From a0735c64e3ca7aad8867be221cd9e27f2a2bf7e0 Mon Sep 17 00:00:00 2001 From: Chris Chandler Date: Thu, 21 Jul 2022 15:50:16 -0500 Subject: [PATCH] Ability to toggle service account usage --- README.md | 9 +++++++++ charts/snyk-broker/templates/broker_deployment.yaml | 2 ++ charts/snyk-broker/templates/code_agent_deployment.yaml | 2 ++ charts/snyk-broker/templates/cra_deployment.yaml | 2 ++ charts/snyk-broker/values.yaml | 6 +++++- 5 files changed, 20 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 9f2eedf..ab2753e 100644 --- a/README.md +++ b/README.md @@ -266,6 +266,13 @@ To use an existing service account, add the following parameters to the install --set serviceAccount.name= \ ``` +If you do not - or can not, due to permissions, etc - use service accounts, add the following parameters to the install command: + +``` +--set serviceAccount.enabled=false \ +--set serviceAccount.create=false \ +``` + ## Deploying Multiple Brokers In The Same Namespace To deploy an additional broker into the same namespace as an existing broker, see the following example. @@ -347,6 +354,8 @@ To use this chart behind a proxy, set the ```httpProxy``` and ```httpsProxy``` v | `logEnableBody` | Enable Log Body | `false` | | `image.repository` | Broker Image | `snyk/broker` | | `deployment.container.containerPort` | Container Port (Back End) | `8000` | +| `serviceAccount.enabled` | Whether to use service accounts in deployment templates | `true` | +| `serviceAccount.create` | Whether Helm should create a new service account | `true` | | `serviceAccount.name` | Name of service account to be created | `snyk-broker` | | `service.port` | Front End Port for broker client | `8000` | | `crImage` | Image Tag | `latest` | diff --git a/charts/snyk-broker/templates/broker_deployment.yaml b/charts/snyk-broker/templates/broker_deployment.yaml index 26880f9..8d8a350 100644 --- a/charts/snyk-broker/templates/broker_deployment.yaml +++ b/charts/snyk-broker/templates/broker_deployment.yaml @@ -21,7 +21,9 @@ spec: labels: {{- include "snyk-broker.selectorLabels" . | nindent 8 }} spec: + {{- if .Values.serviceAccount.enabled }} serviceAccountName: {{ include "snyk-broker.serviceAccountName" . }} + {{- end }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/charts/snyk-broker/templates/code_agent_deployment.yaml b/charts/snyk-broker/templates/code_agent_deployment.yaml index 62b25ae..aee40d7 100644 --- a/charts/snyk-broker/templates/code_agent_deployment.yaml +++ b/charts/snyk-broker/templates/code_agent_deployment.yaml @@ -25,7 +25,9 @@ spec: app.kubernetes.io/name: {{ .Release.Name }}-ca app.kubernetes.io/instance: {{ .Release.Name }} spec: + {{- if .Values.serviceAccount.enabled }} serviceAccountName: {{ include "snyk-broker.serviceAccountName" . }} + {{- end }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/charts/snyk-broker/templates/cra_deployment.yaml b/charts/snyk-broker/templates/cra_deployment.yaml index 101e748..457f75f 100644 --- a/charts/snyk-broker/templates/cra_deployment.yaml +++ b/charts/snyk-broker/templates/cra_deployment.yaml @@ -25,7 +25,9 @@ spec: app.kubernetes.io/name: {{ .Release.Name }}-cr app.kubernetes.io/instance: {{ .Release.Name }} spec: + {{- if .Values.serviceAccount.enabled }} serviceAccountName: {{ include "snyk-broker.serviceAccountName" . }} + {{- end }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/charts/snyk-broker/values.yaml b/charts/snyk-broker/values.yaml index 250afb8..c4b8d51 100644 --- a/charts/snyk-broker/values.yaml +++ b/charts/snyk-broker/values.yaml @@ -241,7 +241,11 @@ fullnameOverride: "" ##### Service Account Values. Nothing to change here ##### serviceAccount: - # Specifies whether a service account should be created + # Specifies whether to use a service account or not + enabled: true + # Specifies whether a service account should be created. + # Note: Ensure you specify an existing service account in the name value + # if enabled == true AND create == false. create: true # Annotations to add to the service account annotations: {}