diff --git a/CHANGELOG.md b/CHANGELOG.md index 89a4e8fe2..9f783d4e2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ and this project adheres to ### Added +- ✨(helm) Service Account support for K8s Resources in Helm Charts #778 - ✨(backend) allow masking documents from the list view #1171 - ✨(frontend) subdocs can manage link reach #1190 - ✨(frontend) add duplicate action to doc tree #1175 diff --git a/src/helm/impress/README.md b/src/helm/impress/README.md index 175bd3cf9..d5bcd2260 100644 --- a/src/helm/impress/README.md +++ b/src/helm/impress/README.md @@ -135,6 +135,7 @@ | `backend.extraVolumeMounts` | Additional volumes to mount on the backend. | `[]` | | `backend.extraVolumes` | Additional volumes to mount on the backend. | `[]` | | `backend.pdb.enabled` | Enable pdb on backend | `true` | +| `backend.serviceAccountName` | Optional service account name to use for backend pods | `nil` | | `backend.themeCustomization.enabled` | Enable theme customization | `false` | | `backend.themeCustomization.file_content` | Content of the theme customization file. Must be a json object. | `""` | | `backend.themeCustomization.mount_path` | Path where the customization file will be mounted in the backend deployment. | `/app/impress/configuration/theme` | @@ -198,6 +199,7 @@ | `frontend.extraVolumeMounts` | Additional volumes to mount on the frontend. | `[]` | | `frontend.extraVolumes` | Additional volumes to mount on the frontend. | `[]` | | `frontend.pdb.enabled` | Enable pdb on frontend | `true` | +| `frontend.serviceAccountName` | Optional service account name to use for frontend pods | `nil` | ### posthog @@ -280,3 +282,4 @@ | `yProvider.extraVolumeMounts` | Additional volumes to mount on the yProvider. | `[]` | | `yProvider.extraVolumes` | Additional volumes to mount on the yProvider. | `[]` | | `yProvider.pdb.enabled` | Enable pdb on yProvider | `true` | +| `yProvider.serviceAccountName` | Optional service account name to use for yProvider pods | `nil` | diff --git a/src/helm/impress/templates/backend_deployment.yaml b/src/helm/impress/templates/backend_deployment.yaml index bb2ff68df..a60b791da 100644 --- a/src/helm/impress/templates/backend_deployment.yaml +++ b/src/helm/impress/templates/backend_deployment.yaml @@ -30,6 +30,9 @@ spec: imagePullSecrets: - name: {{ include "impress.secret.dockerconfigjson.name" (dict "fullname" (include "impress.fullname" .) "imageCredentials" $.Values.image.credentials) }} {{- end}} + {{- if .Values.backend.serviceAccountName }} + serviceAccountName: {{ .Values.backend.serviceAccountName }} + {{- end }} shareProcessNamespace: {{ .Values.backend.shareProcessNamespace }} containers: {{- with .Values.backend.sidecars }} diff --git a/src/helm/impress/templates/backend_job_createsuperuser.yaml b/src/helm/impress/templates/backend_job_createsuperuser.yaml index be159c0fe..0096483cc 100644 --- a/src/helm/impress/templates/backend_job_createsuperuser.yaml +++ b/src/helm/impress/templates/backend_job_createsuperuser.yaml @@ -29,6 +29,9 @@ spec: imagePullSecrets: - name: {{ include "impress.secret.dockerconfigjson.name" (dict "fullname" (include "impress.fullname" .) "imageCredentials" $.Values.image.credentials) }} {{- end}} + {{- if .Values.backend.serviceAccountName }} + serviceAccountName: {{ .Values.backend.serviceAccountName }} + {{- end }} shareProcessNamespace: {{ .Values.backend.shareProcessNamespace }} containers: {{- with .Values.backend.sidecars }} diff --git a/src/helm/impress/templates/backend_job_migrate.yaml b/src/helm/impress/templates/backend_job_migrate.yaml index 00ff95292..99e58ba11 100644 --- a/src/helm/impress/templates/backend_job_migrate.yaml +++ b/src/helm/impress/templates/backend_job_migrate.yaml @@ -29,6 +29,9 @@ spec: imagePullSecrets: - name: {{ include "impress.secret.dockerconfigjson.name" (dict "fullname" (include "impress.fullname" .) "imageCredentials" $.Values.image.credentials) }} {{- end}} + {{- if .Values.backend.serviceAccountName }} + serviceAccountName: {{ .Values.backend.serviceAccountName }} + {{- end }} shareProcessNamespace: {{ .Values.backend.shareProcessNamespace }} containers: {{- with .Values.backend.sidecars }} diff --git a/src/helm/impress/templates/celery_worker_deployment.yaml b/src/helm/impress/templates/celery_worker_deployment.yaml index 956a4e678..3fc278b0b 100644 --- a/src/helm/impress/templates/celery_worker_deployment.yaml +++ b/src/helm/impress/templates/celery_worker_deployment.yaml @@ -30,6 +30,9 @@ spec: imagePullSecrets: - name: {{ include "impress.secret.dockerconfigjson.name" (dict "fullname" (include "impress.fullname" .) "imageCredentials" $.Values.image.credentials) }} {{- end}} + {{- if .Values.backend.serviceAccountName }} + serviceAccountName: {{ .Values.backend.serviceAccountName }} + {{- end }} shareProcessNamespace: {{ .Values.backend.shareProcessNamespace }} containers: {{- with .Values.backend.sidecars }} diff --git a/src/helm/impress/templates/frontend_deployment.yaml b/src/helm/impress/templates/frontend_deployment.yaml index 187506aa0..584d26452 100644 --- a/src/helm/impress/templates/frontend_deployment.yaml +++ b/src/helm/impress/templates/frontend_deployment.yaml @@ -30,6 +30,9 @@ spec: imagePullSecrets: - name: {{ include "impress.secret.dockerconfigjson.name" (dict "fullname" (include "impress.fullname" .) "imageCredentials" $.Values.image.credentials) }} {{- end}} + {{- if .Values.frontend.serviceAccountName }} + serviceAccountName: {{ .Values.frontend.serviceAccountName }} + {{- end }} shareProcessNamespace: {{ .Values.frontend.shareProcessNamespace }} containers: {{- with .Values.frontend.sidecars }} diff --git a/src/helm/impress/templates/yprovider_deployment.yaml b/src/helm/impress/templates/yprovider_deployment.yaml index 15020d8d5..c920037c5 100644 --- a/src/helm/impress/templates/yprovider_deployment.yaml +++ b/src/helm/impress/templates/yprovider_deployment.yaml @@ -30,6 +30,9 @@ spec: imagePullSecrets: - name: {{ include "impress.secret.dockerconfigjson.name" (dict "fullname" (include "impress.fullname" .) "imageCredentials" $.Values.image.credentials) }} {{- end}} + {{- if .Values.yProvider.serviceAccountName }} + serviceAccountName: {{ .Values.yProvider.serviceAccountName }} + {{- end }} shareProcessNamespace: {{ .Values.yProvider.shareProcessNamespace }} containers: {{- with .Values.yProvider.sidecars }} diff --git a/src/helm/impress/values.yaml b/src/helm/impress/values.yaml index c2e1c08a5..f063e478d 100644 --- a/src/helm/impress/values.yaml +++ b/src/helm/impress/values.yaml @@ -236,8 +236,8 @@ backend: targetPort: 8000 annotations: {} - ## @param backend.migrate.command backend migrate command - ## @param backend.migrate.restartPolicy backend migrate job restart policy + ## @param backend.migrate.command backend migrate command + ## @param backend.migrate.restartPolicy backend migrate job restart policy migrate: command: - /bin/sh @@ -254,8 +254,8 @@ backend: python manage.py migrate --no-input restartPolicy: Never - ## @param backend.createsuperuser.command backend migrate command - ## @param backend.createsuperuser.restartPolicy backend migrate job restart policy + ## @param backend.createsuperuser.command backend migrate command + ## @param backend.createsuperuser.restartPolicy backend migrate job restart policy createsuperuser: command: - "/bin/sh" @@ -282,7 +282,7 @@ backend: name: "" command: [] restartPolicy: Never - annotations: + annotations: argocd.argoproj.io/hook: PostSync # List of cronjob to add @@ -344,6 +344,9 @@ backend: pdb: enabled: true + ## @param backend.serviceAccountName Optional service account name to use for backend pods + serviceAccountName: null + ## @param backend.themeCustomization.enabled Enable theme customization ## @param backend.themeCustomization.file_content Content of the theme customization file. Must be a json object. ## @param backend.themeCustomization.mount_path Path where the customization file will be mounted in the backend deployment. @@ -480,6 +483,9 @@ frontend: pdb: enabled: true + ## @param frontend.serviceAccountName Optional service account name to use for frontend pods + serviceAccountName: null + ## @section posthog posthog: @@ -652,3 +658,6 @@ yProvider: ## @param yProvider.pdb.enabled Enable pdb on yProvider pdb: enabled: true + + ## @param yProvider.serviceAccountName Optional service account name to use for yProvider pods + serviceAccountName: null