feat(helm): add option to create a service account and specify a defa…

…ult user id in securityContext (#815)
tchiotludo · Sep 23, 2021 · b93598e · b93598e
1 parent 6fd15f1
commit b93598e
Show file tree

Hide file tree

Showing 5 changed files with 36 additions and 6 deletions.
diff --git a/helm/akhq/Chart.yaml b/helm/akhq/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: "0.18.0"
 description: Kafka GUI for Apache Kafka to manage topics, topics data, consumers group, schema registry, connect and more...
 name: akhq
-version: 0.2.2
+version: 0.2.3
 keywords:
   - kafka
   - confluent

diff --git a/helm/akhq/templates/_helpers.tpl b/helm/akhq/templates/_helpers.tpl
@@ -30,3 +30,14 @@ Create chart name and version as used by the chart label.
 {{- define "akhq.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "akhq.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "akhq.fullname" .) .Values.serviceAccountName }}
+{{- else }}
+{{- default "default" .Values.serviceAccountName }}
+{{- end }}
+{{- end }}
diff --git a/helm/akhq/templates/deployment.yaml b/helm/akhq/templates/deployment.yaml
@@ -41,9 +41,7 @@ spec:
       securityContext:
         {{ toYaml .Values.securityContext | nindent 8 }}
       {{- end }}
-      {{- if .Values.serviceAccountName }}
-      serviceAccountName: {{ .Values.serviceAccountName }}
-      {{- end }}
+      serviceAccountName: {{ include "akhq.serviceAccountName" . }}
       {{- if .Values.initContainers }}
       initContainers:
         {{- range $key, $value := .Values.initContainers }}

diff --git a/helm/akhq/templates/serviceaccount.yaml b/helm/akhq/templates/serviceaccount.yaml
@@ -0,0 +1,15 @@
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: {{ include "akhq.name" . }}
+    helm.sh/chart: {{ include "akhq.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- with .Values.serviceAccount.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+  name: {{ include "akhq.serviceAccountName" . }}
+{{- end }}
diff --git a/helm/akhq/values.yaml b/helm/akhq/values.yaml
@@ -63,6 +63,10 @@ extraVolumeMounts: []
 
 # Specify ServiceAccount for pod
 serviceAccountName: null
+serviceAccount:
+  create: false
+  #annotations:
+  #  eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here
 
 # Add your own init container or uncomment and modify the example.
 initContainers: {}
@@ -73,13 +77,15 @@ initContainers: {}
 #      - mountPath: /tmp
 #        name: certs
 
-securityContext: {}
+securityContext:
+  fsGroup: 1000
+  runAsGroup: 1000
+  runAsUser: 1000
 #  capabilities:
 #    drop:
 #      - ALL
 #  # readOnlyRootFilesystem: true
 #  runAsNonRoot: true
-#  runAsUser: 1000
 
 service:
   enabled: true