diff --git a/charts/falco/CHANGELOG.md b/charts/falco/CHANGELOG.md index 131e11b44..56b1e9249 100644 --- a/charts/falco/CHANGELOG.md +++ b/charts/falco/CHANGELOG.md @@ -3,6 +3,10 @@ This file documents all notable changes to Falco Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +## v4.0.1 + +* Reintroduce the service account. + ## v4.0.0 The new chart introduces some breaking changes. For folks upgrading Falco please see the BREAKING-CHANGES.md file. diff --git a/charts/falco/Chart.yaml b/charts/falco/Chart.yaml index 47968fd19..8eee7b629 100644 --- a/charts/falco/Chart.yaml +++ b/charts/falco/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: falco -version: 4.0.0 +version: 4.1.0 appVersion: "0.37.0" description: Falco keywords: diff --git a/charts/falco/templates/pod-template.tpl b/charts/falco/templates/pod-template.tpl index 8a5b1a8f9..5eb572886 100644 --- a/charts/falco/templates/pod-template.tpl +++ b/charts/falco/templates/pod-template.tpl @@ -16,6 +16,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: + serviceAccountName: {{ include "falco.serviceAccountName" . }} {{- with .Values.podSecurityContext }} securityContext: {{- toYaml . | nindent 4}} diff --git a/charts/falco/templates/serviceaccount.yaml b/charts/falco/templates/serviceaccount.yaml new file mode 100644 index 000000000..65493eb2f --- /dev/null +++ b/charts/falco/templates/serviceaccount.yaml @@ -0,0 +1,14 @@ + +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "falco.serviceAccountName" . }} + namespace: {{ include "falco.namespace" . }} + labels: + {{- include "falco.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/falco/tests/unit/serviceAccount_test.go b/charts/falco/tests/unit/serviceAccount_test.go new file mode 100644 index 000000000..d41f9cb03 --- /dev/null +++ b/charts/falco/tests/unit/serviceAccount_test.go @@ -0,0 +1,59 @@ +package unit + +import ( + "github.com/gruntwork-io/terratest/modules/helm" + "github.com/stretchr/testify/require" + corev1 "k8s.io/api/core/v1" + "path/filepath" + "strings" + "testing" +) + +func TestServiceAccount(t *testing.T) { + t.Parallel() + + helmChartPath, err := filepath.Abs(chartPath) + require.NoError(t, err) + + testCases := []struct { + name string + values map[string]string + expected func(t *testing.T, sa *corev1.ServiceAccount) + }{ + { + "defaultValues", + nil, + func(t *testing.T, sa *corev1.ServiceAccount) { + require.Equal(t, sa.Name, "") + }, + }, + { + "kind=kmod", + map[string]string{ + "serviceAccount.create": "true", + }, + func(t *testing.T, sa *corev1.ServiceAccount) { + require.Equal(t, sa.Name, "rendered-resources-falco") + }, + }, + } + + for _, testCase := range testCases { + testCase := testCase + + t.Run(testCase.name, func(t *testing.T) { + t.Parallel() + + options := &helm.Options{SetValues: testCase.values} + output, err := helm.RenderTemplateE(t, options, helmChartPath, releaseName, []string{"templates/serviceaccount.yaml"}) + if err != nil { + require.True(t, strings.Contains(err.Error(), "Error: could not find template templates/serviceaccount.yaml in chart")) + } + + var sa corev1.ServiceAccount + helm.UnmarshalK8SYaml(t, output, &sa) + + testCase.expected(t, &sa) + }) + } +} diff --git a/charts/falco/values.yaml b/charts/falco/values.yaml index ef2c41900..3c0562323 100644 --- a/charts/falco/values.yaml +++ b/charts/falco/values.yaml @@ -26,6 +26,15 @@ namespaceOverride: "" # -- Add additional pod annotations podAnnotations: {} +serviceAccount: + # -- Specifies whether a service account should be created. + create: false + # -- Annotations to add to the service account. + annotations: {} + # -- The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + # -- Add additional pod labels podLabels: {}