From d804418c890dde93bff26125b8cf1a9fd7fc82d1 Mon Sep 17 00:00:00 2001 From: vladimir turok Date: Thu, 27 Jul 2023 16:28:36 +0200 Subject: [OOM] Fixing k8s ServiceAccounts Adding service account for the jobs Cleanup MSB, ES and other common charts from AAF dependencies Issue-ID: OOM-3199 Issue-ID: OOM-3114 Issue-ID: OOM-3116 Change-Id: I55bf80876c9fb3b110e538ed1a5504e0dc1d4e1a Signed-off-by: vladimir turok --- kubernetes/common/certInitializer/Chart.yaml | 3 +++ kubernetes/common/certInitializer/templates/job.yaml | 1 + kubernetes/common/certInitializer/values.yaml | 6 ++++++ 3 files changed, 10 insertions(+) (limited to 'kubernetes/common/certInitializer') diff --git a/kubernetes/common/certInitializer/Chart.yaml b/kubernetes/common/certInitializer/Chart.yaml index e1bb478d8a..d70b1de52b 100644 --- a/kubernetes/common/certInitializer/Chart.yaml +++ b/kubernetes/common/certInitializer/Chart.yaml @@ -29,3 +29,6 @@ dependencies: - name: repositoryGenerator version: ~13.x-0 repository: 'file://../repositoryGenerator' + - name: serviceAccount + version: ~13.x-0 + repository: '@local' diff --git a/kubernetes/common/certInitializer/templates/job.yaml b/kubernetes/common/certInitializer/templates/job.yaml index 84a3e87098..3120455300 100644 --- a/kubernetes/common/certInitializer/templates/job.yaml +++ b/kubernetes/common/certInitializer/templates/job.yaml @@ -36,6 +36,7 @@ spec: volumeMounts: {{ include "common.certInitializer.volumeMount" (dict "dot" . "initRoot" .Values) | nindent 8 }} - name: ingress-scripts mountPath: /ingress + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" (dict "dot" . "initRoot" .Values) | nindent 6 }} - name: localtime hostPath: diff --git a/kubernetes/common/certInitializer/values.yaml b/kubernetes/common/certInitializer/values.yaml index 747c94f4d1..0fde2cf532 100644 --- a/kubernetes/common/certInitializer/values.yaml +++ b/kubernetes/common/certInitializer/values.yaml @@ -70,3 +70,9 @@ envVarToCheck: cadi_keystore_password_p12 # We had to move this CM to a separate chart to reduce the total size of our charts # as it exceeds the default helm limits. certsCMName: '{{ include "common.release" . }}-cert-wrapper-certs' + +#Pods Service Account +serviceAccount: + nameOverride: certinitializer + roles: + - read \ No newline at end of file -- cgit 1.2.3-korg