fix: Remove cluster admin ClusterRoleBinding and ServiceAccount

This commit removes the `ClusterRoleBinding` and `ServiceAccount` from the helm chart. The cluster admin access is not needed by the locust service, since it just executes locust without any need to access any resources within the kubernetes cluster. fixes keptn-sandbox#23
didiladi · Apr 21, 2021 · b841482 · b841482
1 parent 63604e7
commit b841482
Show file tree

Hide file tree

Showing 4 changed files with 2 additions and 46 deletions.
diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl
@@ -51,13 +51,3 @@ app.kubernetes.io/name: {{ include "keptn-service.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "keptn-service.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "keptn-service.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}
diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml
@@ -23,7 +23,7 @@ spec:
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      serviceAccountName: {{ include "keptn-service.serviceAccountName" . }}
+      serviceAccountName: {{ .Values.keptnservice.serviceAccountName }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       containers:

diff --git a/helm/templates/serviceaccount.yaml b/helm/templates/serviceaccount.yaml
diff --git a/helm/values.yaml b/helm/values.yaml
@@ -5,6 +5,7 @@ keptnservice:
     tag: "dev"                                    # Container Tag
   service:
     enabled: true                              # Creates a Kubernetes Service for the locust-service
+  serviceAccountName: default
 
 distributor:
   stageFilter: ""                            # Sets the stage this helm service belongs to
@@ -25,11 +26,6 @@ remoteControlPlane:
 
 imagePullSecrets: []                         # Secrets to use for container registry credentials
 
-serviceAccount:
-  create: true                               # Enables the service account creation
-  annotations: {}                            # Annotations to add to the service account
-  name: ""                                   # The name of the service account to use.
-
 podAnnotations: {}                           # Annotations to add to the created pods
 
 podSecurityContext: {}                       # Set the pod security context (e.g. fsGroups)