diff --git a/charts/brigade/Chart.yaml b/charts/brigade/Chart.yaml index af7f6bfb3..73223ed30 100644 --- a/charts/brigade/Chart.yaml +++ b/charts/brigade/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 description: Brigade provides event-driven scripting of Kubernetes pipelines. name: brigade -version: 0.15.0 +version: 0.15.1 # Note that we use appVersion to get images, so make sure this is correct. appVersion: v0.15.0 diff --git a/charts/brigade/templates/controller-deployment.yaml b/charts/brigade/templates/controller-deployment.yaml index 2fa108bdf..5be2b22b5 100644 --- a/charts/brigade/templates/controller-deployment.yaml +++ b/charts/brigade/templates/controller-deployment.yaml @@ -34,6 +34,6 @@ spec: - name: BRIGADE_WORKER_PULL_POLICY value: {{ default "IfNotPresent" .Values.worker.pullPolicy }} - name: BRIGADE_WORKER_SERVICE_ACCOUNT - value: {{ default "brigade-worker" .Values.worker.serviceAccount }} + value: {{ default "brigade-worker" .Values.worker.serviceAccount.name }} {{ if .Values.privateRegistry }}imagePullSecrets: - name: {{.Values.privateRegistry}}{{ end }} diff --git a/charts/brigade/templates/vacuum-cronjob.yaml b/charts/brigade/templates/vacuum-cronjob.yaml index eb3742162..ec20a9e84 100644 --- a/charts/brigade/templates/vacuum-cronjob.yaml +++ b/charts/brigade/templates/vacuum-cronjob.yaml @@ -1,4 +1,5 @@ {{ if .Values.vacuum.enabled }}{{ $fullname := include "brigade.vacuum.fullname" .}} +{{ $serviceAccount := default "brigade-vacuum" .Values.vacuum.serviceAccount.name }} apiVersion: batch/v1beta1 kind: CronJob metadata: @@ -21,7 +22,7 @@ spec: app: {{ template "brigade.fullname" . }} role: vacuum spec: - serviceAccountName: {{ $fullname }} + serviceAccountName: {{ $serviceAccount }} containers: - name: {{ .Chart.Name }}-vacuum image: "{{ .Values.vacuum.registry }}/{{ .Values.vacuum.name }}:{{ default .Chart.AppVersion .Values.vacuum.tag }}" diff --git a/charts/brigade/templates/vacuum-role.yaml b/charts/brigade/templates/vacuum-role.yaml index 859c4fafd..0a054598c 100644 --- a/charts/brigade/templates/vacuum-role.yaml +++ b/charts/brigade/templates/vacuum-role.yaml @@ -1,10 +1,12 @@ {{ if .Values.vacuum.enabled }} {{ $fname := include "brigade.vacuum.fullname" . }} +{{ $serviceAccount := default "brigade-vacuum" .Values.vacuum.serviceAccount.name }} +{{ if .Values.vacuum.serviceAccount.create }} --- apiVersion: v1 kind: ServiceAccount metadata: - name: {{ $fname }} + name: {{ $serviceAccount }} labels: app: {{ template "brigade.fullname" . }} chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" @@ -40,10 +42,11 @@ metadata: heritage: "{{ .Release.Service }}" subjects: - kind: ServiceAccount - name: {{ $fname }} + name: {{ $serviceAccount }} roleRef: kind: Role name: {{ $fname }} apiGroup: rbac.authorization.k8s.io {{ end }}{{/* end if rbac enabled */}} +{{ end }}{{/* end if create service account */}} {{ end }}{{/* end if vacuum enabled */}} diff --git a/charts/brigade/templates/worker-role.yaml b/charts/brigade/templates/worker-role.yaml index 88497d8b3..241e30b50 100644 --- a/charts/brigade/templates/worker-role.yaml +++ b/charts/brigade/templates/worker-role.yaml @@ -1,5 +1,6 @@ {{ $fname := include "brigade.worker.fullname" . }} -{{ $serviceAccount := default "brigade-worker" .Values.worker.serviceAccount }} +{{ $serviceAccount := default "brigade-worker" .Values.worker.serviceAccount.name }} +{{ if .Values.worker.serviceAccount.create }} --- apiVersion: v1 kind: ServiceAccount @@ -46,3 +47,4 @@ roleRef: name: {{ $fname }} apiGroup: rbac.authorization.k8s.io {{ end }} +{{ end }} diff --git a/charts/brigade/values.yaml b/charts/brigade/values.yaml index f4df1ff29..73a426845 100644 --- a/charts/brigade/values.yaml +++ b/charts/brigade/values.yaml @@ -77,7 +77,9 @@ api: worker: registry: deis name: brigade-worker - serviceAccount: brigade-worker + serviceAccount: + create: true + name: brigade-worker #tag: #pullPolicy: IfNotPresent @@ -148,6 +150,9 @@ vacuum: # # If both age and maxBuilds are provided, age is applied first, then maxBuilds. maxBuilds: 0 + serviceAccount: + create: true + name: # The service is for the Brigade gateway. If you do not want to have Brigade # listening for incomming GitHub requests, disable this.