Add the option to opt out of service account token automounting and a…

…llow for volumes to be mountedd to mount the token manually (#89)
mittwald · Dec 22, 2023 · f2ee137 · f2ee137
1 parent 23b2d7d
commit f2ee137
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 0 deletions.
diff --git a/deploy/helm-chart/kubernetes-secret-generator/templates/deployment.yaml b/deploy/helm-chart/kubernetes-secret-generator/templates/deployment.yaml
@@ -16,6 +16,9 @@ spec:
       labels:
     {{- include "kubernetes-secret-generator.selectorLabels" . | nindent 8 }}
     spec:
+      {{- if hasKey .Values "automountServiceAccountToken" }}
+      automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
+      {{- end }}
       {{- if .Values.priorityClassName }}
       priorityClassName: {{ .Values.priorityClassName | quote}}
       {{- end }}
@@ -67,6 +70,7 @@ spec:
               value: {{ .Values.useMetricsService | quote }}
           resources:
       {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts: {{ .Values.volumeMounts | toYaml | nindent 12 }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
       {{- toYaml . | nindent 8 }}
@@ -79,3 +83,4 @@ spec:
       tolerations:
   {{- toYaml . | nindent 8 }}
   {{- end }}
+      volumes: {{ .Values.volumes | toYaml | nindent 8 }}
diff --git a/deploy/helm-chart/kubernetes-secret-generator/templates/serviceaccount.yaml b/deploy/helm-chart/kubernetes-secret-generator/templates/serviceaccount.yaml
@@ -1,6 +1,9 @@
 {{- if .Values.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
+{{- if hasKey .Values.serviceAccount "automountServiceAccountToken" }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
+{{- end }}
 metadata:
   name: {{ include "kubernetes-secret-generator.serviceAccountName" . }}
   labels:

diff --git a/deploy/helm-chart/kubernetes-secret-generator/values.yaml b/deploy/helm-chart/kubernetes-secret-generator/values.yaml
@@ -17,7 +17,10 @@ nameOverride: ""
 fullnameOverride: ""
 deploymentStrategy: "Recreate"
 
+automountServiceAccountToken:
+
 serviceAccount:
+  automountServiceAccountToken:
   # Specifies whether a service account should be created
   create: true
   # The name of the service account to use.
@@ -66,6 +69,10 @@ watchNamespace: ""
 
 useMetricsService: false
 
+volumeMounts: []
+
+volumes: []
+
 # RBAC parameteres
 # https://kubernetes.io/docs/reference/access-authn-authz/rbac/
 rbac: