Skip to content

Commit b8ea795

Browse files
No9No9
authored
Merge pull request #160 from usimd/main
Add service account token secret I ran some tests last recently against IKS/ROKS > 1.24 and it ran fine without this change so lets keep it as is for now and we can apply the updates as folks in other environments update.
2 parents 6bb4ca8 + ff16805 commit b8ea795

File tree

4 files changed

+18
-0
lines changed

4 files changed

+18
-0
lines changed

charts/core-dump-handler/README.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -326,3 +326,7 @@ Daemonset
326326
* envFrom: Array of [EnvFromSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#envfromsource-v1-core) to inject into main container.
327327
* sidecarContainers: Array of [Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#container-v1-core) to define as part of the pod.
328328
* updateStrategy: [DaemonsetUpdateStrategy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#daemonsetupdatestrategy-v1-apps) is a struct used to control the update strategy for the DaemonSet.
329+
330+
Service account:
331+
* useToken: automatically create a service account token secret
332+
* tokenSecretName: name of the service account token secret to create if `serviceAccount.useToken` is `true` (Default: "core-dump-service-account-token")

charts/core-dump-handler/templates/sa-token-secret.yaml

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
{{- if .Values.serviceAccount.useToken }}
2+
apiVersion: v1
3+
kind: Secret
4+
metadata:
5+
name: {{ default "core-dump-service-account-token" .Values.serviceAccount.tokenSecretName }}
6+
annotations:
7+
kubernetes.io/service-account.name: {{ include "core-dump-handler.serviceAccountName" . }}
8+
type: kubernetes.io/service-account-token
9+
{{- end }}

charts/core-dump-handler/values.aws.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,3 +2,6 @@
22
daemonset:
33
includeCrioExe: true
44
vendor: rhel7 # EKS EC2 images have an old libc=2.26
5+
6+
serviceAccount:
7+
useToken: true

charts/core-dump-handler/values.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,8 @@ serviceAccount:
6464
name: "core-dump-admin"
6565
# annotations:
6666
# eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here
67+
useToken: false
68+
tokenSecretName: core-dump-service-account-token
6769

6870
# OpenShift specific for SecurityContextConstraints
6971
scc:

0 commit comments

Comments
 (0)