justusbunsi
5e5496f15d
### Description of the change This adds a new values object `serviceAccount`, that allows creating a dedicated ServiceAccount with the Helm Release into the cluster. It supports all common options like labels, annotations, name override (or referring to an externally created ServiceAccount), auto-mount token, image pull secrets. It supersedes the stale PR #357. ### Benefits Users can deploy Gitea with more fine-tuned security settings. ### Applicable issues - related to #448 ### Additional information I've bumped the helm-unittest plugin in the CI build, to be able to use the `exists` and `notExists` feature in the new tests. ### Checklist - [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/451 Reviewed-by: pat-s <pat-s@noreply.gitea.com> Co-authored-by: justusbunsi <sk.bunsenbrenner@gmail.com> Co-committed-by: justusbunsi <sk.bunsenbrenner@gmail.com>
22 lines
657 B
YAML
22 lines
657 B
YAML
{{- if .Values.serviceAccount.create }}
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: {{ include "gitea.serviceAccountName" . }}
|
|
namespace: {{ .Release.Namespace | quote }}
|
|
labels:
|
|
{{- include "gitea.labels" . | nindent 4 }}
|
|
{{- with .Values.serviceAccount.labels }}
|
|
{{- . | toYaml | nindent 4 }}
|
|
{{- end }}
|
|
{{- with .Values.serviceAccount.annotations }}
|
|
annotations:
|
|
{{- . | toYaml | nindent 4 }}
|
|
{{- end }}
|
|
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
|
|
{{- with .Values.serviceAccount.imagePullSecrets }}
|
|
imagePullSecrets:
|
|
{{- . | toYaml | nindent 2 }}
|
|
{{- end }}
|
|
{{- end }}
|