Skip to content

Commit

Permalink
properly disable service account
Browse files Browse the repository at this point in the history 
Signed-off-by: Sunny Yip <[email protected]>
  • Loading branch information
@sunnyyip
sunnyyip committed Apr 26, 2024
1 parent 706fbd1 commit 820d2fd
Show file tree
Hide file tree
Showing 13 changed files with 157 additions and 34 deletions.
22 changes: 13 additions & 9 deletions charts/guac/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,7 @@ This section contains parameters for configuring the different GUAC components.
| `guac.ociCollector.env` | Environment variables for OCI Collector. | `[]` |
| `guac.ociCollector.nodeSelector` | - sets the node selector for where to run the deployment | `{}` |
| `guac.ociCollector.tolerations` | | `[]` |
| `guac.ociCollector.serviceAccount.annotations` | - OCI Collector service account annotations | `{}` |
| `guac.ociCollector.resources` | - [map] resource requests or limits of the ociCollector deployment | `{}` |
| `guac.depsDevCollector.enabled` | String Whether to deploy Deps.Dev Collector | `true` |
| `guac.depsDevCollector.name` | String Name of the Deps.Dev Collector component. | `depsdev-collector` |
Expand All @@ -130,6 +131,8 @@ This section contains parameters for configuring the different GUAC components.
| `guac.osvCertifier.env` | Environment variables for OSV Certifier Collector. | `[]` |
| `guac.osvCertifier.nodeSelector` | - sets the node selector for where to run the deployment | `{}` |
| `guac.osvCertifier.tolerations` | | `[]` |
| `guac.osvCertifier.serviceAccount.annotations` | - OSV Certifier service account annotations | `{}` |
| `guac.osvCertifier.resources` | - [map] resource requests or limits of the OSV Certifier deployment | `{}` |
| `guac.ingestor.enabled` | String Whether to deploy Ingestor | `true` |
| `guac.ingestor.name` | String Name of the ingestor component. | `ingestor` |
| `guac.ingestor.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` |
Expand All @@ -140,18 +143,19 @@ This section contains parameters for configuring the different GUAC components.
| `guac.ingestor.serviceAccount.annotations` | - Ingestor service account annotations | `{}` |
| `guac.ingestor.tolerations` | | `[]` |
| `guac.ingestor.resources` | - [map] resource requests or limits of the ingestor deployment | `{}` |
| `guac.collectSub.enabled` | String Whether to deploy Collector Sub | `true` |
| `guac.collectSub.name` | String Name of the Collector Sub component. | `collectsub` |
| `guac.collectSub.enabled` | String Whether to deploy CollectSub | `true` |
| `guac.collectSub.name` | String Name of the CollectSub component. | `collectsub` |
| `guac.collectSub.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` |
| `guac.collectSub.replicas` | Number of replicas for Collector Sub deployment | `1` |
| `guac.collectSub.image.command` | Command for the Collector Sub image. It is not recommended to override this. | `["sh","-c","/opt/guac/guaccsub"]` |
| `guac.collectSub.env` | Environment variables for Collector Sub. | `[]` |
| `guac.collectSub.image.ports[0].containerPort` | Port the Collector Sub container listens on | `2782` |
| `guac.collectSub.svcPorts[0].protocol` | Protocol used at Collector Sub | `TCP` |
| `guac.collectSub.svcPorts[0].port` | Port the Collector Sub service listens on | `2782` |
| `guac.collectSub.svcPorts[0].targetPort` | Port the Collector Sub container listens on | `2782` |
| `guac.collectSub.replicas` | Number of replicas for CollectSub deployment | `1` |
| `guac.collectSub.image.command` | Command for the CollectSub image. It is not recommended to override this. | `["sh","-c","/opt/guac/guaccsub"]` |
| `guac.collectSub.env` | Environment variables for CollectSub. | `[]` |
| `guac.collectSub.image.ports[0].containerPort` | Port the CollectSub container listens on | `2782` |
| `guac.collectSub.svcPorts[0].protocol` | Protocol used at CollectSub | `TCP` |
| `guac.collectSub.svcPorts[0].port` | Port the CollectSub service listens on | `2782` |
| `guac.collectSub.svcPorts[0].targetPort` | Port the CollectSub container listens on | `2782` |
| `guac.collectSub.nodeSelector` | - sets the node selector for where to run the deployment | `{}` |
| `guac.collectSub.tolerations` | | `[]` |
| `guac.collectSub.serviceAccount.annotations` | - CollectSub service account annotations | `{}` |
| `guac.collectSub.resources` | - [map] resource requests or limits of the collectSub deployment | `{}` |
| `guac.graphqlServer.enabled` | String Whether to deploy GraphQL Server | `true` |
| `guac.graphqlServer.name` | String Name of the GraphQL Server component. | `graphql-server` |
Expand Down
57 changes: 46 additions & 11 deletions charts/guac/schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,16 @@
"default": [],
"items": {}
},
"serviceAccount": {
"type": "object",
"properties": {
"annotations": {
"type": "object",
"description": "- OCI Collector service account annotations",
"default": {}
}
}
},
"resources": {
"type": "object",
"description": "- [map] resource requests or limits of the ociCollector deployment",
Expand Down Expand Up @@ -232,6 +242,21 @@
"description": "",
"default": [],
"items": {}
},
"serviceAccount": {
"type": "object",
"properties": {
"annotations": {
"type": "object",
"description": "- OSV Certifier service account annotations",
"default": {}
}
}
},
"resources": {
"type": "object",
"description": "- [map] resource requests or limits of the OSV Certifier deployment",
"default": {}
}
}
},
Expand Down Expand Up @@ -309,25 +334,25 @@
"properties": {
"enabled": {
"type": "boolean",
"description": "String Whether to deploy Collector Sub",
"description": "String Whether to deploy CollectSub",
"default": true
},
"name": {
"type": "string",
"description": "String Name of the Collector Sub component.",
"description": "String Name of the CollectSub component.",
"default": "collectsub"
},
"replicas": {
"type": "number",
"description": "Number of replicas for Collector Sub deployment",
"description": "Number of replicas for CollectSub deployment",
"default": 1
},
"image": {
"type": "object",
"properties": {
"command": {
"type": "array",
"description": "Command for the Collector Sub image. It is not recommended to override this.",
"description": "Command for the CollectSub image. It is not recommended to override this.",
"default": [
"sh",
"-c",
Expand All @@ -339,13 +364,13 @@
},
"ports": {
"type": "array",
"description": "Port the Collector Sub container listens on",
"description": "Port the CollectSub container listens on",
"items": {
"type": "object",
"properties": {
"containerPort": {
"type": "number",
"description": "Port the Collector Sub container listens on"
"description": "Port the CollectSub container listens on"
}
}
}
Expand All @@ -354,27 +379,27 @@
},
"env": {
"type": "array",
"description": "Environment variables for Collector Sub.",
"description": "Environment variables for CollectSub.",
"default": [],
"items": {}
},
"svcPorts": {
"type": "array",
"description": "Protocol used at Collector Sub",
"description": "Protocol used at CollectSub",
"items": {
"type": "object",
"properties": {
"protocol": {
"type": "string",
"description": "Protocol used at Collector Sub"
"description": "Protocol used at CollectSub"
},
"port": {
"type": "number",
"description": "Port the Collector Sub service listens on"
"description": "Port the CollectSub service listens on"
},
"targetPort": {
"type": "number",
"description": "Port the Collector Sub container listens on"
"description": "Port the CollectSub container listens on"
}
}
}
Expand All @@ -390,6 +415,16 @@
"default": [],
"items": {}
},
"serviceAccount": {
"type": "object",
"properties": {
"annotations": {
"type": "object",
"description": "- CollectSub service account annotations",
"default": {}
}
}
},
"resources": {
"type": "object",
"description": "- [map] resource requests or limits of the collectSub deployment",
Expand Down
1 change: 1 addition & 0 deletions charts/guac/templates/collectsub-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ spec:
app.kubernetes.io/name: {{ .Values.guac.collectSub.name }}
app.kubernetes.io/component: {{ .Values.guac.collectSub.name }}
spec:
serviceAccountName: {{ .Values.guac.collectSub.name }}
containers:
- name: {{ .Values.guac.collectSub.name }}
{{- if .Values.guac.guacImage.digest }}
Expand Down
17 changes: 17 additions & 0 deletions charts/guac/templates/collectsub-sa.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
# Copyright Kusari, Inc. and contributors
# Licensed under the MIT license. See LICENSE file in the project root for details.
{{ if .Values.guac.collectSub.enabled }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.guac.collectSub.name }}
{{- if .Values.guac.collectSub.annotations }}
annotations:
{{ toYaml .Values.guac.collectSub.serviceAccount.annotations | indent 4 }}
{{- end }}
labels:
{{- include "guac.labels" . | nindent 4 }}
app.kubernetes.io/name: {{ .Values.guac.collectSub.name }}
app.kubernetes.io/component: {{ .Values.guac.collectSub.name }}
{{- end }}
7 changes: 6 additions & 1 deletion charts/guac/templates/depsdev-collector-sa.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
# Copyright Kusari, Inc. and contributors
# Licensed under the MIT license. See LICENSE file in the project root for details.
{{ if .Values.guac.depsDevCollector.enabled }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
Expand All @@ -9,4 +13,5 @@ metadata:
labels:
{{- include "guac.labels" . | nindent 4 }}
app.kubernetes.io/name: {{ .Values.guac.depsDevCollector.name }}
app.kubernetes.io/component: {{ .Values.guac.depsDevCollector.name }}
app.kubernetes.io/component: {{ .Values.guac.depsDevCollector.name }}
{{- end }}
7 changes: 6 additions & 1 deletion charts/guac/templates/graphql-server-sa.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
# Copyright Kusari, Inc. and contributors
# Licensed under the MIT license. See LICENSE file in the project root for details.
{{ if .Values.guac.graphqlServer.enabled }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
Expand All @@ -9,4 +13,5 @@ metadata:
labels:
{{- include "guac.labels" . | nindent 4 }}
app.kubernetes.io/name: {{ .Values.guac.graphqlServer.name }}
app.kubernetes.io/component: {{ .Values.guac.graphqlServer.name }}
app.kubernetes.io/component: {{ .Values.guac.graphqlServer.name }}
{{- end }}
7 changes: 6 additions & 1 deletion charts/guac/templates/guacrest-sa.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
# Copyright Kusari, Inc. and contributors
# Licensed under the MIT license. See LICENSE file in the project root for details.
{{ if .Values.guac.restApi.enabled }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
Expand All @@ -9,4 +13,5 @@ metadata:
labels:
{{- include "guac.labels" . | nindent 4 }}
app.kubernetes.io/name: {{ .Values.guac.restApi.name }}
app.kubernetes.io/component: {{ .Values.guac.restApi.name }}
app.kubernetes.io/component: {{ .Values.guac.restApi.name }}
{{- end }}
7 changes: 6 additions & 1 deletion charts/guac/templates/ingestor-sa.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
# Copyright Kusari, Inc. and contributors
# Licensed under the MIT license. See LICENSE file in the project root for details.
{{ if .Values.guac.ingestor.enabled }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
Expand All @@ -9,4 +13,5 @@ metadata:
labels:
{{- include "guac.labels" . | nindent 4 }}
app.kubernetes.io/name: {{ .Values.guac.ingestor.name }}
app.kubernetes.io/component: {{ .Values.guac.ingestor.name }}
app.kubernetes.io/component: {{ .Values.guac.ingestor.name }}
{{- end }}
Loading

0 comments on commit 820d2fd

Please sign in to comment.