Skip to content

Commit 515d805

Browse files
authored
Allow setting automountServiceAccountToken (#2298)
* Allow setting automountServiceAccountToken on workloads and serviceAccounts Signed-off-by: Aran Shavit <[email protected]> * update helm docs Signed-off-by: Aran Shavit <[email protected]> --------- Signed-off-by: Aran Shavit <[email protected]>
1 parent 85f0ed0 commit 515d805

File tree

7 files changed

+14
-0
lines changed

7 files changed

+14
-0
lines changed

charts/spark-operator-chart/README.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -97,6 +97,7 @@ See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall) for command docum
9797
| controller.serviceAccount.create | bool | `true` | Specifies whether to create a service account for the controller. |
9898
| controller.serviceAccount.name | string | `""` | Optional name for the controller service account. |
9999
| controller.serviceAccount.annotations | object | `{}` | Extra annotations for the controller service account. |
100+
| controller.serviceAccount.automountServiceAccountToken | bool | `true` | Auto-mount service account token to the controller pods. |
100101
| controller.rbac.create | bool | `true` | Specifies whether to create RBAC resources for the controller. |
101102
| controller.rbac.annotations | object | `{}` | Extra annotations for the controller RBAC resources. |
102103
| controller.labels | object | `{}` | Extra labels for controller pods. |
@@ -134,6 +135,7 @@ See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall) for command docum
134135
| webhook.serviceAccount.create | bool | `true` | Specifies whether to create a service account for the webhook. |
135136
| webhook.serviceAccount.name | string | `""` | Optional name for the webhook service account. |
136137
| webhook.serviceAccount.annotations | object | `{}` | Extra annotations for the webhook service account. |
138+
| webhook.serviceAccount.automountServiceAccountToken | bool | `true` | Auto-mount service account token to the webhook pods. |
137139
| webhook.rbac.create | bool | `true` | Specifies whether to create RBAC resources for the webhook. |
138140
| webhook.rbac.annotations | object | `{}` | Extra annotations for the webhook RBAC resources. |
139141
| webhook.labels | object | `{}` | Extra labels for webhook pods. |
@@ -157,6 +159,7 @@ See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall) for command docum
157159
| spark.serviceAccount.create | bool | `true` | Specifies whether to create a service account for spark applications. |
158160
| spark.serviceAccount.name | string | `""` | Optional name for the spark service account. |
159161
| spark.serviceAccount.annotations | object | `{}` | Optional annotations for the spark service account. |
162+
| spark.serviceAccount.automountServiceAccountToken | bool | `true` | Auto-mount service account token to the spark applications pods. |
160163
| spark.rbac.create | bool | `true` | Specifies whether to create RBAC resources for spark applications. |
161164
| spark.rbac.annotations | object | `{}` | Optional annotations for the spark application RBAC resources. |
162165
| prometheus.metrics.enable | bool | `true` | Specifies whether to enable prometheus metrics scraping. |

charts/spark-operator-chart/templates/controller/deployment.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -171,6 +171,7 @@ spec:
171171
priorityClassName: {{ . }}
172172
{{- end }}
173173
serviceAccountName: {{ include "spark-operator.controller.serviceAccountName" . }}
174+
automountServiceAccountToken: {{ .Values.controller.serviceAccount.automountServiceAccountToken }}
174175
{{- with .Values.controller.podSecurityContext }}
175176
securityContext:
176177
{{- toYaml . | nindent 8 }}

charts/spark-operator-chart/templates/controller/serviceaccount.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@ limitations under the License.
1717
{{- if .Values.controller.serviceAccount.create }}
1818
apiVersion: v1
1919
kind: ServiceAccount
20+
automountServiceAccountToken: {{ .Values.controller.serviceAccount.automountServiceAccountToken }}
2021
metadata:
2122
name: {{ include "spark-operator.controller.serviceAccountName" . }}
2223
namespace: {{ .Release.Namespace }}

charts/spark-operator-chart/templates/spark/serviceaccount.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@ limitations under the License.
2121
---
2222
apiVersion: v1
2323
kind: ServiceAccount
24+
automountServiceAccountToken: {{ $.Values.spark.serviceAccount.automountServiceAccountToken }}
2425
metadata:
2526
name: {{ include "spark-operator.spark.serviceAccountName" $ }}
2627
namespace: {{ $jobNamespace }}

charts/spark-operator-chart/templates/webhook/deployment.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -141,6 +141,7 @@ spec:
141141
priorityClassName: {{ . }}
142142
{{- end }}
143143
serviceAccountName: {{ include "spark-operator.webhook.serviceAccountName" . }}
144+
automountServiceAccountToken: {{ .Values.webhook.serviceAccount.automountServiceAccountToken }}
144145
{{- with .Values.webhook.podSecurityContext }}
145146
securityContext:
146147
{{- toYaml . | nindent 8 }}

charts/spark-operator-chart/templates/webhook/serviceaccount.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@ limitations under the License.
1818
{{- if .Values.webhook.serviceAccount.create -}}
1919
apiVersion: v1
2020
kind: ServiceAccount
21+
automountServiceAccountToken: {{ .Values.webhook.serviceAccount.automountServiceAccountToken }}
2122
metadata:
2223
name: {{ include "spark-operator.webhook.serviceAccountName" . }}
2324
namespace: {{ .Release.Namespace }}

charts/spark-operator-chart/values.yaml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -87,6 +87,8 @@ controller:
8787
name: ""
8888
# -- Extra annotations for the controller service account.
8989
annotations: {}
90+
# -- Auto-mount service account token to the controller pods.
91+
automountServiceAccountToken: true
9092

9193
rbac:
9294
# -- Specifies whether to create RBAC resources for the controller.
@@ -231,6 +233,8 @@ webhook:
231233
name: ""
232234
# -- Extra annotations for the webhook service account.
233235
annotations: {}
236+
# -- Auto-mount service account token to the webhook pods.
237+
automountServiceAccountToken: true
234238

235239
rbac:
236240
# -- Specifies whether to create RBAC resources for the webhook.
@@ -331,6 +335,8 @@ spark:
331335
name: ""
332336
# -- Optional annotations for the spark service account.
333337
annotations: {}
338+
# -- Auto-mount service account token to the spark applications pods.
339+
automountServiceAccountToken: true
334340

335341
rbac:
336342
# -- Specifies whether to create RBAC resources for spark applications.

0 commit comments

Comments
 (0)