Commit fbe6b1c6 authored by DJ Mountney's avatar DJ Mountney 🌴

Merge branch '1157-allow-static-serviceaccount-name-in-shared-secrets' into 'master'

Allow static ServiceAccount Name in shared-secrets

Closes #1157

See merge request charts/gitlab!688
parents ffe15e29 815dcb55
Pipeline #48622493 passed with stages
in 30 minutes and 10 seconds
---
title: Allow static ServiceAccount Name in shared-secrets
merge_request: 688
author:
type: other
......@@ -11,3 +11,13 @@ reduce collision
{{- $rand := randAlphaNum 3 | lower }}
{{- printf "%s.%d-%s" $name .Release.Revision $rand | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "shared-secrets.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
......@@ -21,7 +21,7 @@ spec:
runAsUser: {{ .Values.securityContext.runAsUser }}
fsGroup: {{ .Values.securityContext.fsGroup }}
{{- if .Values.rbac.create }}
serviceAccountName: {{ template "fullname" . }}
serviceAccountName: {{ template "shared-secrets.serviceAccountName" . }}
{{- end }}
restartPolicy: Never
{{- include "pullsecrets" .Values.image | indent 6}}
......
......@@ -20,5 +20,5 @@ roleRef:
name: {{ template "fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "fullname" . }}
name: {{ template "shared-secrets.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "fullname" . }}
name: {{ template "shared-secrets.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{ include "gitlab.standardLabels" . | indent 4 }}
......@@ -11,3 +12,4 @@ metadata:
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
{{- end }}
{{- end }}
......@@ -21,7 +21,7 @@ spec:
securityContext:
runAsUser: {{ .Values.securityContext.runAsUser }}
fsGroup: {{ .Values.securityContext.fsGroup }}
serviceAccountName: {{ template "fullname" . }}
serviceAccountName: {{ template "shared-secrets.serviceAccountName" . }}
restartPolicy: Never
{{- include "pullsecrets" .Values.image | indent 6}}
initContainers:
......
......@@ -15,6 +15,9 @@ resources: {}
env: production
global: {}
enabled: false
serviceAccount:
create: true
name: # Specify a pre-existing ServiceAccount name
rbac:
create: true
resources:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment