Skip to content

Commit

Permalink
service account credential mount (#106)
Browse files Browse the repository at this point in the history
  • Loading branch information
@darkn3rd
darkn3rd authored Aug 15, 2023
1 parent a875cd7 commit 1a3ce27
Show file tree
Hide file tree
Showing 8 changed files with 33 additions and 1 deletion.
2 changes: 1 addition & 1 deletion charts/dgraph/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
apiVersion: v1
name: dgraph
version: 0.2.1
version: 0.2.2
appVersion: v23.0.1
description: Dgraph is a horizontally scalable and distributed graph database, providing ACID transactions, consistent replication and linearizable reads.
keywords:
Expand Down
4 changes: 4 additions & 0 deletions charts/dgraph/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@ The following table lists the configurable parameters of the `dgraph` chart and
| `serviceAccount.create` | Create ServiceAccount | `true` |
| `serviceAccount.annotations` | ServiceAccount annotations | `{}` |
| `serviceAccount.name` | ServiceAccount name | `dgraph` |
| `serviceAccount.automountServiceAccountToken` | automatially mount a ServiceAccount API credentials | `true` |
| `zero.name` | Zero component name | `zero` |
| `zero.metrics.enabled` | Add annotations for Prometheus metric scraping | `true` |
| `zero.extraAnnotations` | Specify annotations for template metadata | `{}` |
Expand All @@ -86,6 +87,7 @@ The following table lists the configurable parameters of the `dgraph` chart and
| `zero.extraEnvs` | extra env vars | `[]` |
| `zero.extraFlags` | Zero extra flags for command line | `""` |
| `zero.configFile` | Zero config file | `{}` |
| `zero.automountServiceAccountToken` | automatially mount a ServiceAccount API credentials | `true` |
| `zero.service.type` | Zero service type | `ClusterIP` |
| `zero.service.labels` | Zero service labels | `{}` |
| `zero.service.annotations` | Zero service annotations | `{}` |
Expand Down Expand Up @@ -127,6 +129,7 @@ The following table lists the configurable parameters of the `dgraph` chart and
| `alpha.extraEnvs` | extra env vars | `[]` |
| `alpha.extraFlags` | Alpha extra flags for command | `""` |
| `alpha.configFile` | Alpha config file | `{}` |
| `alpha.automountServiceAccountToken` | automatially mount a ServiceAccount API credentials | `true` |
| `alpha.service.type` | Alpha node service type | `ClusterIP` |
| `alpha.service.labels` | Alpha service labels | `{}` |
| `alpha.service.annotations` | Alpha service annotations | `{}` |
Expand Down Expand Up @@ -186,6 +189,7 @@ The following table lists the configurable parameters of the `dgraph` chart and
| `ratel.replicaCount` | Number of ratel nodes | `1` |
| `ratel.extraEnvs` | Extra env vars | `[]` |
| `ratel.args` | Ratel command line arguments | `[]` |
| `ratel.automountServiceAccountToken` | automatially mount a ServiceAccount API credentials | `true` |
| `ratel.service.type` | Ratel service type | `ClusterIP` |
| `ratel.service.labels` | Ratel Service labels | `{}` |
| `ratel.service.annotations` | Ratel Service annotations | `{}` |
Expand Down
9 changes: 9 additions & 0 deletions charts/dgraph/example_values/service_account.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
## serviceaccount
## Specify that only Alpha pods automatically mount a ServiceAccount API credentials
## * https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#opt-out-of-api-credential-automounting
serviceAccount:
automountServiceAccountToken: false
zero:
automountServiceAccountToken: false
alpha:
automountServiceAccountToken: true
1 change: 1 addition & 0 deletions charts/dgraph/templates/alpha/statefulset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,7 @@ spec:
spec:
{{- if .Values.serviceAccount.create }}
serviceAccountName: {{ .Values.serviceAccount.name }}
automountServiceAccountToken: {{ .Values.alpha.automountServiceAccountToken }}
{{- end }}
{{- if .Values.alpha.schedulerName }}
schedulerName: {{ .Values.alpha.schedulerName }}
Expand Down
1 change: 1 addition & 0 deletions charts/dgraph/templates/ratel/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ spec:
spec:
{{- if .Values.serviceAccount.create }}
serviceAccountName: {{ .Values.serviceAccount.name }}
automountServiceAccountToken: {{ .Values.ratel.automountServiceAccountToken }}
{{- end }}
{{- if .Values.ratel.schedulerName }}
schedulerName: {{ .Values.ratel.schedulerName }}
Expand Down
1 change: 1 addition & 0 deletions charts/dgraph/templates/serviceaccount.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ .Values.serviceAccount.name }}
labels:
Expand Down
1 change: 1 addition & 0 deletions charts/dgraph/templates/zero/statefulset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ spec:
spec:
{{- if .Values.serviceAccount.create }}
serviceAccountName: {{ .Values.serviceAccount.name }}
automountServiceAccountToken: {{ .Values.zero.automountServiceAccountToken }}
{{- end }}
{{- if .Values.zero.schedulerName }}
schedulerName: {{ .Values.zero.schedulerName }}
Expand Down
15 changes: 15 additions & 0 deletions charts/dgraph/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,9 @@ serviceAccount:
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: dgraph
# automatically mount a ServiceAccount API credentials
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#opt-out-of-api-credential-automounting
automountServiceAccountToken: true

zero:
name: zero
Expand Down Expand Up @@ -104,6 +107,10 @@ zero:
## Ref: https://dgraph.io/docs/deploy/config/
configFile: {}

# automatically mount a ServiceAccount API credentials
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#opt-out-of-api-credential-automounting
automountServiceAccountToken: true

## Kubernetes configuration
## For minikube, set this to NodePort, elsewhere use LoadBalancer
##
Expand Down Expand Up @@ -283,6 +290,10 @@ alpha:
## Ref: https://dgraph.io/docs/deploy/config/
configFile: {}

# automatically mount a ServiceAccount API credentials
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#opt-out-of-api-credential-automounting
automountServiceAccountToken: true

## Kubernetes configuration
## For minikube, set this to NodePort, elsewhere use LoadBalancer
##
Expand Down Expand Up @@ -494,6 +505,10 @@ ratel:
# Arguments appended to a command dgraph-ratel command
args: []

# automatically mount a ServiceAccount API credentials
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#opt-out-of-api-credential-automounting
automountServiceAccountToken: true

## Kubernetes configuration
## For minikube, set this to NodePort, elsewhere use ClusterIP or LoadBalancer
##
Expand Down

0 comments on commit 1a3ce27

Please sign in to comment.