feat(helm): Sidecar and Service Account Update (#509)

* updated templates for service account and deployment for workload identity and / or extra containers

Author: jluckett-panw

helm/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: sql-exporter
 description: Database-agnostic SQL exporter for Prometheus
 type: application
-version: 0.4.5
+version: 0.4.6
 appVersion: 0.14.2
 keywords:
   - exporter

helm/README.md

@@ -39,6 +39,11 @@ helm install sql_exporter/sql-exporter
 | service.port | int | `80` | Service port |
 | service.labels | object | `{}` | Service labels |
 | service.annotations | object | `{}` | Service annotations |
+| extraContainers | object | `{}` |  |
+| serviceAccount.create | bool | `false` |  |
+| serviceAccount.annotations | object | `{}` |  |
+| serviceAccount.name | string | `""` |  |
+| serviceAccount.automountServiceAccountToken | bool | `false` |  |
 | resources | object | `{}` | Resource limits and requests for the application controller pods |
 | podLabels | object | `{}` | Pod labels |
 | podAnnotations | object | `{}` | Pod annotations |

helm/templates/_helpers.tpl

@@ -50,14 +50,23 @@ app.kubernetes.io/name: {{ include "sql-exporter.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
+{{/*
+Determine if service account needs to be created
+*/}}
+{{- define "sql-exporter.createServiceAccount" -}}
+{{- with .Values.serviceAccount }}
+{{- default "false" .create }}
+{{- end }}
+{{- end }}
+
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "sql-exporter.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
+{{- if (include "sql-exporter.createServiceAccount" . ) }}
 {{- default (include "sql-exporter.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
-{{- default "default" .Values.serviceAccount.name }}
+{{- "default" }}
 {{- end }}
 {{- end }}
 

helm/templates/deployment.yaml

@@ -29,6 +29,7 @@ spec:
     {{- end }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      serviceAccount: {{ include "sql-exporter.serviceAccountName" . }}
       {{- if eq (include "sql-exporter.volumes" .)  "\"true\"" }}
       volumes:
         {{- if .Values.createConfig }}
@@ -108,6 +109,9 @@ spec:
               protocol: TCP
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
+        {{- with .Values.extraContainers }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

helm/templates/serviceaccount.yaml

@@ -0,0 +1,16 @@
+{{- if (include "sql-exporter.createServiceAccount" . ) }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "sql-exporter.serviceAccountName" . }}
+  {{- with .Values.serviceAccount.annotations}}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- with .Values.serviceAccount.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- include "sql-exporter.labels" . | nindent 4 }}
+automountServiceAccountToken: {{ default "false" .Values.serviceAccount.automountServiceAccountToken }}
+{{- end }}

helm/values.yaml

@@ -2,7 +2,6 @@
 nameOverride: ""
 # -- String to fully override "sql-exporter.fullname"
 fullnameOverride: ""
-
 image:
   # -- Image repository
   repository: burningalchemist/sql_exporter
@@ -11,10 +10,8 @@ image:
   # -- Image tag
   # @default -- `appVersion` value from `Chart.yaml`
   tag: ""
-
 # -- Secrets with credentials to pull images from a private registry
 imagePullSecrets: []
-
 service:
   # -- Service type
   type: ClusterIP
@@ -23,30 +20,40 @@ service:
   # -- Service labels
   labels: {}
   # -- Service annotations
-  annotations:
-    {}
+  annotations: {}
     # example of prometheus usage
     # prometheus.io/scrape: "true"
     # prometheus.io/path: "/metrics"
-
+extraContainers: {}
+#   - name: your_sidecar
+#     image: gcr.io/your_image:your_tag
+#     args:
+#     resources:
+#       requests:{}
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: false
+  # Annotations to add to the service account
+  annotations: {}
+  ## example annotations ##
+  # annotations:
+  #   iam.gke.io/gcp-service-account: my-service-account@gke.url
+  name: ""
+  automountServiceAccountToken: false
 # -- Resource limits and requests for the application controller pods
-resources:
-  {}
+resources: {}
   # limits:
   #   cpu: 100m
   #   memory: 128Mi
   # requests:
   #   cpu: 100m
   #   memory: 128Mi
-
 # -- Pod labels
 podLabels: {}
 # -- Pod annotations
 podAnnotations: {}
-
 # -- Pod security context
-podSecurityContext:
-  {}
+podSecurityContext: {}
   # capabilities:
   #   drop:
   #   - ALL
@@ -55,7 +62,6 @@ podSecurityContext:
   # runAsUser: 1000
 # @ignored
 securityContext: {}
-
 # Prometheus Operator values
 serviceMonitor:
   # -- Enable ServiceMonitor
@@ -68,7 +74,6 @@ serviceMonitor:
   # scrapeTimeout: 10s
   # -- ServiceMonitor metric relabelings
   metricRelabelings: {}
-
 # Additional env variables
 # - kind should be either Secret or ConfigMap
 # - name is the name of the Secret or ConfigMap that should be used