Skip to content

Commit

Permalink
fix: preprovisioned service account unable to be included in deployment
Browse files Browse the repository at this point in the history 
Signed-off-by: Alexander Bartolomey <[email protected]>
  • Loading branch information
@zoomoid
zoomoid committed May 8, 2024
1 parent 208562d commit ad88517
Show file tree
Hide file tree
Showing 3 changed files with 31 additions and 28 deletions.
42 changes: 20 additions & 22 deletions charts/athens-proxy/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "fullname" . }}
name: {{ include "fullname" . }}
labels:
{{- include "athens.metaLabels" . | nindent 4 }}
spec:
Expand All @@ -17,7 +17,7 @@ spec:
{{- end }}
selector:
matchLabels:
app: {{ template "fullname" . }}
app: {{ include "fullname" . }}
release: "{{ .Release.Name }}"
template:
metadata:
Expand All @@ -39,9 +39,7 @@ spec:
runAsUser: 1000
runAsGroup: 1000
{{- end }}
{{- if .Values.serviceAccount.create }}
serviceAccountName: {{ template "fullname" . }}
{{- end }}
serviceAccount: {{ .Values.serviceAccount.name | default ( include "fullname" . ) }}
{{- if .Values.image.pullSecrets }}
imagePullSecrets:
{{- toYaml .Values.image.pullSecrets | nindent 8 }}
Expand All @@ -53,19 +51,19 @@ spec:
command:
- sh
- -c
args: ["cp {{ template "home" . }}/.ssh/id_rsa* /ssh-keys && chmod 400 /ssh-keys/*"]
args: ["cp {{ include "home" . }}/.ssh/id_rsa* /ssh-keys && chmod 400 /ssh-keys/*"]
volumeMounts:
- name: ssh-keys
mountPath: /ssh-keys
{{- $dot := . -}}
{{- range $server := .Values.sshGitServers }}
{{- if $server.existingSecret }}
- name: ssh-git-servers-secret-{{ $server.host | replace "." "-" }}
mountPath: "{{ template "home" $dot }}/.ssh/id_rsa-{{ $server.host }}"
mountPath: "{{ include "home" $dot }}/.ssh/id_rsa-{{ $server.host }}"
subPath: {{ $server.existingSecret.subPath | quote }}
{{- else }}
- name: ssh-git-servers-secret
mountPath: {{ template "home" $dot }}/.ssh/id_rsa-{{ $server.host }}
mountPath: {{ include "home" $dot }}/.ssh/id_rsa-{{ $server.host }}
subPath: id_rsa-{{ $server.host }}
{{- end }}
{{- end }}
Expand All @@ -79,7 +77,7 @@ spec:
{{- end }}
{{- end }}
containers:
- name: {{ template "fullname" . }}
- name: {{ include "fullname" . }}
image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
livenessProbe:
Expand Down Expand Up @@ -109,7 +107,7 @@ spec:
- name: ATHENS_MONGO_STORAGE_URL
valueFrom:
secretKeyRef:
name: {{ template "fullname" . }}-secret
name: {{ include "fullname" . }}-secret
key: ATHENS_MONGO_STORAGE_URL
{{- else if eq .Values.storage.type "s3" }}
- name: AWS_REGION
Expand All @@ -124,21 +122,21 @@ spec:
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: {{ template "fullname" . }}-secret
name: {{ include "fullname" . }}-secret
key: AWS_ACCESS_KEY_ID
{{- end }}
{{- if .Values.storage.s3.secretKey }}
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ template "fullname" . }}-secret
name: {{ include "fullname" . }}-secret
key: AWS_SECRET_ACCESS_KEY
{{- end }}
{{- if .Values.storage.s3.sessionToken }}
- name: AWS_SESSION_TOKEN
valueFrom:
secretKeyRef:
name: {{ template "fullname" . }}-secret
name: {{ include "fullname" . }}-secret
key: AWS_SESSION_TOKEN
{{- end }}
{{- else if eq .Values.storage.type "gcp"}}
Expand All @@ -150,7 +148,7 @@ spec:
- name: ATHENS_STORAGE_GCP_JSON_KEY
valueFrom:
secretKeyRef:
name: {{ template "fullname" . }}-secret
name: {{ include "fullname" . }}-secret
key: ATHENS_STORAGE_GCP_JSON_KEY
{{- end }}
{{- else if eq .Values.storage.type "minio" }}
Expand All @@ -162,14 +160,14 @@ spec:
- name: ATHENS_MINIO_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: {{ template "fullname" . }}-secret
name: {{ include "fullname" . }}-secret
key: ATHENS_MINIO_ACCESS_KEY_ID
{{- end }}
{{- if .Values.storage.minio.secretKey }}
- name: ATHENS_MINIO_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ template "fullname" . }}-secret
name: {{ include "fullname" . }}-secret
key: ATHENS_MINIO_SECRET_ACCESS_KEY
{{- end }}
{{- if .Values.storage.minio.bucket }}
Expand Down Expand Up @@ -226,10 +224,10 @@ spec:
{{- end }}
{{- if .Values.sshGitServers }}
- name: ssh-git-servers-config
mountPath: {{ template "home" . }}/.ssh/config
mountPath: {{ include "home" . }}/.ssh/config
subPath: ssh_config
- name: ssh-git-servers-config
mountPath: {{ template "home" . }}/.gitconfig
mountPath: {{ include "home" . }}/.gitconfig
subPath: git_config
- name: ssh-keys
mountPath: /ssh-keys
Expand Down Expand Up @@ -258,14 +256,14 @@ spec:
- name: storage-volume
{{- if .Values.storage.disk.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ template "fullname" . }}-storage
claimName: {{ include "fullname" . }}-storage
{{- else }}
emptyDir: {}
{{- end }}
{{- if .Values.upstreamProxy.enabled }}
- name: upstream-config
configMap:
name: {{ template "fullname" . }}-upstream
name: {{ include "fullname" . }}-upstream
{{- end }}
{{- if .Values.netrc.enabled }}
- name: netrc
Expand All @@ -277,10 +275,10 @@ spec:
emptyDir: {}
- name: ssh-git-servers-config
configMap:
name: {{ template "fullname" . }}-ssh-git-servers
name: {{ include "fullname" . }}-ssh-git-servers
- name: ssh-git-servers-secret
secret:
secretName: {{ template "fullname" . }}-ssh-git-servers
secretName: {{ include "fullname" . }}-ssh-git-servers
{{- range $server := .Values.sshGitServers }}
{{- if $server.existingSecret }}
- name: ssh-git-servers-secret-{{ $server.host | replace "." "-" }}
Expand Down
4 changes: 2 additions & 2 deletions charts/athens-proxy/templates/service-account.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "fullname" . }}
name: {{ include "fullname" . }}
labels:
{{- include "athens.metaLabels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
13 changes: 9 additions & 4 deletions charts/athens-proxy/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,11 +99,13 @@ priorityClassName: ""

# Container security context configuration (see API reference: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#securitycontext-v1-core)
# This will override the `image.runAsNonRoot` settings in the specified container if `runAsUser` or `runAsGroup` are set
securityContext: {}
securityContext:
{}
# allowPrivilegeEscalation: false
# runAsNonRoot: true

initContainerSecurityContext: {}
initContainerSecurityContext:
{}
# allowPrivilegeEscalation: false
# runAsNonRoot: true

Expand Down Expand Up @@ -160,7 +162,8 @@ jaeger:
# for example, you need to run 'helm install --set jaeger.url=myurl ...'
url: "SET THIS ON THE COMMAND LINE"

sshGitServers: {}
sshGitServers:
{}
## Private git servers over ssh
## to enable uncomment lines with single hash below
## hostname of the git server
Expand Down Expand Up @@ -198,6 +201,7 @@ metrics:
serviceAccount:
create: true
annotations: {}
# name: "athens-proxy"

nodeSelector: {}

Expand Down Expand Up @@ -230,7 +234,8 @@ autoscaling:
targetMemoryUtilizationPercentage: 80
apiVersionOverride: ""
# This is only available on HPA apiVersion `autoscaling/v2beta2` and newer
behavior: {}
behavior:
{}
# scaleDown:
# stabilizationWindowSeconds: 300
# policies:
Expand Down

0 comments on commit ad88517

Please sign in to comment.