From b0b287d134085f26500d6e1d4365ee3b8fe09041 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Tue, 21 May 2024 08:18:43 +0000 Subject: [PATCH] fix #162 --- .github/workflows/ci.yml | 2 +- templates/serviceaccount.yaml | 13 +++++++++++++ templates/statefulset.yaml | 7 +++---- values.yaml | 15 ++++++++++++--- 4 files changed, 29 insertions(+), 8 deletions(-) create mode 100644 templates/serviceaccount.yaml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fa6ef62..055ee23 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,7 +22,7 @@ jobs: run: | curl -Lo /tmp/kind https://kind.sigs.k8s.io/dl/v0.23.0/kind-linux-amd64 chmod +x /tmp/kind - /tmp/kind create cluster --config=$GITHUB_WORKSPACE/.bin/kind-conf.yml --image=kindest/node:v1.30.0@sha256:047357ac0cfea04663786a612ba1eaba9702bef25227a794b52890dd8bcd692e + /tmp/kind create cluster --config=$GITHUB_WORKSPACE/.bin/kind-conf.yml --image=kindest/node:v1.29.4@sha256:3abb816a5b1061fb15c6e9e60856ec40d56b7b52bcea5f5f1350bc6e2320b6f8 kubectl apply -f https://projectcontour.io/quickstart/contour.yaml kubectl patch daemonsets -n projectcontour envoy -p '{"spec":{"template":{"spec":{"nodeSelector":{"ingress-ready":"true"}}}}}' - name: setup chaos mesh diff --git a/templates/serviceaccount.yaml b/templates/serviceaccount.yaml new file mode 100644 index 0000000..b545361 --- /dev/null +++ b/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "openldap.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end -}} diff --git a/templates/statefulset.yaml b/templates/statefulset.yaml index f30f536..0822c02 100644 --- a/templates/statefulset.yaml +++ b/templates/statefulset.yaml @@ -142,9 +142,8 @@ spec: - mountPath: /bitnami name: data {{- end }} - {{- /* - serviceAccountName: {{ template "openldap.serviceAccountName" . }} -*/ -}} + + serviceAccountName: {{ template "openldap.serviceAccountName" . }} {{- include "openldap.imagePullSecrets" . | nindent 6 }} {{- if .Values.hostAliases }} hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} @@ -363,4 +362,4 @@ spec: {{- else if (not .Values.persistence.enabled) }} - name: data emptyDir: {} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/values.yaml b/values.yaml index 66b60dd..ebdda7a 100644 --- a/values.yaml +++ b/values.yaml @@ -122,7 +122,7 @@ pdb: # userPasswords: bitnami1, bitnami2 ## Group to create and add list of user above -## Default set by bitnami image + ## Default set by bitnami image # group: readers # Custom openldap schema files used to be used in addition to default schemas @@ -365,16 +365,25 @@ sidecars: {} ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: {} -## ServiceAccount configuration + +## Service Account +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ ## serviceAccount: - ## @param serviceAccount.create Specifies whether a ServiceAccount should be created + ## @param serviceAccount.create Enable creation of ServiceAccount for Apache pod ## create: true ## @param serviceAccount.name The name of the ServiceAccount to use. ## If not set and create is true, a name is generated using the common.names.fullname template ## name: "" + ## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created + ## Can be set to false if pods using this serviceAccount do not need to use K8s API + ## + automountServiceAccountToken: false + ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount + ## + annotations: {} ## @section Init Container Parameters