added optional ServiceAccounts to coordinating-deploy.yaml, data-statefulset.yaml, master-statefulset.yaml and serviceaccount.yaml

John Funk · John Funk · commit bc20a96d331a · 2019-12-20T15:27:43.000+01:00
- ServiceAccounts are disabled by default in the Values.yaml
diff --git a/bitnami/elasticsearch/templates/coordinating-deploy.yaml b/bitnami/elasticsearch/templates/coordinating-deploy.yaml
@@ -27,6 +27,9 @@ spec:
       {{- if .Values.coordinating.tolerations }}
       tolerations: {{- include "elasticsearch.tplValue" (dict "value" .Values.coordinating.tolerations "context" $) | nindent 8 }}
       {{- end }}
+      {{- if .Values.coordinating.serviceAccount.create }}
+      serviceAccountName: {{ .Values.coordinating.serviceAccount.name | default (include "elasticsearch.coordinating.fullname" .) }}
+      {{- end }}
       {{- if .Values.coordinating.securityContext.enabled }}
       securityContext:
         fsGroup: {{ .Values.coordinating.securityContext.fsGroup }}
diff --git a/bitnami/elasticsearch/templates/data-statefulset.yaml b/bitnami/elasticsearch/templates/data-statefulset.yaml
@@ -36,6 +36,9 @@ spec:
       {{- if .Values.data.tolerations }}
       tolerations: {{- include "elasticsearch.tplValue" (dict "value" .Values.data.tolerations "context" $) | nindent 8 }}
       {{- end }}
+      {{- if .Values.data.serviceAccount.create }}
+      serviceAccountName: {{ .Values.data.serviceAccount.name | default (include "elasticsearch.data.fullname" .) }}
+      {{- end }}
       {{- if .Values.data.securityContext.enabled }}
       securityContext:
         fsGroup: {{ .Values.data.securityContext.fsGroup }}
diff --git a/bitnami/elasticsearch/templates/master-statefulset.yaml b/bitnami/elasticsearch/templates/master-statefulset.yaml
@@ -28,6 +28,9 @@ spec:
       {{- if .Values.master.tolerations }}
       tolerations: {{- include "elasticsearch.tplValue" (dict "value" .Values.master.tolerations "context" $) | nindent 8 }}
       {{- end }}
+      {{- if .Values.master.serviceAccount.create }}
+      serviceAccountName: {{ .Values.master.serviceAccount.name | default (include "elasticsearch.master.fullname" .) }}
+      {{- end }}
       {{- if .Values.master.securityContext.enabled }}
       securityContext:
         fsGroup: {{ .Values.master.securityContext.fsGroup }}
diff --git a/bitnami/elasticsearch/templates/serviceaccount.yaml b/bitnami/elasticsearch/templates/serviceaccount.yaml
@@ -6,3 +6,30 @@ metadata:
   labels: {{- include "elasticsearch.labels" . | nindent 4 }}
     role: curator
 {{- end }}
+---
+{{- if .Values.data.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.data.serviceAccount.name | default (include "elasticsearch.data.fullname" .) }}
+  labels: {{- include "elasticsearch.labels" . | nindent 4 }}
+    role: data
+{{- end }}
+---
+{{- if .Values.master.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.master.serviceAccount.name | default (include "elasticsearch.master.fullname" .) }}
+  labels: {{- include "elasticsearch.labels" . | nindent 4 }}
+    role: master
+{{- end }}
+---
+{{- if .Values.coordinating.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.coordinating.serviceAccount.name | default (include "elasticsearch.coordinating.fullname" .) }}
+  labels: {{- include "elasticsearch.labels" . | nindent 4 }}
+    role: coordinating-only
+{{- end }}
diff --git a/bitnami/elasticsearch/values.yaml b/bitnami/elasticsearch/values.yaml
@@ -239,6 +239,14 @@ master:
     ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
     ##
     # loadBalancerIP:
+  ## Provide functionality to use RBAC
+  ##
+  serviceAccount:
+    ## Specifies whether a ServiceAccount should be created for the master node
+    create: false
+    ## The name of the ServiceAccount to use.
+    ## If not set and create is true, a name is generated using the fullname template
+    name:
 
 ## Elasticsearch coordinating-only node parameters
 ##
@@ -321,6 +329,16 @@ coordinating:
     ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
     ##
     # loadBalancerIP:
+  ## Provide functionality to use RBAC
+  ##
+  serviceAccount:
+    ## Specifies whether a ServiceAccount should be created for the coordinating node
+    ##
+    create: false
+    ## The name of the ServiceAccount to use.
+    ## If not set and create is true, a name is generated using the fullname template
+    ##
+    name:
 
 ## Elasticsearch data node parameters
 ##
@@ -413,6 +431,16 @@ data:
     ## Persistent Volume size
     ##
     size: 8Gi
+  ## Provide functionality to use RBAC
+  ##
+  serviceAccount:
+    ## Specifies whether a ServiceAccount should be created for the data node
+    ##
+    create: false
+    ## The name of the ServiceAccount to use.
+    ## If not set and create is true, a name is generated using the fullname template
+    ##
+    name:
 
 ## Elasticsearch ingest node parameters
 ##
