4 files changed, 24 insertions, 17 deletions

diff --git a/kubernetes/common/cassandra/requirements.yaml b/kubernetes/common/cassandra/requirements.yaml
index 501cc89a44..f2860ff140 100644
--- a/kubernetes/common/cassandra/requirements.yaml
+++ b/kubernetes/common/cassandra/requirements.yaml
@@ -20,3 +20,6 @@ dependencies:
   - name: repositoryGenerator
     version: ~8.x-0
     repository: 'file://../repositoryGenerator'
+  - name: serviceAccount
+    version: ~8.x-0
+    repository: 'file://../serviceAccount'
diff --git a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh
index 5b652228a6..2d30f2e068 100644
--- a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh
+++ b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh
@@ -1,4 +1,5 @@
 #!/bin/bash
+
 set -e
 
 # first arg is `-f` or `--some-option`
@@ -11,7 +12,7 @@ fi
 if [ "$1" = 'cassandra' -a "$(id -u)" = '0' ]; then
         find /var/lib/cassandra /var/log/cassandra "$CASSANDRA_CONFIG" \
                 \! -user cassandra -exec chown cassandra '{}' +
-        exec gosu cassandra "$BASH_SOURCE" "$@"
+        exec gosu cassandra "$0" "$@"
 fi
 
 _ip_address() {
@@ -27,7 +28,7 @@ _ip_address() {
 }
 
 # "sed -i", but without "mv" (which doesn't work on a bind-mounted file, for example)
-_sed-in-place() {
+_sed_in_place() {
         local filename="$1"; shift
         local tempFile
         tempFile="$(mktemp)"
@@ -56,7 +57,7 @@ if [ "$1" = 'cassandra' ]; then
         fi
         : ${CASSANDRA_SEEDS:="$CASSANDRA_BROADCAST_ADDRESS"}
 
-        _sed-in-place "$CASSANDRA_CONFIG/cassandra.yaml" \
+        _sed_in_place "$CASSANDRA_CONFIG/cassandra.yaml" \
                 -r 's/(- seeds:).*/\1 "'"$CASSANDRA_SEEDS"'"/'
 
         for yaml in \
@@ -70,19 +71,21 @@ if [ "$1" = 'cassandra' ]; then
                 start_rpc \
                 authenticator \
         ; do
-                var="CASSANDRA_${yaml^^}"
-                val="${!var}"
+                var="CASSANDRA_$(echo $yaml | tr '[:lower:]' '[:upper:]')"
+                # eval presents no security issue here because of limited possible values of var
+                eval val=\$$var
                 if [ "$val" ]; then
-                        _sed-in-place "$CASSANDRA_CONFIG/cassandra.yaml" \
+                        _sed_in_place "$CASSANDRA_CONFIG/cassandra.yaml" \
                                 -r 's/^(# )?('"$yaml"':).*/\2 '"$val"'/'
                 fi
         done
 
         for rackdc in dc rack; do
-                var="CASSANDRA_${rackdc^^}"
-                val="${!var}"
+                var="CASSANDRA_$(echo $rackdc | tr '[:lower:]' '[:upper:]')"
+                # eval presents no security issue here because of limited possible values of var
+                eval val=\$$var
                 if [ "$val" ]; then
-                        _sed-in-place "$CASSANDRA_CONFIG/cassandra-rackdc.properties" \
+                        _sed_in_place "$CASSANDRA_CONFIG/cassandra-rackdc.properties" \
                                 -r 's/^('"$rackdc"'=).*/\1 '"$val"'/'
                 fi
         done
diff --git a/kubernetes/common/cassandra/templates/statefulset.yaml b/kubernetes/common/cassandra/templates/statefulset.yaml
index 3553cd4069..840e95b490 100644
--- a/kubernetes/common/cassandra/templates/statefulset.yaml
+++ b/kubernetes/common/cassandra/templates/statefulset.yaml
@@ -28,6 +28,8 @@ spec:
     metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
       hostNetwork: {{ .Values.hostNetwork }}
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
       containers:
       - name: {{ include "common.name" . }}
         image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
@@ -111,14 +113,6 @@ spec:
             value: {{ default "GossipingPropertyFileSnitch" .Values.config.endpoint_snitch | quote }}
           - name: CASSANDRA_AUTHENTICATOR
             value: {{ default "PasswordAuthenticator" .Values.config.authenticator | quote }}
-          {{- if include "common.onServiceMesh" . }}
-          - name: CASSANDRA_LISTEN_ADDRESS
-            value: "127.0.0.1"
-          - name: CASSANDRA_BROADCAST_ADDRESS
-            valueFrom:
-              fieldRef:
-                fieldPath: status.podIP
-          {{- end }}
           - name: POD_IP
             valueFrom:
               fieldRef:
@@ -138,6 +132,7 @@ spec:
       {{- if .Values.affinity }}
       affinity: {{ toYaml .Values.affinity | nindent 8 }}
       {{- end }}
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "nothing" "dot" . )}}
       volumes:
       - name: localtime
         hostPath:
diff --git a/kubernetes/common/cassandra/values.yaml b/kubernetes/common/cassandra/values.yaml
index 9f19bf5c14..1d69993956 100644
--- a/kubernetes/common/cassandra/values.yaml
+++ b/kubernetes/common/cassandra/values.yaml
@@ -162,3 +162,9 @@ backup:
   - name: system_traces
   - name: system_auth
   - name: system_distributed
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: cassandra
+  roles:
+    - nothing