feat(helm): add option to create a service account and specify a defa…

…ult user id in securityContext (#815)
tchiotludo · Oct 24, 2021 · 8ed9673 · 8ed9673
1 parent bc0cfb7
commit 8ed9673
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 3 deletions.
diff --git a/helm/akhq/templates/_helpers.tpl b/helm/akhq/templates/_helpers.tpl
@@ -31,6 +31,17 @@ Create chart name and version as used by the chart label.
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "akhq.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "akhq.fullname" .) .Values.serviceAccountName }}
+{{- else }}
+{{- default "default" .Values.serviceAccountName }}
+{{- end }}
+{{- end }}
+
 {{/*
 Return the appropriate apiVersion for Ingress
 */}}

diff --git a/helm/akhq/templates/deployment.yaml b/helm/akhq/templates/deployment.yaml
@@ -41,9 +41,7 @@ spec:
       securityContext:
         {{ toYaml .Values.securityContext | nindent 8 }}
       {{- end }}
-      {{- if .Values.serviceAccountName }}
-      serviceAccountName: {{ .Values.serviceAccountName }}
-      {{- end }}
+      serviceAccountName: {{ include "akhq.serviceAccountName" . }}
       {{- if .Values.initContainers }}
       initContainers:
         {{- range $key, $value := .Values.initContainers }}

diff --git a/helm/akhq/templates/serviceaccount.yaml b/helm/akhq/templates/serviceaccount.yaml
@@ -0,0 +1,15 @@
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: {{ include "akhq.name" . }}
+    helm.sh/chart: {{ include "akhq.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- with .Values.serviceAccount.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+  name: {{ include "akhq.serviceAccountName" . }}
+{{- end }}
diff --git a/helm/akhq/values.yaml b/helm/akhq/values.yaml
@@ -63,6 +63,10 @@ extraVolumeMounts: []
 
 # Specify ServiceAccount for pod
 serviceAccountName: null
+serviceAccount:
+  create: false
+  #annotations:
+  #  eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here
 
 # Add your own init container or uncomment and modify the example.
 initContainers: {}