helm: add service account for controller, add option to enable it

This commit is contained in:
Jens Langhammer 2020-10-16 21:36:12 +02:00
parent 6b1d30d230
commit b2c571bf1b
6 changed files with 89 additions and 10 deletions

View file

@ -14,7 +14,7 @@ data:
POSTGRESQL__S3_BACKUP__HOST: "{{ .Values.backup.host }}" POSTGRESQL__S3_BACKUP__HOST: "{{ .Values.backup.host }}"
{{- end}} {{- end}}
REDIS__HOST: "{{ .Release.Name }}-redis-master" REDIS__HOST: "{{ .Release.Name }}-redis-master"
ERROR_REPORTING__ENABLED: "{{ .Values.config.error_reporting.enabled }}" ERROR_REPORTING__ENABLED: "{{ .Values.config.errorReporting.enabled }}"
ERROR_REPORTING__ENVIRONMENT: "{{ .Values.config.error_reporting.environment }}" ERROR_REPORTING__ENVIRONMENT: "{{ .Values.config.errorReporting.environment }}"
ERROR_REPORTING__SEND_PII: "{{ .Values.config.error_reporting.send_pii }}" ERROR_REPORTING__SEND_PII: "{{ .Values.config.errorReporting.sendPii }}"
LOG_LEVEL: "{{ .Values.config.log_level }}" LOG_LEVEL: "{{ .Values.config.logLevel }}"

View file

@ -5,8 +5,8 @@ metadata:
name: {{ include "passbook.fullname" . }}-secret-key name: {{ include "passbook.fullname" . }}-secret-key
data: data:
monitoring_username: bW9uaXRvcg== # monitor in base64 monitoring_username: bW9uaXRvcg== # monitor in base64
{{- if .Values.config.secret_key }} {{- if .Values.config.secretKey }}
secret_key: {{ .Values.config.secret_key | b64enc | quote }} secret_key: {{ .Values.config.secretKey | b64enc | quote }}
{{- else }} {{- else }}
secret_key: {{ randAlphaNum 50 | b64enc | quote}} secret_key: {{ randAlphaNum 50 | b64enc | quote}}
{{- end }} {{- end }}

View file

@ -0,0 +1,53 @@
{{- if .Values.kubernetesIntegration }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "passbook.fullname" . }}-sa-role
rules:
- apiGroups:
- ""
resources:
- secrets
- services
verbs:
- "get"
- "create"
- "delete"
- "read"
- "patch"
- apiGroups:
- "extensions"
- "apps"
resources:
- "deployments"
verbs:
- "get"
- "create"
- "delete"
- "read"
- "patch"
- apiGroups:
- ""
resources:
- namespaces
verbs:
- list
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "passbook.fullname" . }}-sa
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "passbook.fullname" . }}-sa-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "passbook.fullname" . }}-sa-role
subjects:
- kind: ServiceAccount
name: {{ include "passbook.fullname" . }}-sa
namespace: {{ .Release.Namespace }}
{{- end }}

View file

@ -22,6 +22,9 @@ spec:
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
k8s.passbook.beryju.org/component: worker k8s.passbook.beryju.org/component: worker
spec: spec:
{{- if .Values.kubernetesIntegration }}
serviceAccountName: {{ include "passbook.fullname" . }}-sa
{{- end }}
affinity: affinity:
podAntiAffinity: podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution: preferredDuringSchedulingIgnoredDuringExecution:

21
helm/values.test.yaml Normal file
View file

@ -0,0 +1,21 @@
image:
tag: gh-master
serverReplicas: 1
workerReplicas: 1
config:
# Log level used by web and worker
# Can be either debug, info, warning, error
logLevel: debug
ingress:
hosts:
- passbook.127.0.0.1.nip.io
# These values influence the bundled postgresql and redis charts, but are also used by passbook to connect
postgresql:
postgresqlPassword: EK-5jnKfjrGRm<77
redis:
password: password

View file

@ -11,17 +11,19 @@ nameOverride: ""
serverReplicas: 1 serverReplicas: 1
workerReplicas: 1 workerReplicas: 1
kubernetesIntegration: true
config: config:
# Optionally specify fixed secret_key, otherwise generated automatically # Optionally specify fixed secret_key, otherwise generated automatically
# secret_key: _k*@6h2u2@q-dku57hhgzb7tnx*ba9wodcb^s9g0j59@=y(@_o # secretKey: _k*@6h2u2@q-dku57hhgzb7tnx*ba9wodcb^s9g0j59@=y(@_o
# Enable error reporting # Enable error reporting
error_reporting: errorReporting:
enabled: false enabled: false
environment: customer environment: customer
send_pii: false sendPii: false
# Log level used by web and worker # Log level used by web and worker
# Can be either debug, info, warning, error # Can be either debug, info, warning, error
log_level: warning logLevel: warning
# Enable Database Backups to S3 # Enable Database Backups to S3
# backup: # backup: