truenas/chart
1
0
Fork 0
mirror of https://github.com/truenas/charts.git synced 2026-02-09 13:26:55 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
e8e998f81e94de23d92f0973b82f182b35e141cd
chart/library/common/docs/serviceAccount.md
Stavros Kois 929e60d801 NAS-121003 / 23.10 / Adapt charts CI and improve/fix common (#1011) 
* Adapt charts CI and improve/fix common

* add check on permissions contaienr

* add postgres template

* update comments

* Update create_app.sh

* add check

* update script

* auto gen item.yaml from Chart,yaml

* rename readme on dest

* duplicate readme from the same source

* correct comment

* reoder

* remove extra space

* keep both README and app-readme

* update regex, to also allow 2 letter names, which is also valid

* No need to check host network if there aren't any pod values

* use same pattern as the pod.name label (not prepending release-name

* update deps

* add chart dirs to ci

* Add a validation to check if there is any yaml errors after merging files

* update charts path on ci

* common/1.0.0/ -> common/

* update common-test dep path

* temp update create_app script

* make permissions container name configurable, incase we want to change order of execution

* update naming convention

* fix typo and a missed name change

* do not allow `--` in names
2023-03-16 17:36:19 +02:00

2.7 KiB
Raw Blame History

Service Account

Key Type Required Helm Template Default Description
serviceAccount dict {} Define the serviceAccount as dicts
serviceAccount.[sa-name] dict {} Holds service account definition
serviceAccount.[sa-name].enabled boolean false Enables or Disables the service account
serviceAccount.[sa-name].primary boolean false Sets the service account as primary
serviceAccount.[sa-name].labels dict (On value only) {} Additional labels for service account
serviceAccount.[sa-name].annotations dict (On value only) {} Additional annotations for service account
serviceAccount.[sa-name].targetSelectAll boolean Whether to assign the serviceAccount to all pods or not
serviceAccount.[sa-name].targetSelector list [] Define the pod(s) to assign the serviceAccount

When targetSelectAll is true, it will assign the serviceAccount to all pods (targetSelector is ignored in this case) When targetSelector is a list, each entry is a string, with the pod name that will be assigned. Can have multiple entries. When targetSelector is a empty, it will assign the serviceAccount to the primary pod

Appears in:

  • .Values.serviceAccount

Naming scheme:

  • Primary: $FullName (release-name-chart-name)
  • Non-Primary: $FullName-$ServiceAccountName (release-name-chart-name-ServiceAccountName)

Notes:

By default the automountServiceAccountToken is set to false for all service accounts. You have to explicitly set it to true on per pod(workload) basis with workload.[workload-name].podSpec.automountServiceAccountToken

Examples:

serviceAccount:
  sa-name:
    enabled: true
    primary: true
    labels:
      key: value
      keytpl: "{{ .Values.some.value }}"
    annotations:
      key: value
      keytpl: "{{ .Values.some.value }}"
    targetSelectAll: true

  other-sa-name:
    enabled: true
    targetSelector:
      - pod-name
      - other-pod-name
Reference in New Issue View Git Blame Copy Permalink