Skip to content

helm: Add serviceAccountName to pre-deploy jobs#48530

Merged
webvictim merged 3 commits intomasterfrom
gus/helm/predeploy-serviceaccounts
Nov 6, 2024
Merged

helm: Add serviceAccountName to pre-deploy jobs#48530
webvictim merged 3 commits intomasterfrom
gus/helm/predeploy-serviceaccounts

Conversation

@webvictim
Copy link
Copy Markdown
Contributor

@webvictim webvictim commented Nov 6, 2024
edited
Loading

Fixes #48477

Note that the service account name used for the proxy will automatically have -proxy appended to it, as in all other existing cases where the serviceAccount.name value is used.

changelog: The teleport-cluster Helm chart now uses the configured serviceAccount.name from chart values for its pre-deploy configuration check Jobs.

@webvictim webvictim added helm backport/branch/v14 no-changelog Indicates that a PR does not require a changelog entry backport/branch/v17 labels Nov 6, 2024
@webvictim webvictim self-assigned this Nov 6, 2024
hugoShaka
hugoShaka requested changes Nov 6, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@hugoShaka hugoShaka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This won't work because SA is not deployed yet during hooks

@webvictim webvictim force-pushed the gus/helm/predeploy-serviceaccounts branch from 27993ad to 0672e22 Compare November 6, 2024 18:59
@webvictim webvictim force-pushed the gus/helm/predeploy-serviceaccounts branch from 0672e22 to 5456609 Compare November 6, 2024 19:01
@webvictim
Copy link
Copy Markdown
Contributor Author

webvictim commented Nov 6, 2024

@hugoShaka Made a copy of the serviceAccount resources which are hooked on pre-install so that they exist when the pre-deploy jobs run. They are then deleted after execution, and the regular serviceAccount objects are created. This seems to be the nicest way to make sure that we don't leave dangling SAs around after the chart is uninstalled, but also support the requested functionality.

@webvictim webvictim requested a review from hugoShaka November 6, 2024 19:03
@webvictim webvictim added this pull request to the merge queue Nov 6, 2024
Merged via the queue into master with commit 6ac6025 Nov 6, 2024
@webvictim webvictim deleted the gus/helm/predeploy-serviceaccounts branch November 6, 2024 21:38
@public-teleport-github-review-bot
Copy link
Copy Markdown

public-teleport-github-review-bot Bot commented Nov 6, 2024

@webvictim See the table below for backport results.

Branch Result
branch/v14 Create PR
branch/v15 Create PR
branch/v16 Create PR
branch/v17 Create PR

@webvictim webvictim removed the no-changelog Indicates that a PR does not require a changelog entry label Nov 7, 2024
This was referenced Nov 7, 2024
Merged
Merged
Merged
Merged
@hugoShaka hugoShaka mentioned this pull request Nov 14, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tigrato tigrato tigrato approved these changes

@hugoShaka hugoShaka hugoShaka approved these changes

Assignees

@webvictim webvictim

Labels

backport/branch/v17 helm size/sm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Use non-default service account for pre-hook Jobs

3 participants

@webvictim @tigrato @hugoShaka