diff --git a/charts/sophora-image-ai/Chart.yaml b/charts/sophora-image-ai/Chart.yaml index 0cb426b0..b61f5530 100644 --- a/charts/sophora-image-ai/Chart.yaml +++ b/charts/sophora-image-ai/Chart.yaml @@ -2,11 +2,11 @@ apiVersion: v2 name: sophora-image-ai description: Sophora Image AI type: application -version: 2.0.0 +version: 2.1.0 appVersion: 5.1.0 sources: - https://github.com/subshell/helm-charts/tree/main/charts/sophora-image-ai annotations: artifacthub.io/changes: | - - kind: changed - description: Added support for Google Application Default Credentials (ADC). The 'sophora-image-ai-gcp-credentials' secret (name was hard-coded) is no longer required, but a secret containing the credentials can still be used. See values.yaml for details. + - kind: added + description: Enabled the use of a service account. diff --git a/charts/sophora-image-ai/templates/_helpers.tpl b/charts/sophora-image-ai/templates/_helpers.tpl index 54367b3b..caf446cf 100644 --- a/charts/sophora-image-ai/templates/_helpers.tpl +++ b/charts/sophora-image-ai/templates/_helpers.tpl @@ -62,3 +62,14 @@ Usage: {{- tpl (.value | toYaml) .context }} {{- end }} {{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "sophora-image-ai.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "sophora-image-ai.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/sophora-image-ai/templates/deployment.yaml b/charts/sophora-image-ai/templates/deployment.yaml index 3aeafd19..e3e57432 100644 --- a/charts/sophora-image-ai/templates/deployment.yaml +++ b/charts/sophora-image-ai/templates/deployment.yaml @@ -22,6 +22,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "sophora-image-ai.serviceAccountName" . }} containers: - name: image-ai image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" diff --git a/charts/sophora-image-ai/templates/serviceaccount.yaml b/charts/sophora-image-ai/templates/serviceaccount.yaml new file mode 100644 index 00000000..5060b068 --- /dev/null +++ b/charts/sophora-image-ai/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "sophora-image-ai.serviceAccountName" . }} + labels: + {{- include "sophora-image-ai.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/charts/sophora-image-ai/test-values.yaml b/charts/sophora-image-ai/test-values.yaml index 2bd16abf..47313d39 100644 --- a/charts/sophora-image-ai/test-values.yaml +++ b/charts/sophora-image-ai/test-values.yaml @@ -43,6 +43,12 @@ ingress: hosts: tls: [] +serviceAccount: + create: true + automount: true + annotations: + foo: bar + extraVolumes: - name: gcp-credentials secret: diff --git a/charts/sophora-image-ai/values.yaml b/charts/sophora-image-ai/values.yaml index 77e69260..9492d05d 100644 --- a/charts/sophora-image-ai/values.yaml +++ b/charts/sophora-image-ai/values.yaml @@ -77,3 +77,14 @@ extraVolumes: [] extraVolumeMounts: [] podAnnotations: {} + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: ""