diff --git a/deploy/sigma/Chart.lock b/deploy/sigma/Chart.lock index 589a5927..8f485d83 100644 --- a/deploy/sigma/Chart.lock +++ b/deploy/sigma/Chart.lock @@ -8,5 +8,8 @@ dependencies: - name: mysql repository: https://charts.bitnami.com/bitnami version: 11.1.16 -digest: sha256:c9150c78d68a1fe55f7f0ba70b03e6e949cdccb6b71dd0ea8fa835537fdab32f -generated: "2024-09-17T03:30:37.546585+08:00" +- name: common + repository: https://charts.bitnami.com/bitnami + version: 2.23.0 +digest: sha256:4e84624bf97a56d365ab60c079ac19b0edd4a1299e98fa76390fb1e767557194 +generated: "2024-09-17T20:45:36.213184+08:00" diff --git a/deploy/sigma/Chart.yaml b/deploy/sigma/Chart.yaml index 9cce770b..034cbf0f 100644 --- a/deploy/sigma/Chart.yaml +++ b/deploy/sigma/Chart.yaml @@ -19,3 +19,6 @@ dependencies: version: 11.1.16 repository: https://charts.bitnami.com/bitnami condition: mysql.enabled + - name: common + version: 2.23.0 + repository: https://charts.bitnami.com/bitnami diff --git a/deploy/sigma/templates/distribution/deployment.yaml b/deploy/sigma/templates/distribution/deployment.yaml index 9f092c2e..c9898a1d 100644 --- a/deploy/sigma/templates/distribution/deployment.yaml +++ b/deploy/sigma/templates/distribution/deployment.yaml @@ -13,9 +13,9 @@ spec: {{- include "sigma.distribution.labels" . | nindent 6 }} template: metadata: - {{- with .Values.podAnnotations }} annotations: rollme: {{ randAlphaNum 5 | quote }} + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} labels: diff --git a/deploy/sigma/templates/server/deployment.yaml b/deploy/sigma/templates/server/deployment.yaml index 8562e5b3..efe5f920 100644 --- a/deploy/sigma/templates/server/deployment.yaml +++ b/deploy/sigma/templates/server/deployment.yaml @@ -13,8 +13,9 @@ spec: {{- include "sigma.server.labels" . | nindent 6 }} template: metadata: - {{- with .Values.podAnnotations }} annotations: + rollme: {{ randAlphaNum 5 | quote }} + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} labels: @@ -22,11 +23,11 @@ spec: spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: - rollme: {{ randAlphaNum 5 | quote }} {{- toYaml . | nindent 8 }} {{- end }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + serviceAccountName: {{ include "sigma.fullname" . | quote }} containers: - name: {{ printf "%s-server" .Chart.Name }} securityContext: diff --git a/deploy/sigma/templates/serviceaccount.yaml b/deploy/sigma/templates/serviceaccount.yaml new file mode 100644 index 00000000..c08c0bc5 --- /dev/null +++ b/deploy/sigma/templates/serviceaccount.yaml @@ -0,0 +1,84 @@ +--- +kind: Role +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +metadata: + name: {{ include "sigma.fullname" . | quote }} + namespace: {{ include "common.names.namespace" . | quote }} + {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.image "chart" .Chart ) ) }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - apiGroups: + - "coordination.k8s.io" + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +kind: RoleBinding +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +metadata: + name: {{ include "sigma.fullname" . | quote }} + {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.image "chart" .Chart ) ) }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "sigma.fullname" . | quote }} +subjects: + - kind: ServiceAccount + name: {{ template "sigma.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "sigma.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.image "chart" .Chart ) ) }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} diff --git a/deploy/sigma/templates/web/deployment.yaml b/deploy/sigma/templates/web/deployment.yaml index e17a8df1..6a52424f 100644 --- a/deploy/sigma/templates/web/deployment.yaml +++ b/deploy/sigma/templates/web/deployment.yaml @@ -13,9 +13,9 @@ spec: {{- include "sigma.web.labels" . | nindent 6 }} template: metadata: - {{- with .Values.podAnnotations }} annotations: rollme: {{ randAlphaNum 5 | quote }} + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} labels: diff --git a/deploy/sigma/templates/worker/deployment.yaml b/deploy/sigma/templates/worker/deployment.yaml index 21282ab3..ce8b3730 100644 --- a/deploy/sigma/templates/worker/deployment.yaml +++ b/deploy/sigma/templates/worker/deployment.yaml @@ -13,9 +13,9 @@ spec: {{- include "sigma.worker.labels" . | nindent 6 }} template: metadata: - {{- with .Values.podAnnotations }} annotations: rollme: {{ randAlphaNum 5 | quote }} + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} labels: @@ -27,6 +27,7 @@ spec: {{- end }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + serviceAccountName: {{ include "sigma.fullname" . | quote }} containers: - name: {{ printf "%s-worker" .Chart.Name }} securityContext: diff --git a/deploy/sigma/values.yaml b/deploy/sigma/values.yaml index c96bcb37..0489a6f3 100644 --- a/deploy/sigma/values.yaml +++ b/deploy/sigma/values.yaml @@ -1,3 +1,8 @@ +## @param commonLabels Labels to add to all deployed objects +commonLabels: {} +## @param commonAnnotations Annotations to add to all deployed objects +commonAnnotations: {} + image: registry: ghcr.io repository: go-sigma/sigma @@ -61,8 +66,7 @@ ingress: # hosts: # - chart-example.local -resources: - {} +resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following @@ -92,6 +96,12 @@ tolerations: [] affinity: {} +serviceAccount: + ## @param serviceAccount.annotations Additional Service Account annotations (evaluated as a template) + annotations: {} + ## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account + automountServiceAccountToken: false + config: log: level: debug