diff --git a/cr-template.yaml b/cr-template.yaml index 6734750..fe31d38 100644 --- a/cr-template.yaml +++ b/cr-template.yaml @@ -4,7 +4,7 @@ metadata: name: example-phase-secret namespace: default spec: - phaseAppEnv: "dev" # OPTIONAL - The Phase application environment to fetch secrets from + phaseAppEnv: "prod" # OPTIONAL - The Phase application environment to fetch secrets from phaseHost: "https://console.phase.dev" # OPTIONAL - URL of a Phase Console instance authentication: serviceToken: diff --git a/helm-repo/index.yaml b/helm-repo/index.yaml index db14c65..192241b 100644 --- a/helm-repo/index.yaml +++ b/helm-repo/index.yaml @@ -3,9 +3,9 @@ entries: phase-kubernetes-operator: - apiVersion: v2 appVersion: 0.1.0 - created: "2023-11-17T13:37:17.319489737+05:30" + created: "2023-11-17T15:52:25.181561512+05:30" description: A Helm chart for deploying the Phase Kubernetes Operator - digest: b52696267af72b43a41c62ae801b1e507d37b40ee6ec14cafd03a0fc3f407d9a + digest: 328817cd8ad048f8b445e9eccfcf0fe88094ef2772471310a3473cd62ef62836 home: https://github.com/phasehq/kubernetes-secrets-operator keywords: - phase @@ -22,4 +22,4 @@ entries: urls: - https://helm.phase.dev/phase-kubernetes-operator-0.1.0.tgz version: 0.1.0 -generated: "2023-11-17T13:37:17.319169201+05:30" +generated: "2023-11-17T15:52:25.18108025+05:30" diff --git a/helm-repo/phase-kubernetes-operator-0.1.0.tgz b/helm-repo/phase-kubernetes-operator-0.1.0.tgz index 702be7f..ec35f9e 100644 Binary files a/helm-repo/phase-kubernetes-operator-0.1.0.tgz and b/helm-repo/phase-kubernetes-operator-0.1.0.tgz differ diff --git a/phase-kubernetes-operator/templates/deploy.yml b/phase-kubernetes-operator/templates/deploy.yml index 09a5108..b98dadf 100644 --- a/phase-kubernetes-operator/templates/deploy.yml +++ b/phase-kubernetes-operator/templates/deploy.yml @@ -12,6 +12,7 @@ spec: labels: app: {{ include "phase-kubernetes-operator.fullname" . }} spec: + serviceAccountName: {{ .Values.serviceAccount.name }} securityContext: runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }} runAsUser: {{ .Values.securityContext.runAsUser }} diff --git a/phase-kubernetes-operator/templates/rbac.yaml b/phase-kubernetes-operator/templates/rbac.yaml index 588177b..d08d16a 100644 --- a/phase-kubernetes-operator/templates/rbac.yaml +++ b/phase-kubernetes-operator/templates/rbac.yaml @@ -1,3 +1,11 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.name }} + namespace: {{ .Release.Namespace }} +{{- end }} +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: diff --git a/service-token.yml b/service-token.yml deleted file mode 100644 index 69157d5..0000000 --- a/service-token.yml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: phase-service-token_2 - namespace: default # You specify the desired namespace here. -type: Opaque -data: - token: "cHNzX3NlcnZpY2U6djE6MjIzYTdiZGVjMzIzOTc1YjgxZDc4ZWY2ZGQ0YjQ0Y2ViNjIyMWU2Nzc1MDMwOTYwNGEyMDk1YWI4YTNhMjBjODozMWRlMjVlZmQ2ZTQwZjk1NjRmYjU1ODM0NjI2YjVlZjY4M2MzYjQxNDJjMWI2MzQ1YzUzMDZhOWZhNmIyNzdmOjBjMzJiMjdiYTkwMjM0MGM0NTc2MmQ5YzkxZjY1YzVjODhiMzgyOWIyNmUyZjM0ZTU1M2YxNDM0MDYzZDNhZTE6MGM1OTJkNDBlZjBmOTQ0YzZmZjFmZjI5ZTJkZTAyZTljN2UxYTAxZjUzYzA5ZjY5ZTZmYTgzZjcxMDAzNTNlZQ=="