helm: add service account for controller, add option to enable it
This commit is contained in:
parent
6b1d30d230
commit
b2c571bf1b
|
@ -14,7 +14,7 @@ data:
|
||||||
POSTGRESQL__S3_BACKUP__HOST: "{{ .Values.backup.host }}"
|
POSTGRESQL__S3_BACKUP__HOST: "{{ .Values.backup.host }}"
|
||||||
{{- end}}
|
{{- end}}
|
||||||
REDIS__HOST: "{{ .Release.Name }}-redis-master"
|
REDIS__HOST: "{{ .Release.Name }}-redis-master"
|
||||||
ERROR_REPORTING__ENABLED: "{{ .Values.config.error_reporting.enabled }}"
|
ERROR_REPORTING__ENABLED: "{{ .Values.config.errorReporting.enabled }}"
|
||||||
ERROR_REPORTING__ENVIRONMENT: "{{ .Values.config.error_reporting.environment }}"
|
ERROR_REPORTING__ENVIRONMENT: "{{ .Values.config.errorReporting.environment }}"
|
||||||
ERROR_REPORTING__SEND_PII: "{{ .Values.config.error_reporting.send_pii }}"
|
ERROR_REPORTING__SEND_PII: "{{ .Values.config.errorReporting.sendPii }}"
|
||||||
LOG_LEVEL: "{{ .Values.config.log_level }}"
|
LOG_LEVEL: "{{ .Values.config.logLevel }}"
|
||||||
|
|
|
@ -5,8 +5,8 @@ metadata:
|
||||||
name: {{ include "passbook.fullname" . }}-secret-key
|
name: {{ include "passbook.fullname" . }}-secret-key
|
||||||
data:
|
data:
|
||||||
monitoring_username: bW9uaXRvcg== # monitor in base64
|
monitoring_username: bW9uaXRvcg== # monitor in base64
|
||||||
{{- if .Values.config.secret_key }}
|
{{- if .Values.config.secretKey }}
|
||||||
secret_key: {{ .Values.config.secret_key | b64enc | quote }}
|
secret_key: {{ .Values.config.secretKey | b64enc | quote }}
|
||||||
{{- else }}
|
{{- else }}
|
||||||
secret_key: {{ randAlphaNum 50 | b64enc | quote}}
|
secret_key: {{ randAlphaNum 50 | b64enc | quote}}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
53
helm/templates/service-account.yaml
Normal file
53
helm/templates/service-account.yaml
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
{{- if .Values.kubernetesIntegration }}
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
name: {{ include "passbook.fullname" . }}-sa-role
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- secrets
|
||||||
|
- services
|
||||||
|
verbs:
|
||||||
|
- "get"
|
||||||
|
- "create"
|
||||||
|
- "delete"
|
||||||
|
- "read"
|
||||||
|
- "patch"
|
||||||
|
- apiGroups:
|
||||||
|
- "extensions"
|
||||||
|
- "apps"
|
||||||
|
resources:
|
||||||
|
- "deployments"
|
||||||
|
verbs:
|
||||||
|
- "get"
|
||||||
|
- "create"
|
||||||
|
- "delete"
|
||||||
|
- "read"
|
||||||
|
- "patch"
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- namespaces
|
||||||
|
verbs:
|
||||||
|
- list
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: {{ include "passbook.fullname" . }}-sa
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
name: {{ include "passbook.fullname" . }}-sa-role-binding
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: {{ include "passbook.fullname" . }}-sa-role
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: {{ include "passbook.fullname" . }}-sa
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
{{- end }}
|
|
@ -22,6 +22,9 @@ spec:
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
k8s.passbook.beryju.org/component: worker
|
k8s.passbook.beryju.org/component: worker
|
||||||
spec:
|
spec:
|
||||||
|
{{- if .Values.kubernetesIntegration }}
|
||||||
|
serviceAccountName: {{ include "passbook.fullname" . }}-sa
|
||||||
|
{{- end }}
|
||||||
affinity:
|
affinity:
|
||||||
podAntiAffinity:
|
podAntiAffinity:
|
||||||
preferredDuringSchedulingIgnoredDuringExecution:
|
preferredDuringSchedulingIgnoredDuringExecution:
|
||||||
|
|
21
helm/values.test.yaml
Normal file
21
helm/values.test.yaml
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
image:
|
||||||
|
tag: gh-master
|
||||||
|
|
||||||
|
serverReplicas: 1
|
||||||
|
workerReplicas: 1
|
||||||
|
|
||||||
|
config:
|
||||||
|
# Log level used by web and worker
|
||||||
|
# Can be either debug, info, warning, error
|
||||||
|
logLevel: debug
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
hosts:
|
||||||
|
- passbook.127.0.0.1.nip.io
|
||||||
|
|
||||||
|
# These values influence the bundled postgresql and redis charts, but are also used by passbook to connect
|
||||||
|
postgresql:
|
||||||
|
postgresqlPassword: EK-5jnKfjrGRm<77
|
||||||
|
|
||||||
|
redis:
|
||||||
|
password: password
|
|
@ -11,17 +11,19 @@ nameOverride: ""
|
||||||
serverReplicas: 1
|
serverReplicas: 1
|
||||||
workerReplicas: 1
|
workerReplicas: 1
|
||||||
|
|
||||||
|
kubernetesIntegration: true
|
||||||
|
|
||||||
config:
|
config:
|
||||||
# Optionally specify fixed secret_key, otherwise generated automatically
|
# Optionally specify fixed secret_key, otherwise generated automatically
|
||||||
# secret_key: _k*@6h2u2@q-dku57hhgzb7tnx*ba9wodcb^s9g0j59@=y(@_o
|
# secretKey: _k*@6h2u2@q-dku57hhgzb7tnx*ba9wodcb^s9g0j59@=y(@_o
|
||||||
# Enable error reporting
|
# Enable error reporting
|
||||||
error_reporting:
|
errorReporting:
|
||||||
enabled: false
|
enabled: false
|
||||||
environment: customer
|
environment: customer
|
||||||
send_pii: false
|
sendPii: false
|
||||||
# Log level used by web and worker
|
# Log level used by web and worker
|
||||||
# Can be either debug, info, warning, error
|
# Can be either debug, info, warning, error
|
||||||
log_level: warning
|
logLevel: warning
|
||||||
|
|
||||||
# Enable Database Backups to S3
|
# Enable Database Backups to S3
|
||||||
# backup:
|
# backup:
|
||||||
|
|
Reference in a new issue