From f6cb498f5dc9230cd4bed71b9967b98bdec1fe0f Mon Sep 17 00:00:00 2001 From: jankaspar <2270833+jankaspar@users.noreply.github.com> Date: Tue, 11 Aug 2020 17:05:08 +0100 Subject: [PATCH] Allow customization of service account in charts. (#412) --- deployment/armada/templates/deployment.yaml | 2 +- deployment/armada/templates/serviceaccount.yaml | 3 +++ deployment/armada/values.yaml | 2 ++ deployment/executor/templates/clusterrolebinding.yaml | 4 ++-- deployment/executor/templates/deployment.yaml | 2 +- deployment/executor/templates/serviceaccount.yaml | 3 +++ deployment/executor/values.yaml | 3 ++- docs/helm/executor.md | 4 +++- docs/helm/server.md | 2 ++ 9 files changed, 19 insertions(+), 6 deletions(-) diff --git a/deployment/armada/templates/deployment.yaml b/deployment/armada/templates/deployment.yaml index 85433300c83..3ed9da73517 100644 --- a/deployment/armada/templates/deployment.yaml +++ b/deployment/armada/templates/deployment.yaml @@ -21,7 +21,7 @@ spec: {{- include "armada.labels.all" . | nindent 8 }} spec: terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - serviceAccountName: {{ include "armada.name" . }} + serviceAccountName: {{ .Values.customServiceAccount | default (include "armada.name" .) }} securityContext: runAsUser: 1000 runAsGroup: 2000 diff --git a/deployment/armada/templates/serviceaccount.yaml b/deployment/armada/templates/serviceaccount.yaml index 98816b412fd..53743c197b2 100644 --- a/deployment/armada/templates/serviceaccount.yaml +++ b/deployment/armada/templates/serviceaccount.yaml @@ -1,3 +1,4 @@ +{{ if not .Values.customServiceAccount }} apiVersion: v1 kind: ServiceAccount metadata: @@ -5,3 +6,5 @@ metadata: namespace: {{ .Release.Namespace }} labels: {{- include "armada.labels.all" . | nindent 4 }} +{{ toYaml .Values.serviceAccount }} +{{ end }} \ No newline at end of file diff --git a/deployment/armada/values.yaml b/deployment/armada/values.yaml index c3de2d77a2b..c311266d9d9 100644 --- a/deployment/armada/values.yaml +++ b/deployment/armada/values.yaml @@ -22,6 +22,8 @@ prometheus: enabled: false labels: {} scrapeInterval: 10s +customServiceAccount: null +serviceAccount: {} applicationConfig: grpcPort: 50051 diff --git a/deployment/executor/templates/clusterrolebinding.yaml b/deployment/executor/templates/clusterrolebinding.yaml index 1d2f03694bf..b760b4c915e 100644 --- a/deployment/executor/templates/clusterrolebinding.yaml +++ b/deployment/executor/templates/clusterrolebinding.yaml @@ -10,7 +10,7 @@ roleRef: name: {{ include "executor.name" . }} subjects: - kind: ServiceAccount - name: {{ include "executor.name" . }} + name: {{ .Values.customServiceAccount | default (include "executor.name" .) }} namespace: {{ .Release.Namespace }} {{- $root := . -}} {{ range .Values.additionalClusterRoleBindings }} @@ -27,6 +27,6 @@ roleRef: name: {{ .clusterRoleName }} subjects: - kind: ServiceAccount - name: {{ include "executor.name" $root }} + name: {{ $root.Values.customServiceAccount | default (include "executor.name" $root) }} namespace: {{ $root.Release.Namespace }} {{ end }} \ No newline at end of file diff --git a/deployment/executor/templates/deployment.yaml b/deployment/executor/templates/deployment.yaml index 5d6389257bf..098f1ae3324 100644 --- a/deployment/executor/templates/deployment.yaml +++ b/deployment/executor/templates/deployment.yaml @@ -17,7 +17,7 @@ spec: {{- include "executor.labels.all" . | nindent 8 }} spec: terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - serviceAccountName: {{ include "executor.name" . }} + serviceAccountName: {{ .Values.customServiceAccount | default (include "executor.name" .) }} securityContext: runAsUser: 1000 runAsGroup: 2000 diff --git a/deployment/executor/templates/serviceaccount.yaml b/deployment/executor/templates/serviceaccount.yaml index 4ed98f3d37c..6a267a6bc4e 100644 --- a/deployment/executor/templates/serviceaccount.yaml +++ b/deployment/executor/templates/serviceaccount.yaml @@ -1,3 +1,4 @@ +{{ if not .Values.customServiceAccount }} apiVersion: v1 kind: ServiceAccount metadata: @@ -5,3 +6,5 @@ metadata: namespace: {{ .Release.Namespace }} labels: {{- include "executor.labels.all" . | nindent 4 }} +{{ toYaml .Values.serviceAccount }} +{{ end }} \ No newline at end of file diff --git a/deployment/executor/values.yaml b/deployment/executor/values.yaml index 217ecb943e4..b3bddfe716d 100644 --- a/deployment/executor/values.yaml +++ b/deployment/executor/values.yaml @@ -16,7 +16,8 @@ tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - +customServiceAccount: null +serviceAccount: {} prometheus: enabled: false diff --git a/docs/helm/executor.md b/docs/helm/executor.md index 9c0a37a234c..7e282b54c1a 100644 --- a/docs/helm/executor.md +++ b/docs/helm/executor.md @@ -16,7 +16,9 @@ This document briefly outlines the customisation options of the Executor helm ch | `additionalVolumes` | Additional volumes that'll be mounted to the executor pod | `""` | | `prometheus.enabled` | Flag to determine if Prometheus components are deployed or not. This should only be enabled if Prometheus is deployed and you want to scrape metrics from the executor component | `false` | | `prometheus.labels` | Additional labels that'll be added to executor prometheus components | `{}` | -| `prometheus.scrapeInterval` | Scrape interval of the serviceMonitor and prometheusRule | `10s` | +| `prometheus.scrapeInterval` | Scrape interval of the serviceMonitor and prometheusRule | `10s` | +| `customServiceAccount` | Use existing service account for pod instead of creating a new one | `null` | +| `serviceAccount` | Additional properties of service account (like imagePullSecrets) | `{}` | | `applicationConfig` | Config file override values, merged with /config/executor/config.yaml to make up the config file used when running the application | `nil` | ## Application Config diff --git a/docs/helm/server.md b/docs/helm/server.md index 9dfe61721f7..284886a3c90 100644 --- a/docs/helm/server.md +++ b/docs/helm/server.md @@ -21,6 +21,8 @@ This document briefly outlines the customisation options of the server helm char | `prometheus.enabled` | Flag to determine if Prometheus components are deployed or not. This should only be enabled if Prometheus is deployed and you want to scrape metrics from the server component | `false` | | `prometheus.labels` | Additional labels that'll be added to server prometheus components | `{}` | | `prometheus.scrapeInterval` | Scrape interval of the serviceMonitor and prometheusRule | `10s` | +| `customServiceAccount` | Use existing service account for pod instead of creating a new one | `null` | +| `serviceAccount` | Additional properties of service account (like imagePullSecrets) | `{}` | | `applicationConfig` | Config file override values, merged with /config/armada/config.yaml to make up the config file used when running the application |`grpcPort: 50051` |