[bitnami/redis] fix: 🔒 Move service-account token auto-mount to pod declaration (#22455)

* [bitnami/redis] fix: 🔒 Move service-account token auto-mount to pod declaration

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* test: ✅ Update goss test to reflect new value

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* fix: 🐛 Remove duplicate deployment value

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

---------

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
Signed-off-by: Javier J. Salmerón-García <jsalmeron@vmware.com>

.vib/redis/goss/goss.yaml

@@ -38,7 +38,7 @@ command:
     # or the one randomly defined by openshift (larger values). Otherwise, the chart is still using the default value.
     exec: if [ $(id -u) -lt {{ $uid }} ] || [ $(id -G | awk '{print $2}') -lt {{ $gid }} ]; then exit 1; fi
     exit-status: 0
-  {{ if .Vars.master.serviceAccount.automountServiceAccountToken }}
+  {{ if .Vars.master.automountServiceAccountToken }}
   check-sa:
     exec: cat /var/run/secrets/kubernetes.io/serviceaccount/token | cut -d '.' -f 2 | xargs -I '{}' echo '{}====' | fold -w 4 | sed '$ d' | tr -d '\n' | base64 -d
     exit-status: 0

.vib/redis/runtime-parameters.yaml

@@ -25,7 +25,7 @@ master:
     type: LoadBalancer
   serviceAccount:
     create: true
-    automountServiceAccountToken: true
+  automountServiceAccountToken: true
 replica:
   replicaCount: 3
   containerPorts:

bitnami/redis/Chart.yaml

@@ -34,4 +34,4 @@ maintainers:
 name: redis
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/redis
-version: 18.7.1
+version: 18.8.0

bitnami/redis/README.md

@@ -180,6 +180,7 @@ The command removes all the Kubernetes components associated with the chart and
 | `master.updateStrategy.type`                               | Redis® master statefulset strategy type                                                           | `RollingUpdate`          |
 | `master.minReadySeconds`                                   | How many seconds a pod needs to be ready before killing the next, during update                       | `0`                      |
 | `master.priorityClassName`                                 | Redis® master pods' priorityClassName                                                             | `""`                     |
+| `master.automountServiceAccountToken`                      | Mount Service Account token in pod                                                                    | `false`                  |
 | `master.hostAliases`                                       | Redis® master pods host aliases                                                                   | `[]`                     |
 | `master.podLabels`                                         | Extra labels for Redis® master pods                                                               | `{}`                     |
 | `master.podAnnotations`                                    | Annotations for Redis® master pods                                                                | `{}`                     |
@@ -298,6 +299,7 @@ The command removes all the Kubernetes components associated with the chart and
 | `replica.minReadySeconds`                                   | How many seconds a pod needs to be ready before killing the next, during update                         | `0`                      |
 | `replica.priorityClassName`                                 | Redis® replicas pods' priorityClassName                                                             | `""`                     |
 | `replica.podManagementPolicy`                               | podManagementPolicy to manage scaling operation of %%MAIN_CONTAINER_NAME%% pods                         | `""`                     |
+| `replica.automountServiceAccountToken`                      | Mount Service Account token in pod                                                                      | `false`                  |
 | `replica.hostAliases`                                       | Redis® replicas pods host aliases                                                                   | `[]`                     |
 | `replica.podLabels`                                         | Extra labels for Redis® replicas pods                                                               | `{}`                     |
 | `replica.podAnnotations`                                    | Annotations for Redis® replicas pods                                                                | `{}`                     |

bitnami/redis/templates/master/application.yaml

@@ -65,7 +65,7 @@ spec:
       securityContext: {{- omit .Values.master.podSecurityContext "enabled" | toYaml | nindent 8 }}
       {{- end }}
       serviceAccountName: {{ template "redis.masterServiceAccountName" . }}
-      automountServiceAccountToken: {{ .Values.master.serviceAccount.automountServiceAccountToken }}
+      automountServiceAccountToken: {{ .Values.master.automountServiceAccountToken }}
       {{- if .Values.master.priorityClassName }}
       priorityClassName: {{ .Values.master.priorityClassName | quote }}
       {{- end }}

bitnami/redis/templates/replicas/application.yaml

@@ -63,7 +63,7 @@ spec:
       securityContext: {{- omit .Values.replica.podSecurityContext "enabled" | toYaml | nindent 8 }}
       {{- end }}
       serviceAccountName: {{ template "redis.replicaServiceAccountName" . }}
-      automountServiceAccountToken: {{ .Values.replica.serviceAccount.automountServiceAccountToken }}
+      automountServiceAccountToken: {{ .Values.replica.automountServiceAccountToken }}
       {{- if .Values.replica.priorityClassName }}
       priorityClassName: {{ .Values.replica.priorityClassName | quote }}
       {{- end }}

bitnami/redis/templates/sentinel/statefulset.yaml

@@ -54,13 +54,13 @@ spec:
         {{- end }}
     spec:
       {{- include "redis.imagePullSecrets" . | nindent 6 }}
+      automountServiceAccountToken: {{ .Values.replica.automountServiceAccountToken }}
       {{- if .Values.replica.hostAliases }}
       hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.replica.hostAliases "context" $) | nindent 8 }}
       {{- end }}
       {{- if .Values.replica.podSecurityContext.enabled }}
       securityContext: {{- omit .Values.replica.podSecurityContext "enabled" | toYaml | nindent 8 }}
       {{- end }}
-      automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
       serviceAccountName: {{ template "redis.serviceAccountName" . }}
       {{- if .Values.replica.priorityClassName }}
       priorityClassName: {{ .Values.replica.priorityClassName | quote }}

bitnami/redis/values.yaml

@@ -333,6 +333,9 @@ master:
   ## @param master.priorityClassName Redis® master pods' priorityClassName
   ##
   priorityClassName: ""
+  ## @param master.automountServiceAccountToken Mount Service Account token in pod
+  ##
+  automountServiceAccountToken: false
   ## @param master.hostAliases Redis® master pods host aliases
   ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
   ##
@@ -792,6 +795,9 @@ replica:
   ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
   ##
   podManagementPolicy: ""
+  ## @param replica.automountServiceAccountToken Mount Service Account token in pod
+  ##
+  automountServiceAccountToken: false
   ## @param replica.hostAliases Redis® replicas pods host aliases
   ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
   ##