add and use serviceAccount

Author: batpad

helm/README.md

@@ -63,6 +63,19 @@ Install using the values file:
 helm install stac-auth-proxy oci://ghcr.io/developmentseed/stac-auth-proxy/charts/stac-auth-proxy -f values.yaml
 ```
 
+### Using Image Pull Secrets
+
+To use private container registries, you can configure image pull secrets:
+
+```yaml
+
+serviceAccount:
+    create: true
+    imagePullSecrets:
+        name: "my-registry-secret"
+```
+
+
 ## Configuration
 
 ### Required Values

helm/templates/_helpers.tpl

@@ -46,4 +46,15 @@ Selector labels
 {{- define "stac-auth-proxy.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "stac-auth-proxy.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "stac-auth-proxy.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "stac-auth-proxy.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
 {{- end }} 

helm/templates/deployment.yaml

@@ -14,6 +14,7 @@ spec:
       labels:
         {{- include "stac-auth-proxy.selectorLabels" . | nindent 8 }}
     spec:
+      serviceAccountName: {{ include "stac-auth-proxy.serviceAccountName" . }}
       securityContext:
         {{- toYaml .Values.securityContext | nindent 8 }}
       containers:

helm/templates/serviceaccount.yaml

@@ -0,0 +1,16 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "stac-auth-proxy.serviceAccountName" . }}
+  labels:
+    {{- include "stac-auth-proxy.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- with .Values.serviceAccount.imagePullSecrets }}
+imagePullSecrets:
+  {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- end }} 

helm/values.schema.yaml

@@ -231,5 +231,30 @@ properties:
             value:
               type: string
 
+  serviceAccount:
+    type: object
+    properties:
+      create:
+        type: boolean
+        description: "Specifies whether a service account should be created"
+      annotations:
+        type: object
+        additionalProperties:
+          type: string
+        description: "Annotations to add to the service account"
+      name:
+        type: string
+        description: "The name of the service account to use. If not set and create is true, a name is generated"
+      imagePullSecrets:
+        type: array
+        description: "Image pull secrets to add to the service account"
+        items:
+          type: object
+          required: ["name"]
+          properties:
+            name:
+              type: string
+              description: "Name of the image pull secret"
+
 required:
   - service 

helm/values.yaml

@@ -84,4 +84,16 @@ config:
   # Additional environment variables
   extraEnv: []
   # - name: CUSTOM_VAR
-  #   value: "custom-value" 
+  #   value: "custom-value" 
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+  # Image pull secrets to add to the service account
+  imagePullSecrets: []
+  # - name: my-registry-secret