You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by wi...@apache.org on 2020/06/27 08:59:50 UTC
[couchdb-helm] 14/43: Add ServiceAccount support
This is an automated email from the ASF dual-hosted git repository.
willholley pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/couchdb-helm.git
commit 8bba11edd09656abefe9058a1dc400d7d985895f
Author: Will Holley <wi...@gmail.com>
AuthorDate: Tue Oct 22 14:28:54 2019 +0100
Add ServiceAccount support
Ported from https://github.com/helm/charts/pull/17254.
---
couchdb/README.md | 66 ++++++++++++++++++-----------------
couchdb/templates/_helpers.tpl | 11 ++++++
couchdb/templates/serviceaccount.yaml | 15 ++++++++
couchdb/templates/statefulset.yaml | 3 ++
couchdb/values.yaml | 8 +++++
5 files changed, 71 insertions(+), 32 deletions(-)
diff --git a/couchdb/README.md b/couchdb/README.md
index ccd3596..937c1d3 100644
--- a/couchdb/README.md
+++ b/couchdb/README.md
@@ -109,38 +109,40 @@ CouchDB chart and their default values:
A variety of other parameters are also configurable. See the comments in the
`values.yaml` file for further details:
-| Parameter | Default |
-|---------------------------------|----------------------------------------|
-| `adminUsername` | admin |
-| `adminPassword` | auto-generated |
-| `cookieAuthSecret` | auto-generated |
-| `image.repository` | couchdb |
-| `image.tag` | 2.3.1 |
-| `image.pullPolicy` | IfNotPresent |
-| `searchImage.repository` | kocolosk/couchdb-search |
-| `searchImage.tag` | 0.1.0 |
-| `searchImage.pullPolicy` | IfNotPresent |
-| `initImage.repository` | busybox |
-| `initImage.tag` | latest |
-| `initImage.pullPolicy` | Always |
-| `ingress.enabled` | false |
-| `ingress.hosts` | chart-example.local |
-| `ingress.path` | / |
-| `ingress.annotations` | |
-| `ingress.tls` | |
-| `persistentVolume.accessModes` | ReadWriteOnce |
-| `persistentVolume.storageClass` | Default for the Kube cluster |
-| `podManagementPolicy` | Parallel |
-| `affinity` | |
-| `annotations` | |
-| `tolerations` | |
-| `resources` | |
-| `service.annotations` | |
-| `service.enabled` | true |
-| `service.type` | ClusterIP |
-| `service.externalPort` | 5984 |
-| `dns.clusterDomainSuffix` | cluster.local |
-
+| Parameter | Default |
+|-----------------------------------|----------------------------------------|
+| `adminUsername` | admin |
+| `adminPassword` | auto-generated |
+| `cookieAuthSecret` | auto-generated |
+| `image.repository` | couchdb |
+| `image.tag` | 2.3.1 |
+| `image.pullPolicy` | IfNotPresent |
+| `searchImage.repository` | kocolosk/couchdb-search |
+| `searchImage.tag` | 0.1.0 |
+| `searchImage.pullPolicy` | IfNotPresent |
+| `initImage.repository` | busybox |
+| `initImage.tag` | latest |
+| `initImage.pullPolicy` | Always |
+| `ingress.enabled` | false |
+| `ingress.hosts` | chart-example.local |
+| `ingress.annotations` | |
+| `ingress.path` | / |
+| `ingress.tls` | |
+| `persistentVolume.accessModes` | ReadWriteOnce |
+| `persistentVolume.storageClass` | Default for the Kube cluster |
+| `podManagementPolicy` | Parallel |
+| `affinity` | |
+| `annotations` | |
+| `tolerations` | |
+| `resources` | |
+| `service.annotations` | |
+| `service.enabled` | true |
+| `service.type` | ClusterIP |
+| `service.externalPort` | 5984 |
+| `dns.clusterDomainSuffix` | cluster.local |
+| `serviceAccount.enabled` | true |
+| `serviceAccount.create` | true |
+| `serviceAccount.imagePullSecrets` | |
## Feedback, Issues, Contributing
diff --git a/couchdb/templates/_helpers.tpl b/couchdb/templates/_helpers.tpl
index 0450a66..3a9288f 100644
--- a/couchdb/templates/_helpers.tpl
+++ b/couchdb/templates/_helpers.tpl
@@ -61,3 +61,14 @@ Generates a comma delimited list of nodes in the cluster
{{ $.Values.erlangFlags.name }}@{{ template "couchdb.fullname" $ }}-{{ $index0 }}.{{ template "couchdb.fullname" $ }}.{{ $.Release.Namespace }}.svc.{{ $.Values.dns.clusterDomainSuffix }}{{ if ne $index1 $nodeCount }},{{ end }}
{{- end -}}
{{- end -}}
+
+{{/*
+If serviceAccount.name is specified, use that, else use the couchdb instance name
+*/}}
+{{- define "couchdb.serviceAccount" -}}
+{{- if .Values.serviceAccount.name -}}
+{{- .Values.serviceAccount.name }}
+{{- else -}}
+{{- template "couchdb.fullname" . -}}
+{{- end -}}
+{{- end -}}
diff --git a/couchdb/templates/serviceaccount.yaml b/couchdb/templates/serviceaccount.yaml
new file mode 100644
index 0000000..bb82799
--- /dev/null
+++ b/couchdb/templates/serviceaccount.yaml
@@ -0,0 +1,15 @@
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ template "couchdb.serviceAccount" . }}
+ labels:
+ app: {{ template "couchdb.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+{{- if .Values.serviceAccount.imagePullSecrets }}
+imagePullSecrets:
+{{ toYaml .Values.serviceAccount.imagePullSecrets }}
+{{- end }}
+{{- end }}
diff --git a/couchdb/templates/statefulset.yaml b/couchdb/templates/statefulset.yaml
index 3e70bdc..1e0985b 100644
--- a/couchdb/templates/statefulset.yaml
+++ b/couchdb/templates/statefulset.yaml
@@ -26,6 +26,9 @@ spec:
{{- if .Values.schedulerName }}
schedulerName: "{{ .Values.schedulerName }}"
{{- end }}
+ {{- if .Values.serviceAccount.enabled }}
+ serviceAccountName: {{ template "couchdb.serviceAccount" . }}
+ {{- end }}
initContainers:
- name: init-copy
image: "{{ .Values.initImage.repository }}:{{ .Values.initImage.tag }}"
diff --git a/couchdb/values.yaml b/couchdb/values.yaml
index ecdd0d1..089f90b 100644
--- a/couchdb/values.yaml
+++ b/couchdb/values.yaml
@@ -30,6 +30,14 @@ adminUsername: admin
##
# schedulerName:
+# Use a service account
+serviceAccount:
+ enabled: true
+ create: true
+# name:
+# imagePullSecrets:
+# - name: myimagepullsecret
+
## The storage volume used by each Pod in the StatefulSet. If a
## persistentVolume is not enabled, the Pods will use `emptyDir` ephemeral
## local storage. Setting the storageClass attribute to "-" disables dynamic