From 08de54480f187735a07cb908671a60292bdb1cfa Mon Sep 17 00:00:00 2001 From: Alessandro Cattapan Date: Wed, 6 Nov 2024 23:09:52 +0100 Subject: [PATCH 1/2] Updated documentation --- charts/pega/README.md | 11 +++++++++++ charts/pega/charts/installer/values.yaml | 2 ++ 2 files changed, 13 insertions(+) diff --git a/charts/pega/README.md b/charts/pega/README.md index 78ea187ba..b5414e279 100644 --- a/charts/pega/README.md +++ b/charts/pega/README.md @@ -1181,6 +1181,17 @@ installer: label: value ``` +### Installer Service Account + +If the installer pod needs to be run with a specific [service account](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/), you can specify a custom `serviceAccountName` for your jobs. + +Example: + +```yaml +installer: + serviceAccountName: MY_INSTALLER_SERVICE_ACCOUNT_NAME +``` + ### Mount the custom certificates into the Tomcat container Pega supports mounting and passing custom certificates into the tomcat container during your Pega Platform deployment. Pega supports the following certificate formats as long as they are encoded in base64: X.509 certificates such as PEM, DER, CER, CRT. To mount and pass the your custom certificates, use the `certificates` attributes as a map in the `values.yaml` file using the format in the following example. diff --git a/charts/pega/charts/installer/values.yaml b/charts/pega/charts/installer/values.yaml index 579c44dd1..886a5016a 100644 --- a/charts/pega/charts/installer/values.yaml +++ b/charts/pega/charts/installer/values.yaml @@ -34,6 +34,8 @@ bypassLoadEngineClasses: "false" bypassLoadAssembledClasses: "false" # If 'true', Helm will wait for the install or upgrade to finish, and only succeed if the job completes without error. waitForJobCompletion: "false" +# Specify specific service account +# serviceAccountName: MY_INSTALLER_SERVICE_ACCOUNT_NAME threads: # Maximum Idle Thread.Default is 5 maxIdle: 5 From f32ef4720a7f50b0be660dc23678307b1407e6c9 Mon Sep 17 00:00:00 2001 From: Alessandro Cattapan Date: Wed, 6 Nov 2024 23:13:34 +0100 Subject: [PATCH 2/2] Fixed typo in addons --- charts/addons/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/addons/README.md b/charts/addons/README.md index 66d733f1c..5a0400879 100644 --- a/charts/addons/README.md +++ b/charts/addons/README.md @@ -98,7 +98,7 @@ When deploying on Azure AKS, you can use an Application Gateway Ingress Controll After you create the deployment ingress controller, in the Addons Helm chart, disable Traefik (set `traefik.enabled` to `false`), enable AGIC (set `ingress-azure.enabled` to `true`) and add the AGIC gateway configuration details from your AKS deployment. -To authenticate with the AGIC in your AKS cluster, generate a kubernetes secret from an Active Directory Service Principal that is based on your AKS subscription ID. You must encode the Service Principal with base64 and add the result to the `armAuth.secretJSON` field. For details, see the comments in the addons [values.yaml](/values.yaml) or the [AKS runbook](../../docs/Deploying-Pega-on-AKS.md). +To authenticate with the AGIC in your AKS cluster, generate a kubernetes secret from an Active Directory Service Principal that is based on your AKS subscription ID. You must encode the Service Principal with base64 and add the result to the `armAuth.secretJSON` field. For details, see the comments in the addons [values.yaml](./values.yaml) or the [AKS runbook](../../docs/Deploying-Pega-on-AKS.md). As an authentication alternative, you can configure an AAD Pod Identity to manage authentication access with the AGIC in your cluster via the Azure Resource Manager. For details, see [Set up AAD Pod Identity](https://docs.microsoft.com/en-us/azure/application-gateway/ingress-controller-install-existing#set-up-aad-pod-identity).