From cf9ffdf9ecbd605827b75c253ac4ce9588352c3e Mon Sep 17 00:00:00 2001 From: Joe Paravisini Date: Mon, 26 Sep 2022 16:09:59 -0400 Subject: [PATCH] Add support for ServiceAccount secrets (closes #58) --- CHANGELOG | 4 ++++ charts/cloudserviceaccount/Chart.yaml | 2 +- charts/cloudserviceaccount/README.md | 1 + .../cloudserviceaccount/templates/serviceaccount.yaml | 11 +++++++++-- charts/cloudserviceaccount/values.yaml | 3 +++ 5 files changed, 18 insertions(+), 3 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 01b530c..7b492ae 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,7 @@ +Version 0.1.22 (2022-09-23) +--------------------------- +charts/cloudserviceaccount: Add support for ServiceAccount secrets (#58) + Version 0.1.21 (2022-09-22) --------------------------- charts/service-deployment: Add support for 'exec' readiness probes in deployment (#56) diff --git a/charts/cloudserviceaccount/Chart.yaml b/charts/cloudserviceaccount/Chart.yaml index e1e825f..5f89acb 100644 --- a/charts/cloudserviceaccount/Chart.yaml +++ b/charts/cloudserviceaccount/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: cloudserviceaccount description: A helm chart which can create a ServiceAccount with cloud specific bindings -version: 0.1.0 +version: 0.2.0 icon: https://raw.githubusercontent.com/snowplow-devops/helm-charts/master/docs/logo/snowplow.png home: https://github.com/snowplow-devops/helm-charts sources: diff --git a/charts/cloudserviceaccount/README.md b/charts/cloudserviceaccount/README.md index 127861e..ca7b877 100644 --- a/charts/cloudserviceaccount/README.md +++ b/charts/cloudserviceaccount/README.md @@ -39,3 +39,4 @@ helm delete cloudserviceaccount | name | string | `"my-service-account"` | Name of the service-account to create | | aws.roleARN | string | `""` | IAM Role ARN to bind to the k8s service account | | gcp.serviceAccount | string | `""` | Service Account email to bind to the k8s service account | +| secrets | list | `[]` | List of secrets allowed to be used by pods running using this ServiceAccount | diff --git a/charts/cloudserviceaccount/templates/serviceaccount.yaml b/charts/cloudserviceaccount/templates/serviceaccount.yaml index 6036fcc..e77d44c 100644 --- a/charts/cloudserviceaccount/templates/serviceaccount.yaml +++ b/charts/cloudserviceaccount/templates/serviceaccount.yaml @@ -2,11 +2,18 @@ apiVersion: v1 kind: ServiceAccount metadata: + namespace: {{ .Release.Namespace }} name: {{ .Values.name }} annotations: - {{- if eq .Values.global.cloud "gcp" }} + {{- if and (eq .Values.global.cloud "gcp") (.Values.gcp.serviceAccount) }} iam.gke.io/gcp-service-account: {{ .Values.gcp.serviceAccount }} - {{- else if eq .Values.global.cloud "aws" }} + {{- else if and (eq .Values.global.cloud "aws") (.Values.aws.roleARN) }} eks.amazonaws.com/role-arn: {{ .Values.aws.roleARN }} {{- end }} +{{- if .Values.secrets }} +secrets: +{{- range $v := .Values.secrets }} +- name: {{ $v }} +{{- end }} +{{- end }} {{- end }} diff --git a/charts/cloudserviceaccount/values.yaml b/charts/cloudserviceaccount/values.yaml index f872187..983162b 100644 --- a/charts/cloudserviceaccount/values.yaml +++ b/charts/cloudserviceaccount/values.yaml @@ -8,3 +8,6 @@ aws: gcp: # -- Service Account email to bind to the k8s service account serviceAccount: "" +# -- List of secrets allowed to be used by pods running using this ServiceAccount +secrets: [] +# - ssl-certificates