Skip to content

Commit 5fc2af3

Browse files
tamalsahatamalsaha
committed
Use static service account names for aws/gcp credential managers
Signed-off-by: Tamal Saha <tamal@appscode.com>
1 parent 8305860 commit 5fc2af3

File tree

14 files changed

+42
-34
lines changed

14 files changed

+42
-34
lines changed

apis/installer/v1alpha1/aws_credential_manager_types.go

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -77,11 +77,11 @@ type AwsCredentialManagerSpec struct {
7777
// +optional
7878
LivenessProbe *core.Probe `json:"livenessProbe"`
7979
// +optional
80-
ReadinessProbe *core.Probe `json:"readinessProbe"`
81-
Service ServiceSpec `json:"service"`
82-
ServiceAccount ServiceAccountSpec `json:"serviceAccount"`
83-
Volumes []core.Volume `json:"volumes"`
84-
VolumeMounts []core.VolumeMount `json:"volumeMounts"`
80+
ReadinessProbe *core.Probe `json:"readinessProbe"`
81+
Service ServiceSpec `json:"service"`
82+
ServiceAccount StaticServiceAccountSpec `json:"serviceAccount"`
83+
Volumes []core.Volume `json:"volumes"`
84+
VolumeMounts []core.VolumeMount `json:"volumeMounts"`
8585
// +optional
8686
Distro shared.DistroSpec `json:"distro"`
8787
Monitoring Monitoring `json:"monitoring"`

apis/installer/v1alpha1/gcp_credential_manager_types.go

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -77,11 +77,11 @@ type GcpCredentialManagerSpec struct {
7777
// +optional
7878
LivenessProbe *core.Probe `json:"livenessProbe"`
7979
// +optional
80-
ReadinessProbe *core.Probe `json:"readinessProbe"`
81-
Service ServiceSpec `json:"service"`
82-
ServiceAccount ServiceAccountSpec `json:"serviceAccount"`
83-
Volumes []core.Volume `json:"volumes"`
84-
VolumeMounts []core.VolumeMount `json:"volumeMounts"`
80+
ReadinessProbe *core.Probe `json:"readinessProbe"`
81+
Service ServiceSpec `json:"service"`
82+
ServiceAccount StaticServiceAccountSpec `json:"serviceAccount"`
83+
Volumes []core.Volume `json:"volumes"`
84+
VolumeMounts []core.VolumeMount `json:"volumeMounts"`
8585
// +optional
8686
Distro shared.DistroSpec `json:"distro"`
8787
Monitoring Monitoring `json:"monitoring"`

apis/installer/v1alpha1/types.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,12 @@ type ServiceAccountSpec struct {
4242
Annotations map[string]string `json:"annotations"`
4343
}
4444

45+
type StaticServiceAccountSpec struct {
46+
Create bool `json:"create"`
47+
//+optional
48+
Annotations map[string]string `json:"annotations"`
49+
}
50+
4551
// +kubebuilder:validation:Enum=prometheus.io;prometheus.io/operator;prometheus.io/builtin
4652
type MonitoringAgent string
4753

apis/installer/v1alpha1/zz_generated.deepcopy.go

Lines changed: 22 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

charts/aws-credential-manager/README.md

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,6 @@ The following table lists the configurable parameters of the `aws-credential-man
5858
| fullnameOverride | | <code>""</code> |
5959
| serviceAccount.create | Specifies whether a service account should be created | <code>true</code> |
6060
| serviceAccount.annotations | Annotations to add to the service account | <code>{}</code> |
61-
| serviceAccount.name | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | <code>""</code> |
6261
| podAnnotations | | <code>{}</code> |
6362
| podLabels | | <code>{}</code> |
6463
| podSecurityContext | | <code>{}</code> |

charts/aws-credential-manager/templates/_helpers.tpl

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -54,11 +54,7 @@ app.kubernetes.io/instance: {{ .Release.Name }}
5454
Create the name of the service account to use
5555
*/}}
5656
{{- define "aws-credential-manager.serviceAccountName" -}}
57-
{{- if .Values.serviceAccount.create }}
58-
{{- default (include "aws-credential-manager.fullname" .) .Values.serviceAccount.name }}
59-
{{- else }}
60-
{{- default "default" .Values.serviceAccount.name }}
61-
{{- end }}
57+
aws-credential-manager
6258
{{- end }}
6359

6460
{{/*

charts/aws-credential-manager/templates/serviceaccount.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
apiVersion: v1
33
kind: ServiceAccount
44
metadata:
5-
name: aws-credential-manager
5+
name: {{ include "aws-credential-manager.serviceAccountName" . }}
66
namespace: {{ .Release.Namespace }}
77
labels:
88
{{- include "aws-credential-manager.labels" . | nindent 4 }}

charts/aws-credential-manager/values.openapiv3_schema.yaml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -931,8 +931,6 @@ properties:
931931
type: object
932932
create:
933933
type: boolean
934-
name:
935-
type: string
936934
required:
937935
- create
938936
type: object

charts/aws-credential-manager/values.yaml

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -21,9 +21,6 @@ serviceAccount:
2121
create: true
2222
# Annotations to add to the service account
2323
annotations: {}
24-
# The name of the service account to use.
25-
# If not set and create is true, a name is generated using the fullname template
26-
name: ""
2724
podAnnotations: {}
2825
podLabels: {}
2926
podSecurityContext: {}

charts/gcp-credential-manager/README.md

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,6 @@ The following table lists the configurable parameters of the `gcp-credential-man
5858
| fullnameOverride | | <code>""</code> |
5959
| serviceAccount.create | Specifies whether a service account should be created | <code>true</code> |
6060
| serviceAccount.annotations | Annotations to add to the service account | <code>{}</code> |
61-
| serviceAccount.name | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | <code>""</code> |
6261
| podAnnotations | | <code>{}</code> |
6362
| podLabels | | <code>{}</code> |
6463
| podSecurityContext | | <code>{}</code> |

0 commit comments

Comments
 (0)