`Qy&vr-u$czWk{6_l=Uz5{3PVbN)^JvQ+e?x7m?hb?5#w*e$C&
rWxk_<l|kcxEW=XZqA6b{tbNr1==_Yj13KR_8up`UlJYdb|NkZc-AQs_

literal 0
HcmV?d00001

diff --git a/charts/library/common-test/tests/_values/rbac_values.yaml b/charts/library/common-test/tests/_values/rbac_values.yaml
new file mode 100644
index 00000000..017cc8f4
--- /dev/null
+++ b/charts/library/common-test/tests/_values/rbac_values.yaml
@@ -0,0 +1,19 @@
+serviceAccount:
+  create: true
+
+rbac:
+  roles:
+    defaultRole:
+      type: Role
+      rules:
+        - apiGroups: [""]
+          resources: ["pods"]
+          verbs: ["get", "list"]
+
+  bindings:
+    defaultBinding:
+      type: RoleBinding
+      roleRef:
+        identifier: defaultRole
+      subjects:
+        - identifier: default
diff --git a/charts/library/common-test/tests/pod/field_serviceAccount_test.yaml b/charts/library/common-test/tests/pod/field_serviceAccount_test.yaml
index 206f50c2..aad5c8a0 100644
--- a/charts/library/common-test/tests/pod/field_serviceAccount_test.yaml
+++ b/charts/library/common-test/tests/pod/field_serviceAccount_test.yaml
@@ -69,4 +69,75 @@ tests:
       - documentIndex: *deploymentDocument
         equal:
           path: spec.template.spec.serviceAccountName
-          value: mySA
+          value: default
+
+  - it: with extraServiceAccounts default should pass
+    set:
+      serviceAccount:
+        create: false
+        name: mySA
+        extraServiceAccounts:
+          mySA2:
+            create: false
+          mySA3:
+            create: true
+    asserts:
+      - hasDocuments:
+          count: 3
+      - documentIndex: &deploymentDocument 1
+        isKind:
+          of: Deployment
+      - documentIndex: *deploymentDocument
+        equal:
+          path: spec.template.spec.serviceAccountName
+          value: default
+
+  - it: with extraServiceAccounts identifier should pass
+    set:
+      controllers:
+        main:
+          serviceAccount:
+            identifier: mySA3
+      serviceAccount:
+        create: false
+        name: mySA
+        extraServiceAccounts:
+          mySA2:
+            create: false
+          mySA3:
+            create: true
+    asserts:
+      - hasDocuments:
+          count: 3
+      - documentIndex: &deploymentDocument 1
+        isKind:
+          of: Deployment
+      - documentIndex: *deploymentDocument
+        equal:
+          path: spec.template.spec.serviceAccountName
+          value: RELEASE-NAME-mySA3
+
+  - it: with extraServiceAccounts name should pass
+    set:
+      controllers:
+        main:
+          serviceAccount:
+            name: arbitrary-SA
+      serviceAccount:
+        create: false
+        name: mySA
+        extraServiceAccounts:
+          mySA2:
+            create: false
+          mySA3:
+            create: true
+    asserts:
+      - hasDocuments:
+          count: 3
+      - documentIndex: &deploymentDocument 1
+        isKind:
+          of: Deployment
+      - documentIndex: *deploymentDocument
+        equal:
+          path: spec.template.spec.serviceAccountName
+          value: arbitrary-SA
diff --git a/charts/library/common-test/tests/rbac/metadata_test.yaml b/charts/library/common-test/tests/rbac/metadata_test.yaml
new file mode 100644
index 00000000..28e1f12f
--- /dev/null
+++ b/charts/library/common-test/tests/rbac/metadata_test.yaml
@@ -0,0 +1,60 @@
+---
+suite: rbac metadata
+
+set:
+  serviceAccount:
+    name: test-sa
+
+templates:
+  - common.yaml
+values:
+  - ../_values/rbac_values.yaml
+tests:
+  - it: default metadata should pass
+    asserts:
+      - hasDocuments:
+          count: 4
+      - documentIndex: &RoleDocument 2
+        isKind:
+          of: Role
+      - documentIndex: *RoleDocument
+        notExists:
+          path: metadata.annotations
+      - documentIndex: *RoleDocument
+        equal:
+          path: metadata.labels
+          value:
+            app.kubernetes.io/instance: RELEASE-NAME
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: RELEASE-NAME
+            helm.sh/chart: common-test-1.0.0
+
+  - it: custom metadata should pass
+    set:
+      rbac:
+        roles:
+          defaultRole:
+            annotations:
+              test_annotation: test
+            labels:
+              test_label: test
+    asserts:
+      - hasDocuments:
+          count: 4
+      - documentIndex: &RoleDocument 2
+        isKind:
+          of: Role
+      - documentIndex: *RoleDocument
+        equal:
+          path: metadata.annotations
+          value:
+            test_annotation: test
+      - documentIndex: *RoleDocument
+        equal:
+          path: metadata.labels
+          value:
+            app.kubernetes.io/instance: RELEASE-NAME
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: RELEASE-NAME
+            helm.sh/chart: common-test-1.0.0
+            test_label: test
diff --git a/charts/library/common-test/tests/rbac/names_test.yaml b/charts/library/common-test/tests/rbac/names_test.yaml
new file mode 100644
index 00000000..31a5c672
--- /dev/null
+++ b/charts/library/common-test/tests/rbac/names_test.yaml
@@ -0,0 +1,58 @@
+---
+suite: rbac names
+
+set:
+  serviceAccount:
+    name: test-sa
+
+templates:
+  - common.yaml
+values:
+  - ../_values/rbac_values.yaml
+tests:
+  - it: default role and rolebinding names should pass
+    asserts:
+      - hasDocuments:
+          count: 4
+      - documentIndex: &RoleDocument 2
+        isKind:
+          of: Role
+      - documentIndex: *RoleDocument
+        equal:
+          path: metadata.name
+          value: RELEASE-NAME-defaultRole
+
+      - documentIndex: &BindingDocument 3
+        isKind:
+          of: RoleBinding
+      - documentIndex: *BindingDocument
+        equal:
+          path: metadata.name
+          value: RELEASE-NAME-defaultBinding
+
+  - it: custom role name should pass
+    set:
+      rbac:
+        roles:
+          defaultRole:
+            forceRename: customRole
+        bindings:
+          defaultBinding:
+            forceRename: customBinding
+    asserts:
+      - hasDocuments:
+          count: 4
+      - documentIndex: &RoleDocument 2
+        isKind:
+          of: Role
+      - documentIndex: &BindingDocument 3
+        isKind:
+          of: RoleBinding
+      - documentIndex: *RoleDocument
+        equal:
+          path: metadata.name
+          value: customRole
+      - documentIndex: *BindingDocument
+        equal:
+          path: metadata.name
+          value: customBinding
diff --git a/charts/library/common-test/tests/rbac/validations_test.yaml b/charts/library/common-test/tests/rbac/validations_test.yaml
new file mode 100644
index 00000000..16575909
--- /dev/null
+++ b/charts/library/common-test/tests/rbac/validations_test.yaml
@@ -0,0 +1,44 @@
+---
+suite: rbac validations
+
+set:
+  serviceAccount:
+    name: test-sa
+
+templates:
+  - common.yaml
+values:
+  - ../_values/rbac_values.yaml
+tests:
+  - it: role type must be valid
+    set:
+      rbac:
+        roles:
+          invalidRole:
+            type: InvalidRole
+            rules: {}
+    asserts:
+      - failedTemplate:
+          errorMessage: "You selected: `InvalidRole`. Type must be one of:"
+
+  - it: role rules can't be empty
+    set:
+      rbac:
+        roles:
+          invalidRole:
+            type: Role
+            rules: []
+    asserts:
+      - failedTemplate:
+          errorMessage: "Rules can't be empty"
+
+  - it: roleBinding requires roleRef
+    set:
+      rbac:
+        bindings:
+          invalidBinding:
+            type: RoleBinding
+            roleRef: {}
+    asserts:
+      - failedTemplate:
+          errorMessage: "If not using identifier roleRef must have a `name` key"
diff --git a/charts/library/common-test/tests/rbac/values_test.yaml b/charts/library/common-test/tests/rbac/values_test.yaml
new file mode 100644
index 00000000..e6574dd3
--- /dev/null
+++ b/charts/library/common-test/tests/rbac/values_test.yaml
@@ -0,0 +1,52 @@
+---
+suite: rbac values
+
+set:
+  serviceAccount:
+    name: test-sa
+
+templates:
+  - common.yaml
+values:
+  - ../_values/rbac_values.yaml
+tests:
+  - it: default role and rolebinding should pass
+    asserts:
+      - hasDocuments:
+          count: 4
+      - documentIndex: &RoleDocument 2
+        isKind:
+          of: Role
+      - documentIndex: *RoleDocument
+        equal:
+          path: rules[0].verbs
+          value: ["get", "list"]
+
+      - documentIndex: &BindingDocument 3
+        isKind:
+          of: RoleBinding
+      - documentIndex: *BindingDocument
+        equal:
+          path: subjects[0].name
+          value: "test-sa"
+
+  - it: custom role values should pass
+    set:
+      rbac:
+        roles:
+          customRole:
+            type: ClusterRole
+            rules:
+              - apiGroups: ["*"]
+                resources: ["*"]
+                verbs: ["get", "list", "watch"]
+    asserts:
+      - hasDocuments:
+          count: 5
+      - documentIndex: &RoleDocument 2
+        isKind:
+          of: ClusterRole
+      - documentIndex: *RoleDocument
+        equal:
+          path: rules[0].verbs
+          value: ["get", "list", "watch"]
diff --git a/charts/library/common-test/tests/service/values_test.yaml b/charts/library/common-test/tests/service/values_test.yaml
index 7dea1fa9..464033d7 100644
--- a/charts/library/common-test/tests/service/values_test.yaml
+++ b/charts/library/common-test/tests/service/values_test.yaml
@@ -56,6 +56,22 @@ tests:
           path: spec.externalTrafficPolicy
           value: Local
 
+  - it: internalTrafficPolicy should pass
+    values:
+      - ../_values/service_main_default.yaml
+    set:
+      service:
+        main:
+          internalTrafficPolicy: Local
+    asserts:
+      - documentIndex: &ServiceDocument 1
+        isKind:
+          of: Service
+      - documentIndex: *ServiceDocument
+        equal:
+          path: spec.internalTrafficPolicy
+          value: Local
+
   - it: externalTrafficPolicy should pass for LoadBalancer service
     values:
       - ../_values/service_main_default.yaml
diff --git a/charts/library/common-test/tests/serviceAccount/serviceaccount_test.yaml b/charts/library/common-test/tests/serviceAccount/serviceaccount_test.yaml
index dd6bfb11..1c86a26a 100644
--- a/charts/library/common-test/tests/serviceAccount/serviceaccount_test.yaml
+++ b/charts/library/common-test/tests/serviceAccount/serviceaccount_test.yaml
@@ -51,7 +51,7 @@ tests:
         equal:
           path: secrets
           value:
-            - name: RELEASE-NAME-sa-token
+            - name: RELEASE-NAME-default-sa-token
       - documentIndex: *DeploymentDocument
         equal:
           path: spec.template.spec.serviceAccountName
@@ -87,7 +87,7 @@ tests:
         equal:
           path: secrets
           value:
-            - name: RELEASE-NAME-sa-token
+            - name: RELEASE-NAME-default-sa-token
       - documentIndex: *DeploymentDocument
         equal:
           path: spec.template.spec.serviceAccountName
@@ -97,3 +97,125 @@ tests:
           path: metadata.annotations
           value:
             kubernetes.io/service-account.name: *ServiceAccountName
+
+  - it: multiple serviceAccounts and Secrets are created when enabled
+    set:
+      serviceAccount:
+        create: true
+        name: &ServiceAccountName myAccount
+        extraServiceAccounts:
+          mySA:
+            create: true
+    asserts:
+      - hasDocuments:
+          count: 5
+      - documentIndex: &ServiceAccountDocument 0
+        isKind:
+          of: ServiceAccount
+      - documentIndex: &ServiceAccountDocument2 1
+        isKind:
+          of: ServiceAccount
+      - documentIndex: &DeploymentDocument 2
+        isKind:
+          of: Deployment
+      - documentIndex: &SecretDocument 3
+        isKind:
+          of: Secret
+      - documentIndex: &SecretDocument2 4
+        isKind:
+          of: Secret
+      - documentIndex: *ServiceAccountDocument
+        equal:
+          path: metadata.name
+          value: *ServiceAccountName
+      - documentIndex: *ServiceAccountDocument2
+        equal:
+          path: metadata.name
+          value: RELEASE-NAME-mySA
+      - documentIndex: *ServiceAccountDocument
+        equal:
+          path: secrets
+          value:
+            - name: RELEASE-NAME-default-sa-token
+      - documentIndex: *ServiceAccountDocument2
+        equal:
+          path: secrets
+          value:
+            - name: RELEASE-NAME-mySA-sa-token
+      - documentIndex: *DeploymentDocument
+        equal:
+          path: spec.template.spec.serviceAccountName
+          value: *ServiceAccountName
+      - documentIndex: *SecretDocument
+        equal:
+          path: metadata.annotations
+          value:
+            kubernetes.io/service-account.name: *ServiceAccountName
+      - documentIndex: *SecretDocument2
+        equal:
+          path: metadata.annotations
+          value:
+            kubernetes.io/service-account.name: RELEASE-NAME-mySA
+
+  - it: multiple serviceAccounts and Secrets are created with custom names
+    set:
+      serviceAccount:
+        create: true
+        name: &ServiceAccountName myAccount
+        extraServiceAccounts:
+          mySA:
+            create: true
+            name: &ServiceAccountName2 mySAcustom
+          mySA2:
+            create: false
+            name: &ServiceAccountName3 mySAcustom2
+    asserts:
+      - hasDocuments:
+          count: 5
+      - documentIndex: &ServiceAccountDocument 0
+        isKind:
+          of: ServiceAccount
+      - documentIndex: &ServiceAccountDocument2 1
+        isKind:
+          of: ServiceAccount
+      - documentIndex: &DeploymentDocument 2
+        isKind:
+          of: Deployment
+      - documentIndex: &SecretDocument 3
+        isKind:
+          of: Secret
+      - documentIndex: &SecretDocument2 4
+        isKind:
+          of: Secret
+      - documentIndex: *ServiceAccountDocument
+        equal:
+          path: metadata.name
+          value: *ServiceAccountName
+      - documentIndex: *ServiceAccountDocument2
+        equal:
+          path: metadata.name
+          value: *ServiceAccountName2
+      - documentIndex: *ServiceAccountDocument
+        equal:
+          path: secrets
+          value:
+            - name: RELEASE-NAME-default-sa-token
+      - documentIndex: *ServiceAccountDocument2
+        equal:
+          path: secrets
+          value:
+            - name: RELEASE-NAME-mySA-sa-token
+      - documentIndex: *DeploymentDocument
+        equal:
+          path: spec.template.spec.serviceAccountName
+          value: *ServiceAccountName
+      - documentIndex: *SecretDocument
+        equal:
+          path: metadata.annotations
+          value:
+            kubernetes.io/service-account.name: *ServiceAccountName
+      - documentIndex: *SecretDocument2
+        equal:
+          path: metadata.annotations
+          value:
+            kubernetes.io/service-account.name: *ServiceAccountName2
diff --git a/charts/library/common/Chart.yaml b/charts/library/common/Chart.yaml
index 5b573058..5b81f7d8 100644
--- a/charts/library/common/Chart.yaml
+++ b/charts/library/common/Chart.yaml
@@ -3,7 +3,7 @@ apiVersion: v2
 name: common
 description: Function library for Helm charts
 type: library
-version: 3.4.0
+version: 3.5.0
 kubeVersion: ">=1.22.0-0"
 keywords:
   - common
@@ -16,16 +16,13 @@ annotations:
   artifacthub.io/changes: |-
     - kind: added
       description: |-
-        Add configMapsFromFolderBasePath to create ConfigMaps from a folder
+        Add support for binary files in configMapsFromFolderBasePath
     - kind: added
       description: |-
-        Added support for setting `defaultContainerOptions`.
-      links:
-        - name: Documentation
-          url: https://bjw-s.github.io/helm-charts/docs/common-library/howto/default-container-options
+        Add support for internalTrafficPolicy field in Services
     - kind: added
       description: |-
-        Added support for `loadBalancerClass`.
-    - kind: fixed
+        Add support for multiple ServiceAccounts
+    - kind: added
       description: |-
-        Fixed volume name reference when persistence key matches release name.
+        Add support for multiple RBAC resources
diff --git a/charts/library/common/README.md b/charts/library/common/README.md
index 88c4f026..0b888675 100644
--- a/charts/library/common/README.md
+++ b/charts/library/common/README.md
@@ -1,6 +1,6 @@
 # common
 
-![Version: 3.4.0](https://img.shields.io/badge/Version-3.4.0-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square)
+![Version: 3.5.0](https://img.shields.io/badge/Version-3.5.0-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square)
 
 Function library for Helm charts
 
@@ -27,7 +27,7 @@ Include this chart as a dependency in your `Chart.yaml` e.g.
 # Chart.yaml
 dependencies:
   - name: common
-    version: 3.4.0
+    version: 3.5.0
     repository: https://bjw-s.github.io/helm-charts/
 ```
 
diff --git a/charts/library/common/schemas/configmap.json b/charts/library/common/schemas/configmap.json
index 830bebe7..bf6387e2 100644
--- a/charts/library/common/schemas/configmap.json
+++ b/charts/library/common/schemas/configmap.json
@@ -25,8 +25,17 @@
         "additionalProperties": {
           "type": "string"
         }
+      },
+      "binaryData": {
+        "type": "object",
+        "additionalProperties": {
+          "type": "string"
+        }
       }
     },
-    "required": ["data"]
+    "oneOf": [
+        {"required": ["data"]},
+        {"required": ["binaryData"]}
+    ]
   }
 }
diff --git a/charts/library/common/schemas/controllers.json b/charts/library/common/schemas/controllers.json
index a3c1f2af..6ca1fbd3 100644
--- a/charts/library/common/schemas/controllers.json
+++ b/charts/library/common/schemas/controllers.json
@@ -2,7 +2,6 @@
   "instance": {
     "type": "object",
     "additionalProperties": false,
-
     "properties": {
       "enabled": {
         "type": "boolean",
@@ -10,7 +9,13 @@
       },
       "type": {
         "type": "string",
-        "enum": ["deployment", "statefulset", "daemonset", "cronjob", "job"],
+        "enum": [
+          "deployment",
+          "statefulset",
+          "daemonset",
+          "cronjob",
+          "job"
+        ],
         "default": "deployment"
       },
       "annotations": {
@@ -26,7 +31,10 @@
         "$ref": "pod.json#/options"
       },
       "replicas": {
-        "type": ["integer", "null"],
+        "type": [
+          "integer",
+          "null"
+        ],
         "default": 1
       },
       "revisionHistoryLimit": {
@@ -54,7 +62,10 @@
       "defaultContainerOptionsStrategy": {
         "type": "string",
         "default": "overwrite",
-        "enum": ["overwrite", "merge"]
+        "enum": [
+          "overwrite",
+          "merge"
+        ]
       },
       "defaultContainerOptions": {
         "type": "object",
@@ -94,23 +105,51 @@
         "additionalProperties": {
           "$ref": "containers.json#/container"
         }
+      },
+      "serviceAccount": {
+        "type": "object",
+        "properties": {
+          "name": {
+            "type": "string"
+          },
+          "identifier": {
+            "type": "string"
+          }
+        }
       }
     },
-
     "allOf": [
       {
         "if": {
           "properties": {
-            "type": {"const": "deployment"}
+            "type": {
+              "const": "deployment"
+            }
           }
         },
         "then": {
           "not": {
             "anyOf": [
-              {"required": ["statefulset"]},
-              {"required": ["cronjob"]},
-              {"required": ["job"]},
-              {"required": ["daemonset"]}
+              {
+                "required": [
+                  "statefulset"
+                ]
+              },
+              {
+                "required": [
+                  "cronjob"
+                ]
+              },
+              {
+                "required": [
+                  "job"
+                ]
+              },
+              {
+                "required": [
+                  "daemonset"
+                ]
+              }
             ]
           }
         }
@@ -118,16 +157,32 @@
       {
         "if": {
           "properties": {
-            "type": {"const": "statefulset"}
+            "type": {
+              "const": "statefulset"
+            }
           },
-          "required": ["type"]
+          "required": [
+            "type"
+          ]
         },
         "then": {
           "not": {
             "anyOf": [
-              {"required": ["cronjob"]},
-              {"required": ["job"]},
-              {"required": ["daemonset"]}
+              {
+                "required": [
+                  "cronjob"
+                ]
+              },
+              {
+                "required": [
+                  "job"
+                ]
+              },
+              {
+                "required": [
+                  "daemonset"
+                ]
+              }
             ]
           }
         }
@@ -135,49 +190,83 @@
       {
         "if": {
           "properties": {
-            "type": {"const": "cronjob"}
+            "type": {
+              "const": "cronjob"
+            }
           },
-          "required": ["type"]
+          "required": [
+            "type"
+          ]
         },
         "then": {
           "allOf": [
             {
               "not": {
                 "anyOf": [
-                  {"required": ["statefulset"]},
-                  {"required": ["job"]},
-                  {"required": ["daemonset"]}
+                  {
+                    "required": [
+                      "statefulset"
+                    ]
+                  },
+                  {
+                    "required": [
+                      "job"
+                    ]
+                  },
+                  {
+                    "required": [
+                      "daemonset"
+                    ]
+                  }
                 ]
               }
             },
-            {"required": ["cronjob"]}
+            {
+              "required": [
+                "cronjob"
+              ]
+            }
           ]
         }
       },
       {
         "if": {
           "properties": {
-            "type": {"const": "job"}
+            "type": {
+              "const": "job"
+            }
           },
-          "required": ["type"]
+          "required": [
+            "type"
+          ]
         },
         "then": {
           "not": {
             "anyOf": [
-              {"required": ["statefulset"]},
-              {"required": ["cronjob"]},
-              {"required": ["daemonset"]}
+              {
+                "required": [
+                  "statefulset"
+                ]
+              },
+              {
+                "required": [
+                  "cronjob"
+                ]
+              },
+              {
+                "required": [
+                  "daemonset"
+                ]
+              }
             ]
           }
         }
       }
     ]
   },
-
   "statefulset": {
     "type": "object",
     "additionalProperties": false,
-
     "properties": {
       "podManagementPolicy": {
         "type": "string"
@@ -188,12 +277,18 @@
         "properties": {
           "whenDeleted": {
             "type": "string",
-            "enum": ["Delete", "Retain"],
+            "enum": [
+              "Delete",
+              "Retain"
+            ],
             "default": "Retain"
           },
           "whenScaled": {
             "type": "string",
-            "enum": ["Delete", "Retain"],
+            "enum": [
+              "Delete",
+              "Retain"
+            ],
             "default": "Retain"
           }
         }
@@ -206,11 +301,9 @@
       }
     }
   },
-
   "statefulset.volumeClaimTemplate": {
     "type": "object",
     "additionalProperties": false,
-
     "properties": {
       "enabled": {
         "type": "boolean",
@@ -225,11 +318,21 @@
           "$ref": "persistence.json#/mountPathCollection"
         }
       },
-      "annotations": {"$ref": "definitions.json#/annotations"},
-      "dataSource": {"$ref": "persistence.json#/dataSourceReference"},
-      "dataSourceRef": {"$ref": "persistence.json#/dataSourceReference"},
-      "globalMounts": {"$ref": "persistence.json#/globalMounts"},
-      "labels": {"$ref": "definitions.json#/labels"},
+      "annotations": {
+        "$ref": "definitions.json#/annotations"
+      },
+      "dataSource": {
+        "$ref": "persistence.json#/dataSourceReference"
+      },
+      "dataSourceRef": {
+        "$ref": "persistence.json#/dataSourceReference"
+      },
+      "globalMounts": {
+        "$ref": "persistence.json#/globalMounts"
+      },
+      "labels": {
+        "$ref": "definitions.json#/labels"
+      },
       "name": {
         "type": "string"
       },
@@ -240,13 +343,14 @@
         "type": "string"
       }
     },
-    "required": ["name", "size"]
+    "required": [
+      "name",
+      "size"
+    ]
   },
-
   "cronjob": {
     "type": "object",
     "additionalProperties": false,
-
     "properties": {
       "backoffLimit": {
         "type": "integer",
@@ -288,13 +392,13 @@
         "type": "integer"
       }
     },
-    "required": ["schedule"]
+    "required": [
+      "schedule"
+    ]
   },
-
   "job": {
     "type": "object",
     "additionalProperties": false,
-
     "properties": {
       "backoffLimit": {
         "type": "integer",
diff --git a/charts/library/common/schemas/service.json b/charts/library/common/schemas/service.json
index ee597177..dab114a3 100644
--- a/charts/library/common/schemas/service.json
+++ b/charts/library/common/schemas/service.json
@@ -35,6 +35,10 @@
       "loadBalancerClass": {
         "type": "string"
       },
+      "internalTrafficPolicy": {
+        "type": "string",
+        "enum": ["Cluster", "Local"]
+      },
       "externalTrafficPolicy": {
         "type": "string",
         "enum": ["Cluster", "Local"]
diff --git a/charts/library/common/schemas/serviceAccount.json b/charts/library/common/schemas/serviceAccount.json
index a11f7c6c..ec2e1344 100644
--- a/charts/library/common/schemas/serviceAccount.json
+++ b/charts/library/common/schemas/serviceAccount.json
@@ -15,6 +15,28 @@
       },
       "labels": {
         "$ref": "definitions.json#/labels"
+      },
+      "extraServiceAccounts": {
+        "type": "object",
+        "additionalProperties": {
+          "type": "object",
+          "additionalProperties": false,
+          "properties": {
+            "create": {
+              "type": "boolean",
+              "default": false
+            },
+            "name": {
+              "type": "string"
+            },
+            "annotations": {
+              "$ref": "definitions.json#/annotations"
+            },
+            "labels": {
+              "$ref": "definitions.json#/labels"
+            }
+          }
+        }
       }
     }
   }
diff --git a/charts/library/common/templates/classes/_configmap.tpl b/charts/library/common/templates/classes/_configmap.tpl
index f0ed645a..0e634fae 100644
--- a/charts/library/common/templates/classes/_configmap.tpl
+++ b/charts/library/common/templates/classes/_configmap.tpl
@@ -31,8 +31,12 @@ metadata:
     {{- printf "%s: %s" $key (tpl $value $rootContext | toYaml ) | nindent 4 }}
     {{- end }}
   {{- end }}
+{{- with $configMapObject.data }}
 data:
-  {{- with $configMapObject.data }}
     {{- tpl (toYaml .) $rootContext | nindent 2 }}
-  {{- end }}
+{{- end }}
+{{- with $configMapObject.binaryData }}
+binaryData:
+    {{- tpl (toYaml .) $rootContext | nindent 2 }}
+{{- end }}
 {{- end -}}
diff --git a/charts/library/common/templates/classes/_role.tpl b/charts/library/common/templates/classes/_role.tpl
new file mode 100644
index 00000000..0c1b9a6d
--- /dev/null
+++ b/charts/library/common/templates/classes/_role.tpl
@@ -0,0 +1,40 @@
+{{/*
+This template serves as a blueprint for generating Role objects in Kubernetes.
+*/}}
+{{- define "bjw-s.common.class.rbac.Role" -}}
+  {{- $rootContext := .rootContext -}}
+  {{- $roleObject := .object -}}
+
+  {{- $labels := merge
+    ($roleObject.labels | default dict)
+    (include "bjw-s.common.lib.metadata.allLabels" $rootContext | fromYaml)
+  -}}
+  {{- $annotations := merge
+    ($roleObject.annotations | default dict)
+    (include "bjw-s.common.lib.metadata.globalAnnotations" $rootContext | fromYaml)
+  -}}
+  {{- $rules := "" -}}
+  {{- with $roleObject.rules -}}
+    {{- $rules = (toYaml . ) | trim -}}
+  {{- end -}}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+{{ with $roleObject.type -}}
+kind: {{ . }}
+{{ end -}}
+metadata:
+  name: {{ $roleObject.name }}
+  {{- with $labels }}
+  labels: {{- toYaml . | nindent 4 -}}
+  {{- end }}
+  {{- with $annotations }}
+  annotations: {{- toYaml . | nindent 4 -}}
+  {{- end }}
+  {{ if eq $roleObject.type "Role" -}}
+  namespace: {{ $rootContext.Release.Namespace }}
+  {{- end -}}
+{{ with $rules }}
+rules: {{- tpl . $rootContext | nindent 2 }}
+{{- end }}
+
+{{- end -}}
diff --git a/charts/library/common/templates/classes/_rolebinding.tpl b/charts/library/common/templates/classes/_rolebinding.tpl
new file mode 100644
index 00000000..076658f0
--- /dev/null
+++ b/charts/library/common/templates/classes/_rolebinding.tpl
@@ -0,0 +1,68 @@
+{{/*
+This template serves as a blueprint for generating RoleBinding objects in Kubernetes.
+*/}}
+{{- define "bjw-s.common.class.rbac.roleBinding" -}}
+  {{- $rootContext := .rootContext -}}
+  {{- $roleBindingObject := .object -}}
+
+  {{- $labels := merge
+    ($roleBindingObject.labels | default dict)
+    (include "bjw-s.common.lib.metadata.allLabels" $rootContext | fromYaml)
+  -}}
+  {{- $annotations := merge
+    ($roleBindingObject.annotations | default dict)
+    (include "bjw-s.common.lib.metadata.globalAnnotations" $rootContext | fromYaml)
+  -}}
+  {{- $subjects := list -}}
+  {{- with $roleBindingObject.subjects -}}
+    {{- range $subject := . -}}
+      {{- if hasKey . "identifier" -}}
+        {{- $subject := include "bjw-s.common.lib.serviceAccount.getByIdentifier" (dict "rootContext" $rootContext "id" .identifier) | fromYaml -}}
+        {{- $subject = pick $subject "name" -}}
+        {{- $_ := set $subject "kind" "ServiceAccount" -}}
+        {{- $_ := set $subject "namespace" $rootContext.Release.Namespace -}}
+        {{- $subjects = mustAppend $subjects $subject -}}
+      {{- else -}}
+        {{- $subject := dict "name" .name "kind" .kind "namespace" .namespace -}}
+        {{- $subjects = mustAppend $subjects $subject -}}
+      {{- end -}}
+    {{- end -}}
+    {{- $subjects = $subjects | uniq | toYaml -}}
+  {{- end -}}
+
+  {{- $role := dict -}}
+  {{- with  $roleBindingObject.roleRef -}}
+    {{- if hasKey . "identifier" -}}
+      {{- $role = include "bjw-s.common.lib.rbac.role.getByIdentifier" (dict "rootContext" $rootContext "id" .identifier) | fromYaml -}}
+    {{- else -}}
+      {{- $_ := set $role "name" .name -}}
+      {{- $_ := set $role "type" .kind -}}
+    {{- end -}}
+
+  {{- end -}}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+{{ with $roleBindingObject.type -}}
+kind: {{ . }}
+{{ end -}}
+metadata:
+  name: {{ $roleBindingObject.name }}
+  {{- with $labels }}
+  labels: {{- toYaml . | nindent 4 -}}
+  {{- end }}
+  {{- with $annotations }}
+  annotations: {{- toYaml . | nindent 4 -}}
+  {{- end }}
+  {{ if eq $roleBindingObject.type "RoleBinding" -}}
+  namespace: {{ $rootContext.Release.Namespace }}
+  {{- end }}
+roleRef:
+  kind: {{ $role.type }}
+  name: {{ $role.name }}
+  apiGroup: rbac.authorization.k8s.io
+{{ with $subjects -}}
+subjects: {{- tpl . $rootContext | nindent 2 }}
+
+{{- end -}}
+
+{{- end -}}
diff --git a/charts/library/common/templates/classes/_service.tpl b/charts/library/common/templates/classes/_service.tpl
index 2b991d7f..c70db2d1 100644
--- a/charts/library/common/templates/classes/_service.tpl
+++ b/charts/library/common/templates/classes/_service.tpl
@@ -60,6 +60,9 @@ spec:
   {{- else }}
   type: {{ $svcType }}
   {{- end }}
+  {{- if $serviceObject.internalTrafficPolicy }}
+  internalTrafficPolicy: {{ $serviceObject.internalTrafficPolicy }}
+  {{- end }}
   {{- if $serviceObject.externalTrafficPolicy }}
   externalTrafficPolicy: {{ $serviceObject.externalTrafficPolicy }}
   {{- end }}
diff --git a/charts/library/common/templates/classes/_serviceAccount.tpl b/charts/library/common/templates/classes/_serviceAccount.tpl
index 068d1e18..6bfac3a7 100644
--- a/charts/library/common/templates/classes/_serviceAccount.tpl
+++ b/charts/library/common/templates/classes/_serviceAccount.tpl
@@ -32,5 +32,5 @@ metadata:
     {{- end }}
   {{- end }}
 secrets:
-  - name: {{ include "bjw-s.common.lib.chart.names.fullname" $rootContext }}-sa-token
+  - name: {{ get (include "bjw-s.common.lib.secret.getByIdentifier" (dict "rootContext" $rootContext "id" (printf "%s-sa-token" $serviceAccountObject.identifier) ) | fromYaml) "name"}}
 {{- end -}}
diff --git a/charts/library/common/templates/lib/configMap/_valuesToObject.tpl b/charts/library/common/templates/lib/common/_valuesToObject.tpl
similarity index 69%
rename from charts/library/common/templates/lib/configMap/_valuesToObject.tpl
rename to charts/library/common/templates/lib/common/_valuesToObject.tpl
index 0e9286d4..cec04530 100644
--- a/charts/library/common/templates/lib/configMap/_valuesToObject.tpl
+++ b/charts/library/common/templates/lib/common/_valuesToObject.tpl
@@ -1,15 +1,17 @@
 {{/*
-Convert configMap values to an object
+Convert values to an object
 */}}
-{{- define "bjw-s.common.lib.configMap.valuesToObject" -}}
+{{- define "bjw-s.common.lib.valuesToObject" -}}
   {{- $rootContext := .rootContext -}}
   {{- $identifier := .id -}}
   {{- $objectValues := .values -}}
 
-  {{- /* Determine and inject the configMap name */ -}}
+  {{- /* Determine and inject the name */ -}}
   {{- $objectName := (include "bjw-s.common.lib.chart.names.fullname" $rootContext) -}}
 
-  {{- if $objectValues.nameOverride -}}
+  {{- if $objectValues.forceRename -}}
+    {{- $objectName = tpl $objectValues.forceRename $rootContext -}}
+  {{- else if $objectValues.nameOverride -}}
     {{- $override := tpl $objectValues.nameOverride $rootContext -}}
     {{- if not (eq $objectName $override) -}}
       {{- $objectName = printf "%s-%s" $objectName $override -}}
@@ -19,9 +21,9 @@ Convert configMap values to an object
       {{- $objectName = printf "%s-%s" $objectName $identifier -}}
     {{- end -}}
   {{- end -}}
+
   {{- $_ := set $objectValues "name" $objectName -}}
   {{- $_ := set $objectValues "identifier" $identifier -}}
-
-  {{- /* Return the configMap object */ -}}
+  {{- /* Return the object */ -}}
   {{- $objectValues | toYaml -}}
 {{- end -}}
diff --git a/charts/library/common/templates/lib/configMap/_getByIdentifier.tpl b/charts/library/common/templates/lib/configMap/_getByIdentifier.tpl
index 87b10a3b..395a086d 100644
--- a/charts/library/common/templates/lib/configMap/_getByIdentifier.tpl
+++ b/charts/library/common/templates/lib/configMap/_getByIdentifier.tpl
@@ -7,6 +7,6 @@ Return a configMap Object by its Identifier.
 
   {{- $configMapValues := dig $identifier nil $rootContext.Values.configMaps -}}
   {{- if not (empty $configMapValues) -}}
-    {{- include "bjw-s.common.lib.configMap.valuesToObject" (dict "rootContext" $rootContext "id" $identifier "values" $configMapValues) -}}
+    {{- include "bjw-s.common.lib.valuesToObject" (dict "rootContext" $rootContext "id" $identifier "values" $configMapValues) -}}
   {{- end -}}
 {{- end -}}
diff --git a/charts/library/common/templates/lib/configMap/_validate.tpl b/charts/library/common/templates/lib/configMap/_validate.tpl
index c61c7044..0b23d490 100644
--- a/charts/library/common/templates/lib/configMap/_validate.tpl
+++ b/charts/library/common/templates/lib/configMap/_validate.tpl
@@ -4,4 +4,8 @@ Validate configMap values
 {{- define "bjw-s.common.lib.configMap.validate" -}}
   {{- $rootContext := .rootContext -}}
   {{- $configMapValues := .object -}}
+
+  {{- if and (empty (get $configMapValues "data")) (empty (get $configMapValues "binaryData")) -}}
+    {{- fail (printf "No data or binaryData specified for configMap. (configMap: %s)" $configMapValues.identifier) }}
+  {{- end -}}
 {{- end -}}
diff --git a/charts/library/common/templates/lib/pod/fields/_serviceAccountName.tpl b/charts/library/common/templates/lib/pod/fields/_serviceAccountName.tpl
index 947a1a46..ae17088b 100644
--- a/charts/library/common/templates/lib/pod/fields/_serviceAccountName.tpl
+++ b/charts/library/common/templates/lib/pod/fields/_serviceAccountName.tpl
@@ -3,9 +3,21 @@ Returns the value for serviceAccountName
 */ -}}
 {{- define "bjw-s.common.lib.pod.field.serviceAccountName" -}}
   {{- $rootContext := .ctx.rootContext -}}
+  {{- $controllerObject := .ctx.controllerObject -}}
 
-  {{- $serviceAccountValues := (mustDeepCopy $rootContext.Values.serviceAccount) -}}
-  {{- $serviceAccountObject := (include "bjw-s.common.lib.serviceAccount.valuesToObject" (dict "rootContext" $rootContext "id" "default" "values" $serviceAccountValues)) | fromYaml -}}
-  {{- $serviceAccountObject.name -}}
+  {{- $serviceAccountName := "default" -}}
+
+  {{- if (get (include "bjw-s.common.lib.serviceAccount.getByIdentifier" (dict "rootContext" $rootContext "id" "default") | fromYaml) "create") -}}
+    {{- $serviceAccountName = get (include "bjw-s.common.lib.serviceAccount.getByIdentifier" (dict "rootContext" $rootContext "id" "default") | fromYaml) "name" -}}
+  {{- end -}}
+
+  {{- with $controllerObject.serviceAccount -}}
+    {{- if hasKey . "identifier" -}}
+      {{- $serviceAccountName = get (include "bjw-s.common.lib.serviceAccount.getByIdentifier" (dict "rootContext" $rootContext "id" .identifier) | fromYaml) "name" -}}
+    {{- else if hasKey . "name" -}}
+      {{- $serviceAccountName = .name -}}
+    {{- end -}}
+  {{- end -}}
+  {{- $serviceAccountName -}}
 
 {{- end -}}
diff --git a/charts/library/common/templates/lib/rawResource/_valuesToObject.tpl b/charts/library/common/templates/lib/rawResource/_valuesToObject.tpl
deleted file mode 100644
index 52b5e36a..00000000
--- a/charts/library/common/templates/lib/rawResource/_valuesToObject.tpl
+++ /dev/null
@@ -1,27 +0,0 @@
-{{/*
-Convert raw resource values to an object
-*/}}
-{{- define "bjw-s.common.lib.rawResource.valuesToObject" -}}
-  {{- $rootContext := .rootContext -}}
-  {{- $identifier := .id -}}
-  {{- $objectValues := .values -}}
-
-  {{- /* Determine and inject the raw resource name */ -}}
-  {{- $objectName := (include "bjw-s.common.lib.chart.names.fullname" $rootContext) -}}
-
-  {{- if $objectValues.nameOverride -}}
-    {{- $override := tpl $objectValues.nameOverride $rootContext -}}
-    {{- if not (eq $objectName $override) -}}
-      {{- $objectName = printf "%s-%s" $objectName $override -}}
-    {{- end -}}
-  {{- else -}}
-    {{- if not (eq $objectName $identifier) -}}
-      {{- $objectName = printf "%s-%s" $objectName $identifier -}}
-    {{- end -}}
-  {{- end -}}
-  {{- $_ := set $objectValues "name" $objectName -}}
-  {{- $_ := set $objectValues "identifier" $identifier -}}
-
-  {{- /* Return the raw resource object */ -}}
-  {{- $objectValues | toYaml -}}
-{{- end -}}
diff --git a/charts/library/common/templates/lib/role/_getByIdentifier.tpl b/charts/library/common/templates/lib/role/_getByIdentifier.tpl
new file mode 100644
index 00000000..f1092ed1
--- /dev/null
+++ b/charts/library/common/templates/lib/role/_getByIdentifier.tpl
@@ -0,0 +1,12 @@
+{{/*
+Return a Role Object by its Identifier.
+*/}}
+{{- define "bjw-s.common.lib.rbac.role.getByIdentifier" -}}
+  {{- $rootContext := .rootContext -}}
+  {{- $identifier := .id -}}
+
+  {{- $roleValues := dig $identifier nil $rootContext.Values.rbac.roles -}}
+  {{- if not (empty $roleValues) -}}
+    {{- include "bjw-s.common.lib.valuesToObject" (dict "rootContext" $rootContext "id" $identifier "values" $roleValues) -}}
+  {{- end -}}
+{{- end -}}
diff --git a/charts/library/common/templates/lib/role/_validate.tpl b/charts/library/common/templates/lib/role/_validate.tpl
new file mode 100644
index 00000000..eae77db8
--- /dev/null
+++ b/charts/library/common/templates/lib/role/_validate.tpl
@@ -0,0 +1,18 @@
+{{/*
+Validate Role values
+*/}}
+{{- define "bjw-s.common.lib.rbac.role.validate" -}}
+  {{- $rootContext := .rootContext -}}
+  {{- $roleValues := .object -}}
+  {{- $type := required "The role needs to have an explicitly declared type" $roleValues.type -}}
+  {{- $typeList := list "Role" "ClusterRole" -}}
+  {{- $rules := $roleValues.rules -}}
+
+  {{- if not (mustHas $type $typeList) -}}
+    {{- fail (printf "You selected: `%s`. Type must be one of:\n%s\n" $type ($typeList|toYaml)) -}}
+  {{- end -}}
+  {{- if not $rules -}}
+    {{- fail "Rules can't be empty" -}}
+  {{- end -}}
+
+{{- end -}}
diff --git a/charts/library/common/templates/lib/rolebinding/_getByIdentifier.tpl b/charts/library/common/templates/lib/rolebinding/_getByIdentifier.tpl
new file mode 100644
index 00000000..e9a99d4c
--- /dev/null
+++ b/charts/library/common/templates/lib/rolebinding/_getByIdentifier.tpl
@@ -0,0 +1,12 @@
+{{/*
+Return a RoleBinding Object by its Identifier.
+*/}}
+{{- define "bjw-s.common.lib.rbac.roleBinding.getByIdentifier" -}}
+  {{- $rootContext := .rootContext -}}
+  {{- $identifier := .id -}}
+
+  {{- $roleBindingValues := dig $identifier nil $rootContext.Values.rbac.bindings -}}
+  {{- if not (empty $roleBindingValues) -}}
+    {{- include "bjw-s.common.lib.valuesToObject" (dict "rootContext" $rootContext "id" $identifier "values" $roleBindingValues) -}}
+  {{- end -}}
+{{- end -}}
diff --git a/charts/library/common/templates/lib/rolebinding/_validate.tpl b/charts/library/common/templates/lib/rolebinding/_validate.tpl
new file mode 100644
index 00000000..928bdc3f
--- /dev/null
+++ b/charts/library/common/templates/lib/rolebinding/_validate.tpl
@@ -0,0 +1,32 @@
+{{/*
+Validate RoleBinding values
+*/}}
+{{- define "bjw-s.common.lib.rbac.roleBinding.validate" -}}
+  {{- $rootContext := .rootContext -}}
+  {{- $roleBindingValues := .object -}}
+  {{- $type := required "The binding needs to have an explicitly declared type" $roleBindingValues.type -}}
+  {{- $typeList := list "RoleBinding" "ClusterRoleBinding" -}}
+  {{- $subjects := $roleBindingValues.subjects -}}
+  {{- $roleRef := required "A roleRef is required" $roleBindingValues.roleRef -}}
+
+  {{- if not (mustHas $type $typeList) -}}
+    {{- fail (printf "You selected: `%s`. Type must be one of:\n%s\n" $type ($typeList|toYaml)) -}}
+  {{- end -}}
+
+  {{- if not (hasKey $roleRef "identifier") -}}
+    {{- $name := required "If not using identifier roleRef must have a `name` key" $roleRef.name -}}
+    {{- $name := required "If not using identifier roleRef must have a `kind` key" $roleRef.kind -}}
+  {{- end -}}
+
+  {{- range $subject := $subjects -}}
+    {{- if not (hasKey . "identifier") -}}
+      {{- if not (hasKey . "name") -}}
+        {{- $name := required "If not using identifier a subject must have a `name` key" .name -}}
+      {{- else if not (hasKey . "namespace") -}}
+        {{- $namespace := required "If not using identifier a subject must have a `namespace` key" .namespace -}}
+      {{- else if not (hasKey . "kind") -}}
+        {{- $kind := required "If not using identifier a subject must have a `kind` key" .kind -}}
+      {{- end -}}
+    {{- end -}}
+  {{- end -}}
+{{- end -}}
diff --git a/charts/library/common/templates/lib/secret/_getByIdentifier.tpl b/charts/library/common/templates/lib/secret/_getByIdentifier.tpl
index ddcb4547..ae797bf5 100644
--- a/charts/library/common/templates/lib/secret/_getByIdentifier.tpl
+++ b/charts/library/common/templates/lib/secret/_getByIdentifier.tpl
@@ -7,6 +7,6 @@ Return a secret Object by its Identifier.
 
   {{- $secretValues := dig $identifier nil $rootContext.Values.secrets -}}
   {{- if not (empty $secretValues) -}}
-    {{- include "bjw-s.common.lib.secret.valuesToObject" (dict "rootContext" $rootContext "id" $identifier "values" $secretValues) -}}
+    {{- include "bjw-s.common.lib.valuesToObject" (dict "rootContext" $rootContext "id" $identifier "values" $secretValues) -}}
   {{- end -}}
 {{- end -}}
diff --git a/charts/library/common/templates/lib/secret/_valuesToObject.tpl b/charts/library/common/templates/lib/secret/_valuesToObject.tpl
deleted file mode 100644
index 4b24d2ab..00000000
--- a/charts/library/common/templates/lib/secret/_valuesToObject.tpl
+++ /dev/null
@@ -1,27 +0,0 @@
-{{/*
-Convert Secret values to an object
-*/}}
-{{- define "bjw-s.common.lib.secret.valuesToObject" -}}
-  {{- $rootContext := .rootContext -}}
-  {{- $identifier := .id -}}
-  {{- $objectValues := .values -}}
-
-  {{- /* Determine and inject the Secret name */ -}}
-  {{- $objectName := (include "bjw-s.common.lib.chart.names.fullname" $rootContext) -}}
-
-  {{- if $objectValues.nameOverride -}}
-    {{- $override := tpl $objectValues.nameOverride $rootContext -}}
-    {{- if not (eq $objectName $override) -}}
-      {{- $objectName = printf "%s-%s" $objectName $override -}}
-    {{- end -}}
-  {{- else -}}
-    {{- if not (eq $objectName $identifier) -}}
-      {{- $objectName = printf "%s-%s" $objectName $identifier -}}
-    {{- end -}}
-  {{- end -}}
-  {{- $_ := set $objectValues "name" $objectName -}}
-  {{- $_ := set $objectValues "identifier" $identifier -}}
-
-  {{- /* Return the Secret object */ -}}
-  {{- $objectValues | toYaml -}}
-{{- end -}}
diff --git a/charts/library/common/templates/lib/serviceAccount/_getByIdentifier.tpl b/charts/library/common/templates/lib/serviceAccount/_getByIdentifier.tpl
new file mode 100644
index 00000000..c187188f
--- /dev/null
+++ b/charts/library/common/templates/lib/serviceAccount/_getByIdentifier.tpl
@@ -0,0 +1,17 @@
+{{/*
+Return a ServiceAccount Object by its Identifier.
+*/}}
+{{- define "bjw-s.common.lib.serviceAccount.getByIdentifier" -}}
+  {{- $rootContext := .rootContext -}}
+  {{- $identifier := .id -}}
+  {{- if eq $identifier "default" -}}
+      {{- include "bjw-s.common.lib.serviceAccount.valuesToObject" (dict "rootContext" $rootContext "id" "default" "values" $rootContext.Values.serviceAccount) -}}
+  {{- else -}}
+    {{- $serviceAccountValues := dig "extraServiceAccounts" $identifier nil $rootContext.Values.serviceAccount -}}
+    {{- if not (empty $serviceAccountValues) -}}
+      {{- include "bjw-s.common.lib.serviceAccount.valuesToObject" (dict "rootContext" $rootContext "id" $identifier "values" $serviceAccountValues) -}}
+    {{- else -}}
+      {{- fail (printf "No ServiceAccount configured with identifier: %s" $identifier) -}}
+    {{- end -}}
+  {{- end -}}
+{{- end -}}
diff --git a/charts/library/common/templates/lib/serviceAccount/_valuesToObject.tpl b/charts/library/common/templates/lib/serviceAccount/_valuesToObject.tpl
index 9451e101..435a66b4 100644
--- a/charts/library/common/templates/lib/serviceAccount/_valuesToObject.tpl
+++ b/charts/library/common/templates/lib/serviceAccount/_valuesToObject.tpl
@@ -7,17 +7,19 @@ Convert ServiceAccount values to an object
   {{- $objectValues := .values -}}
 
   {{- /* Determine and inject the serviceAccount name */ -}}
-  {{- $serviceAccountName := "" -}}
-  {{- $defaultServiceAccountName := "default" -}}
-  {{- if $objectValues.create -}}
-    {{- $defaultServiceAccountName = (include "bjw-s.common.lib.chart.names.fullname" $rootContext) -}}
+  {{- $defaultServiceAccountName := (include "bjw-s.common.lib.chart.names.fullname" $rootContext) -}}
+
+  {{- $objectName := $defaultServiceAccountName -}}
+
+  {{- with $objectValues.name -}}
+    {{- $objectName = . -}}
+  {{- end -}}
+  {{- if and (ne $identifier "default") (not $objectValues.name) -}}
+    {{- $objectName = printf "%s-%s" $defaultServiceAccountName $identifier -}}
   {{- end -}}
 
-  {{- $serviceAccountName = default $defaultServiceAccountName $objectValues.name -}}
-
-  {{- $_ := set $objectValues "name" $serviceAccountName -}}
+  {{- $_ := set $objectValues "name" $objectName -}}
   {{- $_ := set $objectValues "identifier" $identifier -}}
-
   {{- /* Return the serviceAccount object */ -}}
   {{- $objectValues | toYaml -}}
 {{- end -}}
diff --git a/charts/library/common/templates/loader/_generate.tpl b/charts/library/common/templates/loader/_generate.tpl
index 3dc1af44..aa57c3e3 100644
--- a/charts/library/common/templates/loader/_generate.tpl
+++ b/charts/library/common/templates/loader/_generate.tpl
@@ -18,4 +18,5 @@ Secondary entrypoint and primary loader for the common chart
   {{- include "bjw-s.common.render.secrets" . | nindent 0 -}}
   {{- include "bjw-s.common.render.networkpolicies" . | nindent 0 -}}
   {{- include "bjw-s.common.render.rawResources" . | nindent 0 -}}
+  {{- include "bjw-s.common.render.rbac" . | nindent 0 -}}
 {{- end -}}
diff --git a/charts/library/common/templates/render/_configmaps.tpl b/charts/library/common/templates/render/_configmaps.tpl
index 484a3d5e..4663dddf 100644
--- a/charts/library/common/templates/render/_configmaps.tpl
+++ b/charts/library/common/templates/render/_configmaps.tpl
@@ -2,6 +2,8 @@
 Renders the configMap objects required by the chart.
 */}}
 {{- define "bjw-s.common.render.configMaps" -}}
+  {{- $rootContext := $ -}}
+
   {{- /* Generate named configMaps as required */ -}}
   {{- range $key, $configMap := .Values.configMaps }}
     {{- /* Enable configMap by default, but allow override */ -}}
@@ -14,7 +16,7 @@ Renders the configMap objects required by the chart.
       {{- $configMapValues := (mustDeepCopy $configMap) -}}
 
       {{- /* Create object from the raw configMap values */ -}}
-      {{- $configMapObject := (include "bjw-s.common.lib.configMap.valuesToObject" (dict "rootContext" $ "id" $key "values" $configMapValues)) | fromYaml -}}
+      {{- $configMapObject := (include "bjw-s.common.lib.valuesToObject" (dict "rootContext" $rootContext "id" $key "values" $configMapValues)) | fromYaml -}}
 
       {{- /* Perform validations on the configMap before rendering */ -}}
       {{- include "bjw-s.common.lib.configMap.validate" (dict "rootContext" $ "object" $configMapObject) -}}
@@ -37,21 +39,25 @@ Renders configMap objects required by the chart from a folder in the repo's path
     {{- $_ := set $topLevelFolders (dir $path) "" -}}
 {{- end -}}
 {{- $top_level_folder_list := keys $topLevelFolders | sortAlpha -}}
-
   {{/* Iterate over the top level folders */}}
   {{ range $path := $top_level_folder_list }}
     {{- $filesContentNoFormat := ($.Files.Glob (printf "%s/*" $path)) -}}
     {{- $filesContent := dict -}}
+    {{- $binaryFilesContent := dict -}}
     {{- range $file_name, $content := $filesContentNoFormat -}}
       {{- $key := base $file_name -}}
       {{- if contains ".escape" $key -}}
         {{- $key := $key | replace ".escape" "" -}}
         {{- $filesContent = merge $filesContent (dict $key (($.Files.Get $file_name) | replace "{{" "{{ `{{` }}")) -}}
+      {{- else if contains ".binary" $key -}}
+        {{- $key := $key | replace ".binary" "" -}}
+        {{- $binaryFilesContent = merge $binaryFilesContent (dict $key ($.Files.Get $file_name | b64enc ))  -}}
       {{- else -}}
         {{- $filesContent = merge $filesContent (dict $key ($.Files.Get $file_name))  -}}
       {{- end -}}
     {{- end -}}
-    {{- $configMapValues := dict "enabled" true "labels" dict "annotations" dict "data" $filesContent -}}
+
+    {{- $configMapValues := dict "enabled" true "labels" dict "annotations" dict "data" $filesContent "binaryData" $binaryFilesContent -}}
     {{- $existingConfigMaps := (get $rootValues "configMaps"| default dict) -}}
     {{- $mergedConfigMaps := deepCopy $existingConfigMaps | merge (dict (base $path) $configMapValues) -}}
     {{- $rootValues := merge $rootValues (dict "configMaps" $mergedConfigMaps) -}}
diff --git a/charts/library/common/templates/render/_controllers.tpl b/charts/library/common/templates/render/_controllers.tpl
index 0d58998f..4a294716 100644
--- a/charts/library/common/templates/render/_controllers.tpl
+++ b/charts/library/common/templates/render/_controllers.tpl
@@ -2,6 +2,8 @@
 Renders the controller objects required by the chart.
 */}}
 {{- define "bjw-s.common.render.controllers" -}}
+  {{- $rootContext := $ -}}
+
   {{- /* Generate named controller objects as required */ -}}
   {{- range $key, $controller := .Values.controllers -}}
     {{- /* Enable controller by default, but allow override */ -}}
@@ -14,31 +16,31 @@ Renders the controller objects required by the chart.
       {{- $controllerValues := $controller -}}
 
       {{- /* Create object from the raw controller values */ -}}
-      {{- $controllerObject := (include "bjw-s.common.lib.controller.valuesToObject" (dict "rootContext" $ "id" $key "values" $controllerValues)) | fromYaml -}}
+      {{- $controllerObject := (include "bjw-s.common.lib.controller.valuesToObject" (dict "rootContext" $rootContext "id" $key "values" $controllerValues)) | fromYaml -}}
 
       {{- /* Perform validations on the controller before rendering */ -}}
-      {{- include "bjw-s.common.lib.controller.validate" (dict "rootContext" $ "object" $controllerObject) -}}
+      {{- include "bjw-s.common.lib.controller.validate" (dict "rootContext" $rootContext "object" $controllerObject) -}}
 
       {{- if eq $controllerObject.type "deployment" -}}
-        {{- $deploymentObject := (include "bjw-s.common.lib.deployment.valuesToObject" (dict "rootContext" $ "id" $key "values" $controllerObject)) | fromYaml -}}
-        {{- include "bjw-s.common.lib.deployment.validate" (dict "rootContext" $ "object" $deploymentObject) -}}
-        {{- include "bjw-s.common.class.deployment" (dict "rootContext" $ "object" $deploymentObject) | nindent 0 -}}
+        {{- $deploymentObject := (include "bjw-s.common.lib.deployment.valuesToObject" (dict "rootContext" $rootContext "id" $key "values" $controllerObject)) | fromYaml -}}
+        {{- include "bjw-s.common.lib.deployment.validate" (dict "rootContext" $rootContext "object" $deploymentObject) -}}
+        {{- include "bjw-s.common.class.deployment" (dict "rootContext" $rootContext "object" $deploymentObject) | nindent 0 -}}
       {{- else if eq $controllerObject.type "cronjob" -}}
-        {{- $cronjobObject := (include "bjw-s.common.lib.cronjob.valuesToObject" (dict "rootContext" $ "id" $key "values" $controllerObject)) | fromYaml -}}
-        {{- include "bjw-s.common.lib.cronjob.validate" (dict "rootContext" $ "object" $cronjobObject) -}}
-        {{- include "bjw-s.common.class.cronjob" (dict "rootContext" $ "object" $cronjobObject) | nindent 0 -}}
+        {{- $cronjobObject := (include "bjw-s.common.lib.cronjob.valuesToObject" (dict "rootContext" $rootContext "id" $key "values" $controllerObject)) | fromYaml -}}
+        {{- include "bjw-s.common.lib.cronjob.validate" (dict "rootContext" $rootContext "object" $cronjobObject) -}}
+        {{- include "bjw-s.common.class.cronjob" (dict "rootContext" $rootContext "object" $cronjobObject) | nindent 0 -}}
       {{- else if eq $controllerObject.type "daemonset" -}}
-        {{- $daemonsetObject := (include "bjw-s.common.lib.daemonset.valuesToObject" (dict "rootContext" $ "id" $key "values" $controllerObject)) | fromYaml -}}
-        {{- include "bjw-s.common.lib.daemonset.validate" (dict "rootContext" $ "object" $daemonsetObject) -}}
-        {{- include "bjw-s.common.class.daemonset" (dict "rootContext" $ "object" $daemonsetObject) | nindent 0 -}}
+        {{- $daemonsetObject := (include "bjw-s.common.lib.daemonset.valuesToObject" (dict "rootContext" $rootContext "id" $key "values" $controllerObject)) | fromYaml -}}
+        {{- include "bjw-s.common.lib.daemonset.validate" (dict "rootContext" $rootContext "object" $daemonsetObject) -}}
+        {{- include "bjw-s.common.class.daemonset" (dict "rootContext" $rootContext "object" $daemonsetObject) | nindent 0 -}}
       {{- else if eq $controllerObject.type "statefulset"  -}}
-        {{- $statefulsetObject := (include "bjw-s.common.lib.statefulset.valuesToObject" (dict "rootContext" $ "id" $key "values" $controllerObject)) | fromYaml -}}
-        {{- include "bjw-s.common.lib.statefulset.validate" (dict "rootContext" $ "object" $statefulsetObject) -}}
-        {{- include "bjw-s.common.class.statefulset" (dict "rootContext" $ "object" $statefulsetObject) | nindent 0 -}}
+        {{- $statefulsetObject := (include "bjw-s.common.lib.statefulset.valuesToObject" (dict "rootContext" $rootContext "id" $key "values" $controllerObject)) | fromYaml -}}
+        {{- include "bjw-s.common.lib.statefulset.validate" (dict "rootContext" $rootContext "object" $statefulsetObject) -}}
+        {{- include "bjw-s.common.class.statefulset" (dict "rootContext" $rootContext "object" $statefulsetObject) | nindent 0 -}}
       {{- else if eq $controllerObject.type "job"  -}}
-        {{- $jobObject := (include "bjw-s.common.lib.job.valuesToObject" (dict "rootContext" $ "id" $key "values" $controllerObject)) | fromYaml -}}
-        {{- include "bjw-s.common.lib.job.validate" (dict "rootContext" $ "object" $jobObject) -}}
-        {{- include "bjw-s.common.class.job" (dict "rootContext" $ "object" $jobObject) | nindent 0 -}}
+        {{- $jobObject := (include "bjw-s.common.lib.job.valuesToObject" (dict "rootContext" $rootContext "id" $key "values" $controllerObject)) | fromYaml -}}
+        {{- include "bjw-s.common.lib.job.validate" (dict "rootContext" $rootContext "object" $jobObject) -}}
+        {{- include "bjw-s.common.class.job" (dict "rootContext" $rootContext "object" $jobObject) | nindent 0 -}}
       {{- end -}}
     {{- end -}}
   {{- end -}}
diff --git a/charts/library/common/templates/render/_rawResources.tpl b/charts/library/common/templates/render/_rawResources.tpl
index f3e3a12c..7137bc1c 100644
--- a/charts/library/common/templates/render/_rawResources.tpl
+++ b/charts/library/common/templates/render/_rawResources.tpl
@@ -2,7 +2,9 @@
 Renders other arbirtrary objects required by the chart.
 */}}
 {{- define "bjw-s.common.render.rawResources" -}}
-  {{- /* Generate pvc as required */ -}}
+  {{- $rootContext := $ -}}
+
+  {{- /* Generate raw resources as required */ -}}
   {{- range $key, $resource := .Values.rawResources -}}
     {{- /* Enable by default, but allow override */ -}}
     {{- $resourceEnabled := true -}}
@@ -14,7 +16,7 @@ Renders other arbirtrary objects required by the chart.
       {{- $resourceValues := (mustDeepCopy $resource) -}}
 
       {{- /* Create object from the raw resource values */ -}}
-      {{- $resourceObject := (include "bjw-s.common.lib.rawResource.valuesToObject" (dict "rootContext" $ "id" $key "values" $resourceValues)) | fromYaml -}}
+      {{- $resourceObject := (include "bjw-s.common.lib.valuesToObject" (dict "rootContext" $rootContext "id" $key "values" $resourceValues)) | fromYaml -}}
 
       {{- /* Perform validations on the resource before rendering */ -}}
       {{- include "bjw-s.common.lib.rawResource.validate" (dict "rootContext" $ "object" $resourceValues) -}}
diff --git a/charts/library/common/templates/render/_rbac.tpl b/charts/library/common/templates/render/_rbac.tpl
new file mode 100644
index 00000000..b4cfdb38
--- /dev/null
+++ b/charts/library/common/templates/render/_rbac.tpl
@@ -0,0 +1,67 @@
+{{/*
+Renders RBAC objects required by the chart.
+*/}}
+{{- define "bjw-s.common.render.rbac" -}}
+  {{- $rootContext := . -}}
+  {{- include "bjw-s.common.render.rbac.roles" (dict "rootContext" $rootContext) -}}
+
+  {{- include "bjw-s.common.render.rbac.roleBindings" (dict "rootContext" $rootContext) -}}
+
+{{ end }}
+
+{{/*
+Renders RBAC Role objects required by the chart.
+*/}}
+{{- define "bjw-s.common.render.rbac.roles" -}}
+  {{- $rootContext := .rootContext -}}
+  {{- /* Generate named Roles as required */ -}}
+  {{- range $key, $role := $rootContext.Values.rbac.roles }}
+    {{- /* Enable role by default, but allow override */ -}}
+    {{- $roleEnabled := true -}}
+    {{- if hasKey $role "enabled" -}}
+      {{- $roleEnabled = $role.enabled -}}
+    {{- end -}}
+
+    {{- if $roleEnabled -}}
+      {{- $roleValues := (mustDeepCopy $role) -}}
+
+      {{- /* Create object from the raw role values */ -}}
+      {{- $roleObject := (include "bjw-s.common.lib.valuesToObject" (dict "rootContext" $rootContext "id" $key "values" $roleValues)) | fromYaml -}}
+
+      {{- /* Perform validations on the role before rendering */ -}}
+      {{- include "bjw-s.common.lib.rbac.role.validate" (dict "rootContext" $rootContext "object" $roleObject) -}}
+
+      {{/* Include the role class */}}
+      {{- include "bjw-s.common.class.rbac.Role" (dict "rootContext" $rootContext "object" $roleObject) | nindent 0 -}}
+
+    {{- end -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Renders RBAC RoleBinding objects required by the chart.
+*/}}
+{{- define "bjw-s.common.render.rbac.roleBindings" -}}
+  {{- $rootContext := .rootContext -}}
+  {{- range $key, $roleBinding := $rootContext.Values.rbac.bindings }}
+    {{- /* Enable RoleBinding by default, but allow override */ -}}
+    {{- $roleBindingEnabled := true -}}
+    {{- if hasKey $roleBinding "enabled" -}}
+      {{- $roleBindingEnabled = $roleBinding.enabled -}}
+    {{- end -}}
+
+    {{- if $roleBindingEnabled -}}
+      {{- $roleBindingValues := (mustDeepCopy $roleBinding) -}}
+
+      {{- /* Create object from the raw RoleBinding values */ -}}
+      {{- $roleBindingObject := (include "bjw-s.common.lib.valuesToObject" (dict "rootContext" $rootContext "id" $key "values" $roleBindingValues)) | fromYaml -}}
+
+      {{- /* Perform validations on the RoleBinding before rendering */ -}}
+      {{- include "bjw-s.common.lib.rbac.roleBinding.validate" (dict "rootContext" $rootContext "object" $roleBindingObject) -}}
+
+      {{/* Include the RoleBinding class */}}
+      {{- include "bjw-s.common.class.rbac.roleBinding" (dict "rootContext" $rootContext "object" $roleBindingObject) | nindent 0 -}}
+
+    {{- end -}}
+  {{- end -}}
+{{- end -}}
diff --git a/charts/library/common/templates/render/_secrets.tpl b/charts/library/common/templates/render/_secrets.tpl
index feaaed2d..63e79f21 100644
--- a/charts/library/common/templates/render/_secrets.tpl
+++ b/charts/library/common/templates/render/_secrets.tpl
@@ -2,6 +2,8 @@
 Renders the Secret objects required by the chart.
 */}}
 {{- define "bjw-s.common.render.secrets" -}}
+  {{- $rootContext := $ -}}
+
   {{- /* Generate named Secrets as required */ -}}
   {{- range $key, $secret := .Values.secrets }}
     {{- /* Enable Secret by default, but allow override */ -}}
@@ -14,7 +16,7 @@ Renders the Secret objects required by the chart.
       {{- $secretValues := (mustDeepCopy $secret) -}}
 
       {{- /* Create object from the raw Secret values */ -}}
-      {{- $secretObject := (include "bjw-s.common.lib.secret.valuesToObject" (dict "rootContext" $ "id" $key "values" $secretValues)) | fromYaml -}}
+      {{- $secretObject := (include "bjw-s.common.lib.valuesToObject" (dict "rootContext" $rootContext "id" $key "values" $secretValues)) | fromYaml -}}
 
       {{- /* Perform validations on the Secret before rendering */ -}}
       {{- include "bjw-s.common.lib.secret.validate" (dict "rootContext" $ "object" $secretObject) -}}
diff --git a/charts/library/common/templates/render/_serviceaccount.tpl b/charts/library/common/templates/render/_serviceaccount.tpl
index ad6f49a6..a60e85fd 100644
--- a/charts/library/common/templates/render/_serviceaccount.tpl
+++ b/charts/library/common/templates/render/_serviceaccount.tpl
@@ -11,10 +11,39 @@ Renders the serviceAccount object required by the chart.
     {{- /* Perform validations on the ServiceAccount before rendering */ -}}
     {{- include "bjw-s.common.lib.serviceAccount.validate" (dict "rootContext" $ "object" $serviceAccountObject) -}}
 
+    {{- /* Create a service account secret */ -}}
+    {{- $_ := set .Values.secrets (printf "%s-sa-token" $serviceAccountObject.identifier) (dict "enabled" true "annotations" (dict "kubernetes.io/service-account.name" $serviceAccountObject.name) "type" "kubernetes.io/service-account-token") -}}
+
     {{/* Include the serviceAccount class */}}
     {{- include "bjw-s.common.class.serviceAccount" (dict "rootContext" $ "object" $serviceAccountObject) | nindent 0 -}}
 
-    {{- /* Create a service account secret */ -}}
-    {{- $_ := set .Values.secrets "sa-token" (dict "enabled" true "annotations" (dict "kubernetes.io/service-account.name" $serviceAccountObject.name) "type" "kubernetes.io/service-account-token") -}}
   {{- end -}}
+
+  {{- /* Generate named serviceAccount objects as required */ -}}
+  {{- with .Values.serviceAccount.extraServiceAccounts -}}
+    {{- range $key, $serviceAccount := . -}}
+      {{- $serviceAccountEnabled := true -}}
+      {{- if hasKey $serviceAccount "create" -}}
+        {{- $serviceAccountEnabled = $serviceAccount.create -}}
+      {{- end -}}
+
+      {{- if $serviceAccountEnabled -}}
+        {{- $serviceAccountValues := $serviceAccount -}}
+
+        {{- /* Create object from the raw ServiceAccount values */ -}}
+        {{- $serviceAccountObject := (include "bjw-s.common.lib.serviceAccount.valuesToObject" (dict "rootContext" $ "id" $key "values" $serviceAccountValues)) | fromYaml -}}
+
+        {{- /* Perform validations on the ServiceAccount before rendering */ -}}
+        {{- include "bjw-s.common.lib.serviceAccount.validate" (dict "rootContext" $ "object" $serviceAccountObject) -}}
+
+        {{- /* Create a service account secret */ -}}
+        {{- $_ := set $.Values.secrets (printf "%s-sa-token" $serviceAccountObject.identifier) (dict "enabled" true "annotations" (dict "kubernetes.io/service-account.name" $serviceAccountObject.name) "type" "kubernetes.io/service-account-token") -}}
+
+        {{/* Include the serviceAccount class */}}
+        {{- include "bjw-s.common.class.serviceAccount" (dict "rootContext" $ "object" $serviceAccountObject) | nindent 0 -}}
+
+      {{- end -}}
+    {{- end -}}
+  {{- end -}}
+
 {{- end -}}
diff --git a/charts/library/common/values.schema.json b/charts/library/common/values.schema.json
index 0865edc1..4f0ddd90 100644
--- a/charts/library/common/values.schema.json
+++ b/charts/library/common/values.schema.json
@@ -1,7 +1,6 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema",
-  "$id": "https://raw.githubusercontent.com/bjw-s/helm-charts/common-3.4.0/charts/library/common/values.schema.json",
-
+  "$id": "https://raw.githubusercontent.com/bjw-s/helm-charts/common-3.5.0/charts/library/common/values.schema.json",
   "type": "object",
   "properties": {
     "global": {
@@ -11,10 +10,16 @@
           "$ref": "schemas/definitions.json#/annotations"
         },
         "nameOverride": {
-          "type": ["string", "null"]
+          "type": [
+            "string",
+            "null"
+          ]
         },
         "fullnameOverride": {
-          "type": ["string", "null"]
+          "type": [
+            "string",
+            "null"
+          ]
         },
         "labels": {
           "$ref": "schemas/definitions.json#/labels"
diff --git a/charts/library/common/values.yaml b/charts/library/common/values.yaml
index 82207be3..0679e141 100644
--- a/charts/library/common/values.yaml
+++ b/charts/library/common/values.yaml
@@ -116,6 +116,14 @@ controllers: {}
 #     # -- ReplicaSet revision history limit
 #     revisionHistoryLimit: 3
 
+#     # -- Set the controller service account name
+#     # This is entirely optional, if empty or `null` the controller will use the default service account
+#     serviceAccount:
+#       # -- Only use one of `name` or `identifier`. In case both are specified it will prioritize `identifier`.
+#       # -- Reference a service account identifier from this values.yaml
+#       identifier:
+#       # -- Explicitly set the service account name
+#       name:
 #     # -- CronJob configuration. Required only when using `controller.type: cronjob`.
 #     # @default -- See below
 #     cronjob:
@@ -393,6 +401,7 @@ controllers: {}
 
 serviceAccount:
   # -- Specifies whether a service account should be created
+  # The identifier for this ServiceAccount will be `default`
   create: false
 
   # -- Annotations to add to the service account
@@ -405,6 +414,19 @@ serviceAccount:
   # If not set and create is true, a name is generated using the fullname template
   name: ""
 
+  # -- Additional Service Accounts to create
+  # Each extra service account admit the same keys as the main service account
+  extraServiceAccounts: {}
+  #   serviceAccount2:
+  #     create: true
+  #     annotations:
+  #       test: test
+  #   serviceAccount3:
+  #     create: true
+  #     name: custom-service-account
+  #     labels:
+  #       test: test
+
 # -- Use this to populate secrets with the values you specify.
 # Be aware that these values are not encrypted by default, and could therefore visible
 # to anybody with access to the values.yaml file.
@@ -450,6 +472,8 @@ configMaps:
 # This will generate a ConfigMap named `configmap1` with keys `file1` and `file2`, values being the respective contents of those files.
 # If your file contains `gotpl` syntax that you don't want templated by Helm, prefix the file extension with `.escape` and it will be treated as a regular string.
 # For example, `file1.escape.yaml` will be converted to `file1.yaml` in the ConfigMap with the contents of the file not templated.
+# If your file is a binary file like an image, prefix the file extension with `.binary`
+# For example, `file1.binary.png` will be converted to `file1.png` in the ConfigMap under binaryData with the contents of the file base64 encoded.
 configMapsFromFolderBasePath: null
 
 # -- Configure the services for the chart here.
@@ -475,6 +499,10 @@ service:
   #   # -- Set the service type
   #   type: ClusterIP
 
+  #   # -- Specify the internalTrafficPolicy for the service. Options: Cluster, Local
+  #   # -- [[ref](https://kubernetes.io/docs/concepts/services-networking/service-traffic-policy/)]
+  #   internalTrafficPolicy:
+
   #   # -- Specify the externalTrafficPolicy for the service. Options: Cluster, Local
   #   # -- [[ref](https://kubernetes.io/docs/tutorials/services/source-ip/)]
   #   externalTrafficPolicy:
@@ -768,7 +796,8 @@ networkpolicies:
 
 # -- Configure any unsupported raw resources here.
 # @default -- See below
-rawResources: {}
+rawResources:
+  {}
   # example:
   #   # -- Enables or disables the resource. Defaults to true
   #   enabled: false
@@ -784,3 +813,38 @@ rawResources: {}
   #   labels: {}
   #   # -- Configure the contents of the resource that is to be rendered.
   #   spec:
+
+# -- Configure the Roles and Role Bindings for the chart here.
+rbac:
+  {}
+  # roles:
+  #   role1:
+  #     # -- Force replace the name of the object.
+  #     forceRename: <force name>
+  #     # -- Enables or disables the Role. Can be templated.
+  #     enabled: true
+  #     # -- Set to Role,ClusterRole
+  #     type: Role
+  #     rules:
+  #       - apiGroups: ["*"]
+  #         resources: ["*"]
+  #         verbs: ["get", "list", "watch"]
+  # bindings:
+  #   binding1:
+  #     # -- Force replace the name of the object.
+  #     forceRename: <force name>
+  #     # -- Enables or disables the Role. Can be templated.
+  #     enabled: true
+  #     # -- Set to RoleBinding,ClusterRoleBinding
+  #     type: RoleBinding
+  #     # -- Can be an identifier of rbac.roles or a custom name and kind
+  #     roleRef:
+  #       name: test-role
+  #       kind: Role
+  #       identifier: test
+  #     # -- If using an identifier it will be automatically filled, otherwise every key will need to be explicitly declared
+  #     subjects:
+  #       - identifier: default
+  #       - kind: ServiceAccount
+  #         name: test
+  #         namespace: "{{ .Release.Namespace }}"