Allow customization of service account in charts. (#412)

armadaproject · Aug 11, 2020 · f6cb498 · f6cb498
1 parent 709ca7f
commit f6cb498
Show file tree

Hide file tree

Showing 9 changed files with 19 additions and 6 deletions.
diff --git a/deployment/armada/templates/deployment.yaml b/deployment/armada/templates/deployment.yaml
@@ -21,7 +21,7 @@ spec:
  {{- include "armada.labels.all" . | nindent 8 }}
  spec:
  terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
- serviceAccountName: {{ include "armada.name" . }}
+ serviceAccountName: {{ .Values.customServiceAccount | default (include "armada.name" .) }}
  securityContext:
  runAsUser: 1000
  runAsGroup: 2000

diff --git a/deployment/armada/templates/serviceaccount.yaml b/deployment/armada/templates/serviceaccount.yaml
@@ -1,7 +1,10 @@
+{{ if not .Values.customServiceAccount }}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ include "armada.name" . }}
  namespace: {{ .Release.Namespace }}
  labels:
  {{- include "armada.labels.all" . | nindent 4 }}
+{{ toYaml .Values.serviceAccount }}
+{{ end }}
diff --git a/deployment/armada/values.yaml b/deployment/armada/values.yaml
@@ -22,6 +22,8 @@ prometheus:
  enabled: false
  labels: {}
  scrapeInterval: 10s
+customServiceAccount: null
+serviceAccount: {}
 
 applicationConfig:
  grpcPort: 50051

diff --git a/deployment/executor/templates/clusterrolebinding.yaml b/deployment/executor/templates/clusterrolebinding.yaml
@@ -10,7 +10,7 @@ roleRef:
  name: {{ include "executor.name" . }}
 subjects:
 - kind: ServiceAccount
- name: {{ include "executor.name" . }}
+ name: {{ .Values.customServiceAccount | default (include "executor.name" .) }}
  namespace: {{ .Release.Namespace }}
 {{- $root := . -}}
 {{ range .Values.additionalClusterRoleBindings }}
@@ -27,6 +27,6 @@ roleRef:
  name: {{ .clusterRoleName }}
 subjects:
 - kind: ServiceAccount
- name: {{ include "executor.name" $root }}
+ name: {{ $root.Values.customServiceAccount | default (include "executor.name" $root) }}
  namespace: {{ $root.Release.Namespace }}
 {{ end }}
diff --git a/deployment/executor/templates/deployment.yaml b/deployment/executor/templates/deployment.yaml
@@ -17,7 +17,7 @@ spec:
  {{- include "executor.labels.all" . | nindent 8 }}
  spec:
  terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
- serviceAccountName: {{ include "executor.name" . }}
+ serviceAccountName: {{ .Values.customServiceAccount | default (include "executor.name" .) }}
  securityContext:
  runAsUser: 1000
  runAsGroup: 2000

diff --git a/deployment/executor/templates/serviceaccount.yaml b/deployment/executor/templates/serviceaccount.yaml
@@ -1,7 +1,10 @@
+{{ if not .Values.customServiceAccount }}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ include "executor.name" . }}
  namespace: {{ .Release.Namespace }}
  labels:
  {{- include "executor.labels.all" . | nindent 4 }}
+{{ toYaml .Values.serviceAccount }}
+{{ end }}
diff --git a/deployment/executor/values.yaml b/deployment/executor/values.yaml
@@ -16,7 +16,8 @@ tolerations:
  - effect: NoSchedule
  key: node-role.kubernetes.io/master
  operator: Exists
-
+customServiceAccount: null
+serviceAccount: {}
 
 prometheus:
  enabled: false

diff --git a/docs/helm/executor.md b/docs/helm/executor.md
@@ -16,7 +16,9 @@ This document briefly outlines the customisation options of the Executor helm ch
 | `additionalVolumes` | Additional volumes that'll be mounted to the executor pod | `""` |
 | `prometheus.enabled` | Flag to determine if Prometheus components are deployed or not. This should only be enabled if Prometheus is deployed and you want to scrape metrics from the executor component | `false` |
 | `prometheus.labels` | Additional labels that'll be added to executor prometheus components | `{}` |
-| `prometheus.scrapeInterval` | Scrape interval of the serviceMonitor and prometheusRule | `10s` |
+| `prometheus.scrapeInterval` | Scrape interval of the serviceMonitor and prometheusRule | `10s` |
+| `customServiceAccount` | Use existing service account for pod instead of creating a new one | `null` |
+| `serviceAccount` | Additional properties of service account (like imagePullSecrets) | `{}` |
 | `applicationConfig` | Config file override values, merged with /config/executor/config.yaml to make up the config file used when running the application | `nil` |
 
 ## Application Config

diff --git a/docs/helm/server.md b/docs/helm/server.md
@@ -21,6 +21,8 @@ This document briefly outlines the customisation options of the server helm char
 | `prometheus.enabled` | Flag to determine if Prometheus components are deployed or not. This should only be enabled if Prometheus is deployed and you want to scrape metrics from the server component | `false` |
 | `prometheus.labels` | Additional labels that'll be added to server prometheus components | `{}` |
 | `prometheus.scrapeInterval` | Scrape interval of the serviceMonitor and prometheusRule | `10s` |
+| `customServiceAccount` | Use existing service account for pod instead of creating a new one | `null` |
+| `serviceAccount` | Additional properties of service account (like imagePullSecrets) | `{}` |
 | `applicationConfig` | Config file override values, merged with /config/armada/config.yaml to make up the config file used when running the application |`grpcPort: 50051` |