gitea/helm-gitea
Fork 169
Code Issues 54 Pull Requests 13 Actions Releases 103 Activity

Add support for ServiceAccount configuration (#451)

Browse Source 
### Description of the change This adds a new values object `serviceAccount`, that allows creating a dedicated ServiceAccount with the Helm Release into the cluster. It supports all common options like labels, annotations, name override (or referring to an externally created ServiceAccount), auto-mount token, image pull secrets. It supersedes the stale PR #357. ### Benefits Users can deploy Gitea with more fine-tuned security settings. ### Applicable issues - related to #448 ### Additional information I've bumped the helm-unittest plugin in the CI build, to be able to use the `exists` and `notExists` feature in the new tests. ### Checklist - [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) Reviewed-on: gitea/helm-chart#451 Reviewed-by: pat-s <pat-s@noreply.gitea.com> Co-authored-by: justusbunsi <sk.bunsenbrenner@gmail.com> Co-committed-by: justusbunsi <sk.bunsenbrenner@gmail.com>
This commit was merged in pull request #451.
This commit is contained in:
justusbunsi
2023-05-31 08:47:58 +00:00
committed by pat-s
parent 0ca013647d
commit 5e5496f15d
9 changed files with 173 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
templates/_helpers.tpl
View File

@@ -311,3 +311,7 @@ https
{{- define "gitea.gpg-key-secret-name" -}}
{{ default (printf "%s-gpg-key" (include "gitea.fullname" .)) .Values.signing.existingSecret }}
{{- end -}}
{{- define "gitea.serviceAccountName" -}}
{{ .Values.serviceAccount.name | default (include "gitea.fullname" .) }}
{{- end -}}

21
templates/gitea/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,21 @@
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "gitea.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "gitea.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.labels }}
{{- . | toYaml | nindent 4 }}
{{- end }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- . | toYaml | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
{{- with .Values.serviceAccount.imagePullSecrets }}
imagePullSecrets:
{{- . | toYaml | nindent 2 }}
{{- end }}
{{- end }}

3
templates/gitea/statefulset.yaml
View File

@@ -39,6 +39,9 @@ spec:
{{- if .Values.schedulerName }}
schedulerName: "{{ .Values.schedulerName }}"
{{- end }}
{{- if (or .Values.serviceAccount.create .Values.serviceAccount.name) }}
serviceAccountName: {{ include "gitea.serviceAccountName" . }}
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: "{{ .Values.priorityClassName }}"
{{- end }}