From 6414cef4f89c1aea52efa3fa48e7c5a0d6bf426f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cagatay=20G=C3=BCrt=C3=BCrk?= Date: Sun, 19 Jan 2020 14:41:18 +0100 Subject: [PATCH 1/4] Allow not creating a service account automatically and use a custom one. --- chart/keel/templates/_helpers.tpl | 8 ++++++++ chart/keel/templates/clusterrolebinding.yaml | 2 +- chart/keel/templates/deployment.yaml | 2 +- chart/keel/templates/service-account.yaml | 4 +++- chart/keel/values.yaml | 6 ++++++ 5 files changed, 19 insertions(+), 3 deletions(-) diff --git a/chart/keel/templates/_helpers.tpl b/chart/keel/templates/_helpers.tpl index 06f9476d..30588884 100644 --- a/chart/keel/templates/_helpers.tpl +++ b/chart/keel/templates/_helpers.tpl @@ -6,6 +6,14 @@ Expand the name of the chart. {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{- define "serviceAccount.name" -}} +{{- if .Values.rbac.serviceAccount.create -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- .Values.rbac.serviceAccount.name -}} +{{- end -}} +{{- end -}} + {{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). diff --git a/chart/keel/templates/clusterrolebinding.yaml b/chart/keel/templates/clusterrolebinding.yaml index e443cb16..54e1a849 100644 --- a/chart/keel/templates/clusterrolebinding.yaml +++ b/chart/keel/templates/clusterrolebinding.yaml @@ -9,6 +9,6 @@ roleRef: name: {{ template "keel.name" . }} subjects: - kind: ServiceAccount - name: {{ template "keel.name" . }} + name: {{ template "serviceAccount.name" . }} namespace: {{ .Release.Namespace }} {{ end }} diff --git a/chart/keel/templates/deployment.yaml b/chart/keel/templates/deployment.yaml index 85e65816..64d152a3 100644 --- a/chart/keel/templates/deployment.yaml +++ b/chart/keel/templates/deployment.yaml @@ -24,7 +24,7 @@ spec: {{ toYaml . | indent 8 }} {{- end }} spec: - serviceAccountName: {{ template "keel.name" . }} + serviceAccountName: {{ template "serviceAccount.name" . }} containers: - name: keel # Note that we use appVersion to get images tag. diff --git a/chart/keel/templates/service-account.yaml b/chart/keel/templates/service-account.yaml index 51344435..b862fd03 100644 --- a/chart/keel/templates/service-account.yaml +++ b/chart/keel/templates/service-account.yaml @@ -1,7 +1,8 @@ +{{- if .Values.rbac.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount metadata: - name: {{ template "keel.name" . }} + name: {{ template "serviceAccount.name" . }} namespace: {{ .Release.Namespace }} {{- if (and .Values.ecr.enabled .Values.ecr.roleArn) }} annotations: @@ -12,3 +13,4 @@ metadata: chart: {{ template "keel.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} +{{ end }} \ No newline at end of file diff --git a/chart/keel/values.yaml b/chart/keel/values.yaml index 00b485d9..c8d7a89f 100644 --- a/chart/keel/values.yaml +++ b/chart/keel/values.yaml @@ -130,6 +130,12 @@ keel: # RBAC manifests management rbac: enabled: true + serviceAccount: + # Kubernetes service account name to be used for ClusterRoleBinding and Deployment. + #name: + # Create a new Kubernetes service account automatically. Set to false if you want to use your own service account. + # If rbac.serviceAccount.name is not set, a new name for the service account is generated + create: true # Resources resources: From f20c2f8c168ba89e715bf71d54f2aa399ca39821 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cagatay=20G=C3=BCrt=C3=BCrk?= Date: Sun, 19 Jan 2020 15:36:43 +0100 Subject: [PATCH 2/4] Fix the helper --- chart/keel/templates/_helpers.tpl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/chart/keel/templates/_helpers.tpl b/chart/keel/templates/_helpers.tpl index 30588884..9df65551 100644 --- a/chart/keel/templates/_helpers.tpl +++ b/chart/keel/templates/_helpers.tpl @@ -7,10 +7,10 @@ Expand the name of the chart. {{- end -}} {{- define "serviceAccount.name" -}} -{{- if .Values.rbac.serviceAccount.create -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} +{{- if .Values.rbac.serviceAccount.name -}} {{- .Values.rbac.serviceAccount.name -}} +{{- else -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- end -}} From bd420ff7cf1767f8090665090094582229f43a14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=87a=C4=9Fatay=20G=C3=BCrt=C3=BCrk?= Date: Tue, 21 Jan 2020 21:13:01 +0100 Subject: [PATCH 3/4] Bump chart version --- chart/keel/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chart/keel/Chart.yaml b/chart/keel/Chart.yaml index 78c63a4d..306acc1e 100644 --- a/chart/keel/Chart.yaml +++ b/chart/keel/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: keel description: Open source, tool for automating Kubernetes deployment updates. Keel is stateless, robust and lightweight. -version: 0.8.16 +version: 0.8.17 # Note that we use appVersion to get images tag, so make sure this is correct. appVersion: 0.15.0-rc1 keywords: From 6ab946b5fa288f48238460963d16f5215801df97 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=87a=C4=9Fatay=20G=C3=BCrt=C3=BCrk?= Date: Fri, 24 Jan 2020 12:10:26 +0100 Subject: [PATCH 4/4] Update values.yaml --- chart/keel/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chart/keel/values.yaml b/chart/keel/values.yaml index c8d7a89f..731fc9ca 100644 --- a/chart/keel/values.yaml +++ b/chart/keel/values.yaml @@ -132,7 +132,7 @@ rbac: enabled: true serviceAccount: # Kubernetes service account name to be used for ClusterRoleBinding and Deployment. - #name: + # name: # Create a new Kubernetes service account automatically. Set to false if you want to use your own service account. # If rbac.serviceAccount.name is not set, a new name for the service account is generated create: true