From e8d1d23f9311d0a5892973d5e8c85bff1afbe415 Mon Sep 17 00:00:00 2001 From: Daniel Gempesaw Date: Wed, 4 Dec 2024 16:03:16 -0500 Subject: [PATCH 1/3] executor: Add an optional serviceAccount.name to values.yaml --- charts/buildbuddy-executor/templates/deployment.yaml | 3 +++ charts/buildbuddy-executor/values.yaml | 8 ++++++++ 2 files changed, 11 insertions(+) diff --git a/charts/buildbuddy-executor/templates/deployment.yaml b/charts/buildbuddy-executor/templates/deployment.yaml index adc0d2b..bf2f000 100644 --- a/charts/buildbuddy-executor/templates/deployment.yaml +++ b/charts/buildbuddy-executor/templates/deployment.yaml @@ -61,6 +61,9 @@ spec: tolerations: {{- toYaml .Values.tolerations | nindent 8 }} {{- end }} + {{- if .Values.serviceAccount.name }} + serviceAccountName: {{ .Values.serviceAccount.name }} + {{- end }} containers: {{- if .Values.extraContainers }} {{- toYaml .Values.extraContainers | nindent 8 }} diff --git a/charts/buildbuddy-executor/values.yaml b/charts/buildbuddy-executor/values.yaml index c662cd4..4a7c66f 100644 --- a/charts/buildbuddy-executor/values.yaml +++ b/charts/buildbuddy-executor/values.yaml @@ -153,3 +153,11 @@ extraVolumeMounts: [] ## Affinity (optional) could be used to configured 'executor' pods to be deployed ## on nodes with a certain type of storage volume or hardware available. affinity: {} + +## Optionally, set a different service account for the executor pods. Setting +## this is not required for normal 'executor' operation; the `default` SA is +## sufficient. It is available in case you need to grant the pods additional +## permissions via SA. Note that the chart does not create the SA, so you should +## create it on your own. +serviceAccount: + name: default From 9b45964f8ee1db26e61c6b851a5adc3d8b9ac3b8 Mon Sep 17 00:00:00 2001 From: Daniel Gempesaw Date: Wed, 4 Dec 2024 16:21:41 -0500 Subject: [PATCH 2/3] Disable the default SA behaviour :thumbs-up: --- charts/buildbuddy-executor/templates/deployment.yaml | 2 +- charts/buildbuddy-executor/values.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/buildbuddy-executor/templates/deployment.yaml b/charts/buildbuddy-executor/templates/deployment.yaml index bf2f000..daaf842 100644 --- a/charts/buildbuddy-executor/templates/deployment.yaml +++ b/charts/buildbuddy-executor/templates/deployment.yaml @@ -61,7 +61,7 @@ spec: tolerations: {{- toYaml .Values.tolerations | nindent 8 }} {{- end }} - {{- if .Values.serviceAccount.name }} + {{- if and .Values.serviceAccount .Values.serviceAccount.name }} serviceAccountName: {{ .Values.serviceAccount.name }} {{- end }} containers: diff --git a/charts/buildbuddy-executor/values.yaml b/charts/buildbuddy-executor/values.yaml index 4a7c66f..89f1fff 100644 --- a/charts/buildbuddy-executor/values.yaml +++ b/charts/buildbuddy-executor/values.yaml @@ -159,5 +159,5 @@ affinity: {} ## sufficient. It is available in case you need to grant the pods additional ## permissions via SA. Note that the chart does not create the SA, so you should ## create it on your own. -serviceAccount: - name: default +# serviceAccount: +# name: default From 2acb511c96888f034219bc350b742e93810dce63 Mon Sep 17 00:00:00 2001 From: Daniel Gempesaw Date: Wed, 4 Dec 2024 16:22:52 -0500 Subject: [PATCH 3/3] Bump chart version --- charts/buildbuddy-executor/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/buildbuddy-executor/Chart.yaml b/charts/buildbuddy-executor/Chart.yaml index 0f9dd31..1ee3a27 100644 --- a/charts/buildbuddy-executor/Chart.yaml +++ b/charts/buildbuddy-executor/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: BuildBuddy Executor name: buildbuddy-executor -version: 0.0.296 # Chart version +version: 0.0.297 # Chart version appVersion: 2.112.0 # Version of deployed app keywords: - buildbuddy